Severity scale:  

XP Antivirus 2012. How to remove? (Uninstall guide)

removal by Gabriel E. Hall - -   Also known as XPAntivirus2012, XPAntivirus 2012 | Type: Rogue Antispyware

XP Antivirus 2012 is a deceptive and quite sophisticated rogue anti-spyware program which applies the basic tricks of scams from this category. Though it declares to be a powerful virus remover, keep in mind that this program is the only one that needs to be eliminated because it reports invented viruses. To be more precise, XP Antivirus 2012 firstly will create numerous harmless files that it will drop in the infected computer’s system. Then this scam will pretend to scan your computer and immediately will report numerous viruses that in reality are nothing else but these earlier created files. Some of its alerts may state about Trojan-BNK.Win32.Keylogger.gen threat for making you scared to death and push into purchasing its license which will be offered additionally:

XP Antivrus 2012 Firewall Alert
XP Antivirus 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

Pay attention to the fact, that XP Antivirus 2012 is dangerous and has nothing to do with computer’s protection!

XP Antivirus 2012 program has been manipulating people into believing it is useful software. However, this rogue anti-spyware mostly penetrates into a random computer system without the user’s knowledge and approval and opens the backdoor of the system to let more threats or allow the scammers to reach your personal information. All this is done with a help of Trojans that infect vulnerable systems through fake video codecs and flash updates. As you can see, you should not believe XP Antivirus 2012 and its spyware detection reports as they are fabricated and have in fact nothing to do with the true condition of machine. Don’t buy this software though it will definitely promise to fix your computer, but remove XP Antivirus 2012. Also, you can use one of these codes to register the rogue program: 2233-298080-3424, 1147-175591-6550, 3425-814615-3990 or 9443-077673-5028. Once activated, it won't block web browsers and anti-spyware software.

do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions

  1. Beth says:
    June 14th, 2011 at 8:06 am

    Just acquired this nasty beast. Theyve changed the kdn.exe file to ina.exe! The ONLY thing that Ive recently downloaded was an update for Adobe Reader. I was printing out some forms yesterday and encountered a popup for Adobe Flash (wasnt paying that much attention) and downloaded it. I logged off my pc soon after. Then this morning I was reading a UK newspaper (–Explosive-new-evidence-suggests-punk-rocker-innocent.html) and thats when XP Antivirus 2012 starting running. Not sure if it was the website or the download.
    Thank you, thank you thank you, for the manual removal guide! Much appreciated!

  2. Malcolm says:
    December 9th, 2011 at 12:30 pm

    It did something to my Adobe Reader as well. Not sure if that was the entry point or not. Either way, be careful. I deleted the registry entries but the files were MIA.

  3. DiggityDash says:
    June 14th, 2011 at 10:06 am

    Regedit is not accesable. This new virus is blocking EVERY move Im suggested to make. Cannot access ANY ways to remove this crap. Blocks add or remove program, regedit, surfing online. Suggestions? I cannot get anywhere : (

  4. Rain says:
    December 11th, 2011 at 2:30 am


    I had the same problem except I couldnt even get online. I dunno if you have the same problem, but there was an application called “Privacy _____” ( I cant recall the name perfectly :/ ). I got into Safe Mode, got to the target, and deleted the file from the computer. Dont try add/remove programs — it wont be there. Anyways, Ive been able to do everything since then. I just have this damn virus stuck on the computer now. So if thats your problem, try that?

    Hope I was of some help.

  5. Graham says:
    June 15th, 2011 at 9:06 am

    I just restored my system to a time prior to infection and it seems to have done the trick

  6. Damnthisantivirus says:
    June 15th, 2011 at 9:06 am

    A safer way to remove this for me is to have another computer, download there, place in usb and install. Installation is luckily unblocked. Thats an alternative especially with low computer editing IQ. Experienced can decode acronyms and segregate files and registry that can destroy your personal being as an internet and computer user(the antivirus) from the system registry that literally destroy your computer. (the important ones that your pc needs to run) Be careful and cautious at all times. An experience may settle you and let you consider the risks. A minor problem. My browser then was I.E. It suddenly hang. I know for sure that when you end a process in the processes tab in task manager will immediately end it. (Instead of the tab where you see on the right side, Running and Not Responding.) Well, I saw the word
    Explorer.exe, clicked then clicked the “End Process” button at the bottom. Well, what do you know, everything was gone. From the icons to the taskbar. I could only restart. I experimented again. I tried the 2 letter process IE.exe Sure enough it worked. You dont really know whats gonna harm you from what can help. My solution might ease. But dont expect a quick solution. As this is a damn antivirus.

