XP Antivirus 2012 is a deceptive and quite sophisticated rogue anti-spyware program which applies the basic tricks of scams from this category. Though it declares to be a powerful virus remover, keep in mind that this program is the only one that needs to be eliminated because it reports invented viruses. To be more precise, XP Antivirus 2012 firstly will create numerous harmless files that it will drop in the infected computer’s system. Then this scam will pretend to scan your computer and immediately will report numerous viruses that in reality are nothing else but these earlier created files. Some of its alerts may state about Trojan-BNK.Win32.Keylogger.gen threat for making you scared to death and push into purchasing its license which will be offered additionally:
XP Antivrus 2012 Firewall Alert
XP Antivirus 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.
System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.
Pay attention to the fact, that XP Antivirus 2012 is dangerous and has nothing to do with computer’s protection!
XP Antivirus 2012 program has been manipulating people into believing it is useful software. However, this rogue anti-spyware mostly penetrates into a random computer system without the user’s knowledge and approval and opens the backdoor of the system to let more threats or allow the scammers to reach your personal information. All this is done with a help of Trojans that infect vulnerable systems through fake video codecs and flash updates. As you can see, you should not believe XP Antivirus 2012 and its spyware detection reports as they are fabricated and have in fact nothing to do with the true condition of machine. Don’t buy this software though it will definitely promise to fix your computer, but remove XP Antivirus 2012. Also, you can use one of these codes to register the rogue program: 2233-298080-3424, 1147-175591-6550, 3425-814615-3990 or 9443-077673-5028. Once activated, it won't block web browsers and anti-spyware software.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use.
By Downloading any provided Anti-spyware software to remove XP Antivirus 2012 you agree to our
privacy policy and
agreement of use.
XP Antivirus 2012 manual removal:
Kill processes:
[random characters].exe, like kdn.exe, ppn.exe or similar
MSASCui.exe
pw.exe
vz.exe
Delete registry values:HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
Delete files:%AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h
%LocalAppData%\kdn.exe
%LocalAppData%\u3f7pnvfncsjk2e86abfbj5h
%Temp%\u3f7pnvfncsjk2e86abfbj5h
%UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h
%UserProfile%\AppData\Local\opRSK
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\vz.exe
%UserProfile%\AppData\Local\MSASCui.exe
(68 / 100)
ASK US:
HELP:
|
Follow us 
|
Like us 
Thank you, thank you thank you, for the manual removal guide! Much appreciated!
I had the same problem except I couldnt even get online. I dunno if you have the same problem, but there was an application called "Privacy _____" ( I cant recall the name perfectly :/ ). I got into Safe Mode, got to the target, and deleted the file from the computer. Dont try add/remove programs -- it wont be there. Anyways, Ive been able to do everything since then. I just have this damn virus stuck on the computer now. So if thats your problem, try that?
Hope I was of some help.
Explorer.exe, clicked then clicked the "End Process" button at the bottom. Well, what do you know, everything was gone. From the icons to the taskbar. I could only restart. I experimented again. I tried the 2 letter process IE.exe Sure enough it worked. You dont really know whats gonna harm you from what can help. My solution might ease. But dont expect a quick solution. As this is a damn antivirus.
Anyways, I have seen this XP Antivirus 2012 scam product once before but it got a hold to my system after I went onto a website that clearly wasnt no good to be on; so in other words, pop up blockers... So I removed the product by my **REAL** virus remover progam and its been fine ever since.
But now its back on my PC so Im now using my laptop to look up the problem.
Run the program and Scan the System….. it will remove all the spyware virus even in Trial Version. Restart the PC. 100% you PC will get rid from XP antivirus 2012.
No need to pay for “Malwarebytes Anti Malware software”…. to remove this fake XP antivirus 2012..
Surseh Mahajan
I heard .dll is the same as the .exe files on Windows, which is what this virus targets and shuts down. But, can you download a real antivirus software like Norton to a flash drive and install it onto your computer from that?
Thanks. :D
Here is a Microsoft KB to help run regedit when the exe shell has been hijacked, http://support.microsoft.com/kb/555067. It worked like a charm in this case and I was able to modify the affected registry entries, delete the ayo.exe file (empty trash) and disabled then re-enabled system restore.
Thanks for this manual removal guide, I think it did the trick!
To remove used tools autoruns and process explorer both available free on www.sysinternals.com. the website redirects you to a microsoft site as its been bought over. had to go into safe mode and stop the ejo file from loading with autoruns before rebooting the pc and then clearing out the files listed above. and checking all good with process explorer. process explorer is a very easy way to kill processes.
because of this i formatted my os
As well
1. Shut down your computer
2. Turn computer back on and press F8 repeatedly until boot menu appears.
3. Select start windows in safe mode option
4. When windows finished loading, select Start, All Programs, Accessories,
System Tools, System Restore.
5. System restore will give you a bunch of dates you can restore to. Choose a date just before the virus infected your computer.
6. System restore will reset your computer to the settings it remembers for that date and will reboot when done.
7. Place middle finger up at the creators and distributors of this virus.
This worked for me using XP. Please note that all installations after the date selected will also be removed along with the virus. You may have to do some re-installing.
step 7 was my favorite step!
AV2012 and Firewall 2012 was blocking certain executables- what I did was find the executable running it (usually 3 letters, as in aaa.exe), search the Registry, and found it was set to execute every time someone double-clicked a .exe. Deleted it from registry in the four places- local user, local computer, etc. Then I could run normal scans- Malware and Spybot worked fine.
i follow your system restore and now the company PC running smoothly and remove all the XP antivirus successfully..one thing i would like to know is this one = HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation "TLDUpdates" = 1
my registry keys have the values = 1 as well..shall i delete it?
it shows in the manual that i have to delete it..see "XP Antivirus 2012 manual removal:" Delete registry values:
HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation "TLDUpdates" = 1
any idea?anyway i have export my registry key so if lets say something wrong i can restore it by importing the registry key back..
Dont download the program they suggest here because it requires you pay before deleting anything.
I KNEW my antivirus would be removed. I figured since I didnt actually DL (In past you can close the browsers) I would be OKAY- and restarted it. Thats when I seen the AV was gone. I was so mad- that I would get a GUN and shoot the person who MADE this! LUCKILY I keep a SECOND Partition for emergency cases which is how im here now. I heard the MAKER if these are from GREECE.
Where is this thing HIDING?? I have looked and scanned my System and Windows folder? I CANT get rid of it-if I cant find it? What I learn I will post on the XP Support Site too
http://winxp76.webs.com
Again- whoever made thsi should NEVER be let out of JAIL-EVER!
thank you so much!
" 1. Shut down your computer
2. Turn computer back on and press F8 repeatedly until boot menu appears.
3. Select start windows in safe mode option
4. When windows finished loading, select Start, All Programs, Accessories,
System Tools, System Restore.
5. System restore will give you a bunch of dates you can restore to. Choose a date just before the virus infected your computer.
6. System restore will reset your computer to the settings it remembers for that date and will reboot when done.
7. Place middle finger up at the creators and distributors of this virus."
Thank you Derrick for your post !
Post Comment: