XP Security 2012 is a fake security program that pretends to be a malware removal tool. This rogue anti-spyware usually comes unnoticeably without any permission asked, so if you find XP Security 2012 on your computer you are most likely to have got it through a Trojan. These Trojans not only install this fake anti-spyware thing but also change the Registry and drop fake random files which later are detected as malware.
Security experts announce that when installed on different OS, XP Security 2012 appears in different name, though the malcode stays the same. So, when using Win 7 Antispyware name, the trial version of this parasite infects only Windows XP OS. Installed without any knowledge and consent, program firstly applies the tactics typical for this type of malware. It usually triggers fabricated general system scans that return the results which can be easily predetermined. Don’t get surprised after being informed that various threats of different severity are detected, please ignore such alerts:
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.
XP Security 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?
XP Security 2012 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
– Dangerous code found in this site’s pages which installed unwanted software into your system.
– Suspicious and potentially unsafe network activity detected.
– Spyware infections in your system
– Complaints from other users about this site.
– Port and system scans performed by the site being visited.
Things you can do:
– Get a copy of Vista Security 2012 to safeguard your PC while surfing the web (RECOMMENDED)
– Run a spyware, virus and malware scan
– Continue surfing without any security measures (DANGEROUS)
XP Security 2012 also generates fake positives that report infections that are expected to make you doubt about your PC security. Keep in mind that clicking on any pop-up add will automatically get you into XP Security 2012 “official” website. These sites must be avoided because they only aggressively promote its “full” commercial version. Don’t buy this scam, because you will only support the scammers. Having XP Security 2012 “licensed” version is useless because it will lead you into finding your computer dramatically slow and vunerable to other viruses. To sum up, it must be clear that XP Security 2012 must be removed as soon as possible, so please, don’t waste any minute and delete this scam. Also, you can use one of these codes 3425-814615-3990, 2233-298080-3424 or 9443-077673-5028 to register the rogue program. Once activated, it won't block web browsers and anti-spyware software.
XP Security 2012 manual removal:
kdn.exe, ppn.exe and similar, three or more letter randomly named , processes
Delete registry values:
HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'
HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'
HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe"'
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode'
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesInternet Exploreriexplore.exe"'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = '1'