  7. Pete says:
    June 16th, 2011 at 8:06 am

    Registry editor has been disabled by your system administrator. Now what?

  8. Pete says:
    June 16th, 2011 at 8:06 am

    I also believe I got from Adobe Flash update. I cannot edit registry nor system restore. I get messages that they have been disabled by a group policy by the domain administrator. How do you kill this thing? I have tried every safe mode, etc approach recommended with no success!

  9. Pete says:
    June 16th, 2011 at 8:06 am

    This is a tricky son of a gun. I also believe I got from Adobe Flash update. I cannot edit registry nor system restore. I get messages that they have been disabled by a group policy by the domain administrator. How do you kill this thing? I have tried every safe mode, etc approach recommended with no success!

  10. Fiddystorms says:
    June 18th, 2011 at 10:06 am

    Same Here, a fake adobe reader update. Apparently the fake updater is the virus injector. I skip that update for months and years sometimes, what made me press that update button Ill never know.

  11. Kshot says:
    June 18th, 2011 at 11:06 am

    I also seem to have acquired this nasty virus. I was finally able to regain control by starting in safe mode and performing a system restore from there as it blocked me from attempting that and anything else in the normal mode. I am not confident however that it is gone so I will likely download SpyDoctor and see if that helps.

  12. JFairy189 says:
    June 18th, 2011 at 1:06 pm

    So I woke up this morning and went to check my email. But before I could even click on the internet explorer, XP Antivirus 2012 just popped up out of the blue. I have several others folks living in my house, but I highly dout they were the cause of this. But if they were, they clearly must have falled for that fake Adobe Flash updater. I have seen this fake updater early in the week, but all I did was click remind me later or just exited out of it.

    Anyways, I have seen this XP Antivirus 2012 scam product once before but it got a hold to my system after I went onto a website that clearly wasnt no good to be on; so in other words, pop up blockers… So I removed the product by my **REAL** virus remover progam and its been fine ever since.

    But now its back on my PC so Im now using my laptop to look up the problem.

  13. saver says:
    June 20th, 2011 at 1:06 am

    if you cant open regedit then right click and press start it should open without the pop up im gonna be fighting this bitch virus tommorow ive been practicing though so yep

  14. Ste says:
    June 20th, 2011 at 9:06 am

    If you have trouble getting to the registy editor, try and find 2 processes in taskmanager by using google to find suspicious ones. (i had Gui.exe and another) Once these have been closed, Start > Run > regedit and itll start the process again but you should now have regedit open.

  15. Suresh Mahajan says:
    June 21st, 2011 at 12:06 am

    just you need to Download the “Malwarebytes Anti Malware software” file name is “mbam-setup-”

    Run the program and Scan the System….. it will remove all the spyware virus even in Trial Version. Restart the PC. 100% you PC will get rid from XP antivirus 2012.

    No need to pay for “Malwarebytes Anti Malware software”…. to remove this fake XP antivirus 2012..

    Surseh Mahajan

  16. Kaylee says:
    January 3rd, 2012 at 10:14 am

    I tried removing it with Malwarebytes, but the scanner stops and freezes every time it hits a certain file, something ending with “.dll”
    I heard .dll is the same as the .exe files on Windows, which is what this virus targets and shuts down. But, can you download a real antivirus software like Norton to a flash drive and install it onto your computer from that?

    Thanks. 😀

  17. aaron says:
    January 8th, 2012 at 3:29 pm

    i have tried everything i can think of ive tried the rkill and redownloading malwarebytes i can get it on the download box but it wont load on the computer just freezes and wont load any ideas thanks

  18. LD says:
    June 21st, 2011 at 8:06 pm

    Computer wont re-boot after using the remover for XP antivirus that is above!!!! We downloaded the version onto a USB from another computer and installed it into the infected PC. After it scanned, the computer froze on the wallpaper. We manually turned it off. Now when we turn it on, it just shows a black screen with a blinking cursor on the left upper corner. We tried tapping F8 repeatedly as we read on another site, but no luck. What do we do?????????????????????????

