Title: XP Antivirus 2012
Also known as: XPAntivirus2012, XPAntivirus 2012

Remove XP Antivirus 2012
Removal instructions

 
Severity scale:XP Antivirus 2012 severity is 68  (68 / 100)
 

XP Antivirus 2012 is a deceptive and quite sophisticated rogue anti-spyware program which applies the basic tricks of scams from this category. Though it declares to be a powerful virus remover, keep in mind that this program is the only one that needs to be eliminated because it reports invented viruses. To be more precise, XP Antivirus 2012 firstly will create numerous harmless files that it will drop in the infected computer’s system. Then this scam will pretend to scan your computer and immediately will report numerous viruses that in reality are nothing else but these earlier created files. Some of its alerts may state about Trojan-BNK.Win32.Keylogger.gen threat for making you scared to death and push into purchasing its license which will be offered additionally:

XP Antivrus 2012 Firewall Alert
XP Antivirus 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

Pay attention to the fact, that XP Antivirus 2012 is dangerous and has nothing to do with computer’s protection!

XP Antivirus 2012 program has been manipulating people into believing it is useful software. However, this rogue anti-spyware mostly penetrates into a random computer system without the user’s knowledge and approval and opens the backdoor of the system to let more threats or allow the scammers to reach your personal information. All this is done with a help of Trojans that infect vulnerable systems through fake video codecs and flash updates. As you can see, you should not believe XP Antivirus 2012 and its spyware detection reports as they are fabricated and have in fact nothing to do with the true condition of machine. Don’t buy this software though it will definitely promise to fix your computer, but remove XP Antivirus 2012.  Also, you can use one of these codes to register the rogue program: 2233-298080-3424, 1147-175591-6550, 3425-814615-3990 or 9443-077673-5028. Once activated, it won't block web browsers and anti-spyware software.

Automatic XP Antivirus 2012 removal:

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software to remove XP Antivirus 2012 you agree with our Privacy Policy and Agreement of Use.
SpyHunter is recommended remover to uninstall XP Antivirus 2012. You should confirm using free trial that it detects current version of parasite.

Note: Tested and Confirmed means that we have tested spyware remover with multiple versions of XP Antivirus 2012 and got the best results. There might be updated or modified version of particular parasite that require manual killing of parasite process or an update. In such case try other removers in the line.

Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

If you failed to remove XP Antivirus 2012 using SpyHunter, submit question to our support team and provide as much details as possible.
dot
Malwarebytes Anti Malware
download
manual required
Tested and Confirmed! Malwarebytes Anti Malware removes XP Antivirus 2012 (2011-06-08 14:20:49)
dot
STOPzilla
download
manual required
We are testing STOPzilla's efficiency at removing XP Antivirus 2012 (2011-11-28 14:18:22)
dot
XoftSpySE Anti Spyware
download
manual required
We are testing XoftSpySE Anti Spyware's efficiency at removing XP Antivirus 2012 (2011-11-28 14:18:22)
dot
Defender Pro Ultimate
download
manual required
We are testing Defender Pro Ultimate's efficiency at removing XP Antivirus 2012 (2011-11-28 14:18:22)

what to do if you failed to remove the infection?
Virus Removal
Phone Support
Help Line to remove XP Antivirus 2012
XP Antivirus 2012 snapshot:

XP Antivirus 2012 manual removal:

Kill processes:
[random characters].exe, like kdn.exe, ppn.exe or similar
MSASCui.exe
pw.exe
vz.exe
Delete registry values:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
Delete files:
%AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h
%LocalAppData%\kdn.exe
%LocalAppData%\u3f7pnvfncsjk2e86abfbj5h
%Temp%\u3f7pnvfncsjk2e86abfbj5h
%UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h
%UserProfile%\AppData\Local\opRSK
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\vz.exe
%UserProfile%\AppData\Local\MSASCui.exe

Geolocation of XP Antivirus 2012:

This map reveals the prevalence of XP Antivirus 2012. Countries and regions that have been affected the most are: Pakistan, India, Philippines, Indonesia and Argentina.

QR code for XP Antivirus 2012 removal instructions:

XP Antivirus 2012 qrcode
QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.

The reason we add QR code to the website is that parasites like XP Antivirus 2012 are really hard to remove on infected computer. you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall XP Antivirus 2012 right in your pocket.