  19. c says:
    June 22nd, 2011 at 10:06 pm

    LD did u take the usb flash drive out b4 u turned it on? If it is left in the pc when u restart it will try to boot off of the flash drive. Unplug it then turn on pc.

  20. c says:
    June 22nd, 2011 at 11:06 pm

    I also tried to remove this with malwarebytes which removed it but now computer keeps restaring without going to windows. recovered pc and now im trying this manually with the instructions on the screen and will try the removal tool provided too.

  21. anotherbsmith says:
    June 23rd, 2011 at 11:06 am

    XP Antivirus 2012 nailed me this morning, I believe it was a link from Drudge to a news story. The first thing to pop up after a reboot was the XP Antivirus 2012 window and I knew I had been bit but did not click on the box at all. I opened task manager and noticed a ayo.exe running, ending it would make the XP Av window close. So my version required looking for ayo.exe in the above manual removal process.
    Here is a Microsoft KB to help run regedit when the exe shell has been hijacked, It worked like a charm in this case and I was able to modify the affected registry entries, delete the ayo.exe file (empty trash) and disabled then re-enabled system restore.
    Thanks for this manual removal guide, I think it did the trick!

  22. Paddy says:
    June 24th, 2011 at 4:06 pm

    Just removed of my fiancees laptop. came in with a fake adobe update.

    To remove used tools autoruns and process explorer both available free on the website redirects you to a microsoft site as its been bought over. had to go into safe mode and stop the ejo file from loading with autoruns before rebooting the pc and then clearing out the files listed above. and checking all good with process explorer. process explorer is a very easy way to kill processes.

  23. Mohamad says:
    June 24th, 2011 at 6:06 pm

    Thank you so much for helping me remove it! However, I still cant open exe files!

  24. lia says:
    January 16th, 2012 at 1:27 am

    same goes to me.. i remove the udu.exe but still cannot open the applications on my laptop

  25. sai says:
    June 30th, 2011 at 11:06 pm

    this is very harm to system just it makes thre people fool dont use this antivirus
    because of this i formatted my os

  26. Lee2861 says:
    July 1st, 2011 at 7:07 pm

    Avg will also get rid of it you just have to go into task manager and end the processe “fgh.exe”then run your anti virus also I noticed that it sets all of your browsers to connect to a proxy so you will have to change those settings
    As well

  27. Lee2861 says:
    July 1st, 2011 at 7:07 pm

    Sorry “fgg.exe”

  28. Derrick B says:
    July 6th, 2011 at 3:07 pm

    1. Shut down your computer
    2. Turn computer back on and press F8 repeatedly until boot menu appears.
    3. Select start windows in safe mode option
    4. When windows finished loading, select Start, All Programs, Accessories,
    System Tools, System Restore.
    5. System restore will give you a bunch of dates you can restore to. Choose a date just before the virus infected your computer.
    6. System restore will reset your computer to the settings it remembers for that date and will reboot when done.
    7. Place middle finger up at the creators and distributors of this virus.

    This worked for me using XP. Please note that all installations after the date selected will also be removed along with the virus. You may have to do some re-installing.

  29. Alan says:
    November 29th, 2011 at 7:07 am

    Thank you. This worked and only took three minutes.

  30. BP says:
    December 3rd, 2011 at 12:28 am

    This is the only thing that worked for me. Thanks!

  31. teri says:
    December 3rd, 2011 at 7:09 pm

    Thank, thank you, thank you! My 10 year old commandeered my desk and clicked on lord knows what.

  32. al says:
    December 16th, 2011 at 1:52 pm

    You rock!! I was able to restore up to the last thing that downloaded to my machine. I read one of the posts and my browser was also open and on Drudge Report.

  33. Katherine says:
    December 21st, 2011 at 2:39 pm

    Thank you so very much!!!! This is the only thing that worked for me. And the creators and distributors of this virus got a double finger from me! 🙂

  34. Taylor says:
    December 25th, 2011 at 12:22 am

    You. Are. The. Man. Thank you so much.

  35. Ron says:
    January 3rd, 2012 at 2:11 am

    Thank you Alan for your fix. It took me a little while to get into safe mode and for the restore to complete but it looks good.

  36. happy user says:
    January 30th, 2012 at 10:20 pm

    thank you so much! this method was simply and effective!!!
    step 7 was my favorite step!

  37. src says:
    July 10th, 2011 at 9:07 am

    Concur with commenter noting source of news story. Twice now I have been served the virus from this site. First about two weeks ago, again today. Will no longer be visiting this news site.

  38. question mode says:
    July 11th, 2011 at 3:07 am

    Is there a way to remove xp antivirus 2012?

  39. dave says:
    July 17th, 2011 at 9:07 am

    This thing can be removed by Malwarebytes Anti-Malware (free downloadable software which you should have on your computer). The trick is, it will block Anti-Malware (and many other exe files) from running. The way around this is to find and download a file called rkill. If you cant start your web browser, download rkill on another machine and run it from a thumb drive. Then you can run Anti-Malware and remove the infection.

  40. David says:
    July 27th, 2011 at 10:07 am

    Hey guys;
    AV2012 and Firewall 2012 was blocking certain executables- what I did was find the executable running it (usually 3 letters, as in aaa.exe), search the Registry, and found it was set to execute every time someone double-clicked a .exe. Deleted it from registry in the four places- local user, local computer, etc. Then I could run normal scans- Malware and Spybot worked fine.

  41. kylie says:
    August 5th, 2011 at 6:08 pm

    I got this on both my laptops after commenting via both on a story on the DAILYMAIL website. Completely KILLED my laptops, took them both down to the black screen w/cursor status. Had to reinstall everything, now cleaning up the extra leftovers. UGH @Dailymail.

  42. jumi says:
    August 10th, 2011 at 9:08 pm

    Thanks to “7. by Derrick B. 2011-07-06 15:07:24”

    i follow your system restore and now the company PC running smoothly and remove all the XP antivirus thing i would like to know is this one = HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation “TLDUpdates” = 1

    my registry keys have the values = 1 as well..shall i delete it?
    it shows in the manual that i have to delete it..see “XP Antivirus 2012 manual removal:” Delete registry values:
    HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation “TLDUpdates” = 1

    any idea?anyway i have export my registry key so if lets say something wrong i can restore it by importing the registry key back..

  43. juan diego velasco sanchez says:
    September 1st, 2011 at 7:09 pm

    necesito el antivirus

  44. Deerne says:
    November 27th, 2011 at 7:02 pm

    The malicious file was called “joy.exe: and “ping.exe” for me. End those using task manager, then run regedit and follow these steps. It works.

    Dont download the program they suggest here because it requires you pay before deleting anything.

  45. Pancho says:
    December 5th, 2011 at 9:30 pm

    running a restore from safe mode and installing mbam worked for me thanks very much

  46. stepie82 says:
    December 12th, 2011 at 3:37 pm

    it worked once registered problem gone thank you

  47. jake13 says:
    December 13th, 2011 at 2:50 pm

    i dunno if its the virus or just my shitty laptop but i cant even get into safe mode. any suggestions?

  48. tai says:
    December 17th, 2011 at 2:31 am

    wouldnt let me open system restore even when i had it on safe mode with networking .. i had to right click on system restore and run it like that – i believe it was triggered from a fake adobe update for me as well… even when i restarted my laptop again, the update came up so im not sure if i still have it?

  49. MK says:
    December 19th, 2011 at 3:04 pm

    I wasnt on ANY site that I am not normally on. It seems to have came out of nowhere really. I had a PDF popup and I noticed my browser was downloading from PL-????????.com site. As SOON as I saw it was a Rogue application (Which I recognized from 2-3 years on a websites article)
    I KNEW my antivirus would be removed. I figured since I didnt actually DL (In past you can close the browsers) I would be OKAY- and restarted it. Thats when I seen the AV was gone. I was so mad- that I would get a GUN and shoot the person who MADE this! LUCKILY I keep a SECOND Partition for emergency cases which is how im here now. I heard the MAKER if these are from GREECE.
    Where is this thing HIDING?? I have looked and scanned my System and Windows folder? I CANT get rid of it-if I cant find it? What I learn I will post on the XP Support Site too
    Again- whoever made thsi should NEVER be let out of JAIL-EVER!