Simply use the QR scanner and read removal instructions from mobile device.
Information added: 2011-06-08 14:20:49
Information updated: 2012-05-27 18:47:35

Additional resources:

Attention: If you know know a reputable website reated to security threats, please add a link here: add url

0
0
Beth
Just acquired this nasty beast. Theyve changed the kdn.exe file to ina.exe! The ONLY thing that Ive recently downloaded was an update for Adobe Reader. I was printing out some forms yesterday and encountered a popup for Adobe Flash (wasnt paying that much attention) and downloaded it. I logged off my pc soon after. Then this morning I was reading a UK newspaper (http://www.dailymail.co.uk/femail/article-1127035/Did-Sid-really-kill-Nancy--Explosive-new-evidence-suggests-punk-rocker-innocent.html) and thats when XP Antivirus 2012 starting running. Not sure if it was the website or the download.
Thank you, thank you thank you, for the manual removal guide! Much appreciated!
0
0
Malcolm
It did something to my Adobe Reader as well. Not sure if that was the entry point or not. Either way, be careful. I deleted the registry entries but the files were MIA.
0
0
DiggityDash
Regedit is not accesable. This new virus is blocking EVERY move Im suggested to make. Cannot access ANY ways to remove this crap. Blocks add or remove program, regedit, surfing online. Suggestions? I cannot get anywhere : (
0
0
Rain
DiggityDash,

I had the same problem except I couldnt even get online. I dunno if you have the same problem, but there was an application called "Privacy _____" ( I cant recall the name perfectly :/ ). I got into Safe Mode, got to the target, and deleted the file from the computer. Dont try add/remove programs -- it wont be there. Anyways, Ive been able to do everything since then. I just have this damn virus stuck on the computer now. So if thats your problem, try that?

Hope I was of some help.
0
0
Graham
I just restored my system to a time prior to infection and it seems to have done the trick
0
1
Damnthisantivirus
A safer way to remove this for me is to have another computer, download there, place in usb and install. Installation is luckily unblocked. Thats an alternative especially with low computer editing IQ. Experienced can decode acronyms and segregate files and registry that can destroy your personal being as an internet and computer user(the antivirus) from the system registry that literally destroy your computer. (the important ones that your pc needs to run) Be careful and cautious at all times. An experience may settle you and let you consider the risks. A minor problem. My browser then was I.E. It suddenly hang. I know for sure that when you end a process in the processes tab in task manager will immediately end it. (Instead of the tab where you see on the right side, Running and Not Responding.) Well, I saw the word
Explorer.exe, clicked then clicked the "End Process" button at the bottom. Well, what do you know, everything was gone. From the icons to the taskbar. I could only restart. I experimented again. I tried the 2 letter process IE.exe Sure enough it worked. You dont really know whats gonna harm you from what can help. My solution might ease. But dont expect a quick solution. As this is a damn antivirus.
1
0
Pete
Registry editor has been disabled by your system administrator. Now what?
0
0
Pete
This is a tricky son of a gun. I also believe I got from Adobe Flash update. I cannot edit registry nor system restore. I get messages that they have been disabled by a group policy by the domain administrator. How do you kill this thing? I have tried every safe mode, etc approach recommended with no success!
0
0
Pete
I also believe I got from Adobe Flash update. I cannot edit registry nor system restore. I get messages that they have been disabled by a group policy by the domain administrator. How do you kill this thing? I have tried every safe mode, etc approach recommended with no success!
1
0
Fiddystorms
Same Here, a fake adobe reader update. Apparently the fake updater is the virus injector. I skip that update for months and years sometimes, what made me press that update button Ill never know.
0
0
Kshot
I also seem to have acquired this nasty virus. I was finally able to regain control by starting in safe mode and performing a system restore from there as it blocked me from attempting that and anything else in the normal mode. I am not confident however that it is gone so I will likely download SpyDoctor and see if that helps.
0
0
JFairy189
So I woke up this morning and went to check my email. But before I could even click on the internet explorer, XP Antivirus 2012 just popped up out of the blue. I have several others folks living in my house, but I highly dout they were the cause of this. But if they were, they clearly must have falled for that fake Adobe Flash updater. I have seen this fake updater early in the week, but all I did was click remind me later or just exited out of it.

Anyways, I have seen this XP Antivirus 2012 scam product once before but it got a hold to my system after I went onto a website that clearly wasnt no good to be on; so in other words, pop up blockers... So I removed the product by my **REAL** virus remover progam and its been fine ever since.

But now its back on my PC so Im now using my laptop to look up the problem.
0
0
saver
if you cant open regedit then right click and press start it should open without the pop up im gonna be fighting this bitch virus tommorow ive been practicing though so yep
0
0
Ste
If you have trouble getting to the registy editor, try and find 2 processes in taskmanager by using google to find suspicious ones. (i had Gui.exe and another) Once these have been closed, Start > Run > regedit and itll start the process again but you should now have regedit open.
0
0
Suresh Mahajan
just you need to Download the “Malwarebytes Anti Malware software” file name is “mbam-setup-1.51.0.1200.exe”

Run the program and Scan the System….. it will remove all the spyware virus even in Trial Version. Restart the PC. 100% you PC will get rid from XP antivirus 2012.

No need to pay for “Malwarebytes Anti Malware software”…. to remove this fake XP antivirus 2012..

Surseh Mahajan
0
0
Kaylee
I tried removing it with Malwarebytes, but the scanner stops and freezes every time it hits a certain file, something ending with ".dll"
I heard .dll is the same as the .exe files on Windows, which is what this virus targets and shuts down. But, can you download a real antivirus software like Norton to a flash drive and install it onto your computer from that?

Thanks. :D
0
0
aaron
i have tried everything i can think of ive tried the rkill and redownloading malwarebytes i can get it on the download box but it wont load on the computer just freezes and wont load any ideas thanks
0
0
LD
Computer wont re-boot after using the remover for XP antivirus that is above!!!! We downloaded the version onto a USB from another computer and installed it into the infected PC. After it scanned, the computer froze on the wallpaper. We manually turned it off. Now when we turn it on, it just shows a black screen with a blinking cursor on the left upper corner. We tried tapping F8 repeatedly as we read on another site, but no luck. What do we do?????????????????????????
0
0
c
LD did u take the usb flash drive out b4 u turned it on? If it is left in the pc when u restart it will try to boot off of the flash drive. Unplug it then turn on pc.
0
0
c
I also tried to remove this with malwarebytes which removed it but now computer keeps restaring without going to windows. recovered pc and now im trying this manually with the instructions on the screen and will try the removal tool provided too.
0
0
anotherbsmith
XP Antivirus 2012 nailed me this morning, I believe it was a link from Drudge to a dailymail.co.uk news story. The first thing to pop up after a reboot was the XP Antivirus 2012 window and I knew I had been bit but did not click on the box at all. I opened task manager and noticed a ayo.exe running, ending it would make the XP Av window close. So my version required looking for ayo.exe in the above manual removal process.
Here is a Microsoft KB to help run regedit when the exe shell has been hijacked, http://support.microsoft.com/kb/555067. It worked like a charm in this case and I was able to modify the affected registry entries, delete the ayo.exe file (empty trash) and disabled then re-enabled system restore.
Thanks for this manual removal guide, I think it did the trick!
0
0
Paddy
Just removed of my fiancees laptop. came in with a fake adobe update.

To remove used tools autoruns and process explorer both available free on www.sysinternals.com. the website redirects you to a microsoft site as its been bought over. had to go into safe mode and stop the ejo file from loading with autoruns before rebooting the pc and then clearing out the files listed above. and checking all good with process explorer. process explorer is a very easy way to kill processes.
0
0
Mohamad
Thank you so much for helping me remove it! However, I still cant open exe files!
0
0
lia
same goes to me.. i remove the udu.exe but still cannot open the applications on my laptop
0
0
sai
this is very harm to system just it makes thre people fool dont use this antivirus
because of this i formatted my os
0
0
Lee2861
Avg will also get rid of it you just have to go into task manager and end the processe "fgh.exe"then run your anti virus also I noticed that it sets all of your browsers to connect to a proxy so you will have to change those settings
As well
0
0
Lee2861
Sorry "fgg.exe"
10
0
Derrick B
Or......
1. Shut down your computer
2. Turn computer back on and press F8 repeatedly until boot menu appears.
3. Select start windows in safe mode option
4. When windows finished loading, select Start, All Programs, Accessories,
System Tools, System Restore.
5. System restore will give you a bunch of dates you can restore to. Choose a date just before the virus infected your computer.
6. System restore will reset your computer to the settings it remembers for that date and will reboot when done.
7. Place middle finger up at the creators and distributors of this virus.