  50. Calvin says:
    December 20th, 2011 at 12:04 am

    this totally worked!
    thank you so much!

  51. Emmie says:
    December 20th, 2011 at 3:30 am

    I manually removed this as it continued to close mozilla. Instructions worked a treat. Also mine was referred to as utt.exe

  52. daz says:
    December 20th, 2011 at 7:57 am

    I deleted those said files from my registery which worked and got rid of the anti virus 2012 but i could no longer open any icons or exes which means i had a new problem from removing the anti virus if this happens to you use this link and scroll down a quarter of the way down the page where there is a link that resets your registery settings.

  53. Got it while @ Fallout Wiki says:
    December 27th, 2011 at 9:19 pm

    For all peeps deleting files and registry entries….TRY DERRICKs METHOD USING SYSTEM RESTORE FROM SAFE MODE FIRST ! It worked perfectly for me (WinXP SP3) in less than 5 minutes. If this doesnt work you can still try the manual procedure.

    ” 1. Shut down your computer
    2. Turn computer back on and press F8 repeatedly until boot menu appears.
    3. Select start windows in safe mode option
    4. When windows finished loading, select Start, All Programs, Accessories,
    System Tools, System Restore.
    5. System restore will give you a bunch of dates you can restore to. Choose a date just before the virus infected your computer.
    6. System restore will reset your computer to the settings it remembers for that date and will reboot when done.
    7. Place middle finger up at the creators and distributors of this virus.”

    Thank you Derrick for your post !

  54. sloanco says:
    January 4th, 2012 at 12:16 pm

    Hope it works Derrick, Im at my wits end

  55. kayak26143 says:
    January 8th, 2012 at 1:16 pm

    i cant shake this thing ive tried several diffrent things nothing works. it wont let me load any web pages to reinstall malwarebytes system restore dosent work i get system restore is not able to protect your computer everytime i try to run it.any ideas please

  56. Jon says:
    January 16th, 2012 at 3:28 pm

    I think I ended up getting this from a fake adobe update. I wasnt paying much attention and clicked update and it ended up saying an error or something so I just closed it and ignored it. Then later the antivirus 2012 popped out. Easy to remove,just try following this guide,system restore,try running malware bytes in safe mode. Make sure u get rid of the whole thing otherwise it wil install itself again.

  57. Shannon Alexander says:
    February 17th, 2012 at 9:08 am

    My mum just went to bed and I got on the computer… only to have this crap pop up… I worry about her sometimes…

  58. Shannon Alexander says:
    February 17th, 2012 at 9:23 am

    Thank god for Malware Bytes anti malware… I havent rebooted the system yet but it looked like it got it all

    April 28th, 2012 at 7:22 pm


  60. Matt M says:
    April 30th, 2012 at 11:06 pm

    I have seen and removed various incarnations of this malware on a multitude of machines. It seems to be a bit harder to track and remove it each time I encounter it. The thing I have noticed is that it seems to be auto downloaded to your machine from various sites that fool the user into thinking there is a picture of something they were looking for. As an example, one of my sons was looking for a picture to go into a school report when he got this nasty bug. I thought he was up to no good on the internet, looking at things he was not supposed to be looking at. Well two days later I got the same malware while looking up random car photos using the image search in google.. Serves me right for doubting his word. I have helped others remove this thing off of their machines as well and they all seemed to get it from clicking on links from random websites. The other thing is, no matter what AV people are using, this one gets right past it. Is there any anti-virus that catches this as it tries to download to your machine?

  61. Art Vanderbie says:
    May 4th, 2012 at 9:46 am

    Tried to do a manual removal, but couldnt figure it out. Just installed Webroot Antivirus 2012 and its gone!

  62. B0SSMAN says:
    May 27th, 2012 at 6:47 pm

    IF your really savy, then you would have a backup of your files, and then you could just re install windows, its far easier than going through this process

  63. leyjania says:
    August 13th, 2012 at 1:02 am

    quisiera utilizar el antivirus

  64. josephbrown says:
    December 17th, 2012 at 2:46 am

    Thanks for this post, i will try that.

Your opinion regarding XP Antivirus 2012