This worked for me using XP. Please note that all installations after the date selected will also be removed along with the virus. You may have to do some re-installing.
0
0
Alan
Thank you. This worked and only took three minutes.
0
0
BP
This is the only thing that worked for me. Thanks!
0
0
teri
Thank, thank you, thank you! My 10 year old commandeered my desk and clicked on lord knows what.
0
0
al
You rock!! I was able to restore up to the last thing that downloaded to my machine. I read one of the posts and my browser was also open and on Drudge Report.
0
0
Katherine
Thank you so very much!!!! This is the only thing that worked for me. And the creators and distributors of this virus got a double finger from me! :-)
0
0
Taylor
You. Are. The. Man. Thank you so much.
0
0
Ron
Thank you Alan for your fix. It took me a little while to get into safe mode and for the restore to complete but it looks good.
0
0
happy user
thank you so much! this method was simply and effective!!!
step 7 was my favorite step!
0
0
src
Concur with commenter noting source of dailymail.co.uk news story. Twice now I have been served the virus from this site. First about two weeks ago, again today. Will no longer be visiting this news site.
0
0
question mode
Is there a way to remove xp antivirus 2012?
0
0
dave
This thing can be removed by Malwarebytes Anti-Malware (free downloadable software which you should have on your computer). The trick is, it will block Anti-Malware (and many other exe files) from running. The way around this is to find and download a file called rkill. If you cant start your web browser, download rkill on another machine and run it from a thumb drive. Then you can run Anti-Malware and remove the infection.
0
0
kamran
Anti-Virus
0
0
David
Hey guys;
AV2012 and Firewall 2012 was blocking certain executables- what I did was find the executable running it (usually 3 letters, as in aaa.exe), search the Registry, and found it was set to execute every time someone double-clicked a .exe. Deleted it from registry in the four places- local user, local computer, etc. Then I could run normal scans- Malware and Spybot worked fine.
0
0
kylie
I got this on both my laptops after commenting via both on a story on the DAILYMAIL website. Completely KILLED my laptops, took them both down to the black screen w/cursor status. Had to reinstall everything, now cleaning up the extra leftovers. UGH @Dailymail.
0
0
jumi
Thanks to "7. by Derrick B. 2011-07-06 15:07:24"

i follow your system restore and now the company PC running smoothly and remove all the XP antivirus successfully..one thing i would like to know is this one = HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation "TLDUpdates" = 1

my registry keys have the values = 1 as well..shall i delete it?
it shows in the manual that i have to delete it..see "XP Antivirus 2012 manual removal:" Delete registry values:
HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation "TLDUpdates" = 1

any idea?anyway i have export my registry key so if lets say something wrong i can restore it by importing the registry key back..
0
0
juan diego velasco sanchez
necesito el antivirus
0
0
kumar
hai
2
0
Deerne
The malicious file was called "joy.exe: and "ping.exe" for me. End those using task manager, then run regedit and follow these steps. It works.

Dont download the program they suggest here because it requires you pay before deleting anything.
0
0
Pancho
running a restore from safe mode and installing mbam worked for me thanks very much
0
0
stepie82
it worked once registered problem gone thank you
0
0
jake13
i dunno if its the virus or just my shitty laptop but i cant even get into safe mode. any suggestions?
0
0
tai
wouldnt let me open system restore even when i had it on safe mode with networking .. i had to right click on system restore and run it like that - i believe it was triggered from a fake adobe update for me as well... even when i restarted my laptop again, the update came up so im not sure if i still have it?
0
0
MK
I wasnt on ANY site that I am not normally on. It seems to have came out of nowhere really. I had a PDF popup and I noticed my browser was downloading from PL-????????.com site. As SOON as I saw it was a Rogue application (Which I recognized from 2-3 years on a websites article)
I KNEW my antivirus would be removed. I figured since I didnt actually DL (In past you can close the browsers) I would be OKAY- and restarted it. Thats when I seen the AV was gone. I was so mad- that I would get a GUN and shoot the person who MADE this! LUCKILY I keep a SECOND Partition for emergency cases which is how im here now. I heard the MAKER if these are from GREECE.
Where is this thing HIDING?? I have looked and scanned my System and Windows folder? I CANT get rid of it-if I cant find it? What I learn I will post on the XP Support Site too
http://winxp76.webs.com
Again- whoever made thsi should NEVER be let out of JAIL-EVER!
1
0
Calvin
this totally worked!
thank you so much!
0
0
Emmie
I manually removed this as it continued to close mozilla. Instructions worked a treat. Also mine was referred to as utt.exe
0
0
daz
I deleted those said files from my registery which worked and got rid of the anti virus 2012 but i could no longer open any icons or exes which means i had a new problem from removing the anti virus if this happens to you use this link and scroll down a quarter of the way down the page where there is a link that resets your registery settings. http://filext.com/faq/broken_exe_association.php
0
0
Got it while @ Fallout Wiki
For all peeps deleting files and registry entries....TRY DERRICKs METHOD USING SYSTEM RESTORE FROM SAFE MODE FIRST ! It worked perfectly for me (WinXP SP3) in less than 5 minutes. If this doesnt work you can still try the manual procedure.

" 1. Shut down your computer
2. Turn computer back on and press F8 repeatedly until boot menu appears.
3. Select start windows in safe mode option
4. When windows finished loading, select Start, All Programs, Accessories,
System Tools, System Restore.
5. System restore will give you a bunch of dates you can restore to. Choose a date just before the virus infected your computer.
6. System restore will reset your computer to the settings it remembers for that date and will reboot when done.
7. Place middle finger up at the creators and distributors of this virus."

Thank you Derrick for your post !
0
0
sloanco
Hope it works Derrick, Im at my wits end
0
0
kayak26143
i cant shake this thing ive tried several diffrent things nothing works. it wont let me load any web pages to reinstall malwarebytes system restore dosent work i get system restore is not able to protect your computer everytime i try to run it.any ideas please
0
0
Jon
I think I ended up getting this from a fake adobe update. I wasnt paying much attention and clicked update and it ended up saying an error or something so I just closed it and ignored it. Then later the antivirus 2012 popped out. Easy to remove,just try following this guide,system restore,try running malware bytes in safe mode. Make sure u get rid of the whole thing otherwise it wil install itself again.
0
0
Shannon Alexander
My mum just went to bed and I got on the computer... only to have this crap pop up... I worry about her sometimes...
0
0
Shannon Alexander
Thank god for Malware Bytes anti malware... I havent rebooted the system yet but it looked like it got it all
0
0
ANIL KUMAR JANGIR
ANIL KUMAR JANGIR$%JAGDISH PARASD
0
0
Matt M
I have seen and removed various incarnations of this malware on a multitude of machines. It seems to be a bit harder to track and remove it each time I encounter it. The thing I have noticed is that it seems to be auto downloaded to your machine from various sites that fool the user into thinking there is a picture of something they were looking for. As an example, one of my sons was looking for a picture to go into a school report when he got this nasty bug. I thought he was up to no good on the internet, looking at things he was not supposed to be looking at. Well two days later I got the same malware while looking up random car photos using the image search in google.. Serves me right for doubting his word. I have helped others remove this thing off of their machines as well and they all seemed to get it from clicking on links from random websites. The other thing is, no matter what AV people are using, this one gets right past it. Is there any anti-virus that catches this as it tries to download to your machine?
0
0
Art Vanderbie
Tried to do a manual removal, but couldnt figure it out. Just installed Webroot Antivirus 2012 and its gone!
0
0
B0SSMAN
IF your really savy, then you would have a backup of your files, and then you could just re install windows, its far easier than going through this process
0
0
leyjania
quisiera utilizar el antivirus
0
0
josephbrown
Thanks for this post, i will try that.

Post Comment:

Attention: Use this form only if you have additional information about XP Antivirus 2012 parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
Home page Name



«


* All field required
Like us on Facebook
Latest spyware news:
Subscribe to spyware news
Please enter your e-mail address:
If you do not want to receive our spyware
newsletter please unsubscribe here
48635 Subscribers
Ask us
I failed to remove XP Antivirus 2012 using SpyHunter.

Email


Close

Spreading the knowledge:

It is very hard to fight against computer parasites on the Internet alone. If you have a website, we would be more than happy if you would like to cooperate and help us spread the information about latest threats. Remember, knowledge is the most powerful weapon. Help your visitors protect their computers!
add text box
rss feed
help other