Severity scale:  
  (68/100)

XP Antivirus 2012. How to remove? (Uninstall guide)

removal by Gabriel E. Hall - -   Also known as XPAntivirus2012, XPAntivirus 2012 | Type: Rogue Antispyware

XP Antivirus 2012 is a deceptive and quite sophisticated rogue anti-spyware program which applies the basic tricks of scams from this category. Though it declares to be a powerful virus remover, keep in mind that this program is the only one that needs to be eliminated because it reports invented viruses. To be more precise, XP Antivirus 2012 firstly will create numerous harmless files that it will drop in the infected computer’s system. Then this scam will pretend to scan your computer and immediately will report numerous viruses that in reality are nothing else but these earlier created files. Some of its alerts may state about Trojan-BNK.Win32.Keylogger.gen threat for making you scared to death and push into purchasing its license which will be offered additionally:

XP Antivrus 2012 Firewall Alert
XP Antivirus 2012 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

Pay attention to the fact, that XP Antivirus 2012 is dangerous and has nothing to do with computer’s protection!

XP Antivirus 2012 program has been manipulating people into believing it is useful software. However, this rogue anti-spyware mostly penetrates into a random computer system without the user’s knowledge and approval and opens the backdoor of the system to let more threats or allow the scammers to reach your personal information. All this is done with a help of Trojans that infect vulnerable systems through fake video codecs and flash updates. As you can see, you should not believe XP Antivirus 2012 and its spyware detection reports as they are fabricated and have in fact nothing to do with the true condition of machine. Don’t buy this software though it will definitely promise to fix your computer, but remove XP Antivirus 2012. Also, you can use one of these codes to register the rogue program: 2233-298080-3424, 1147-175591-6550, 3425-814615-3990 or 9443-077673-5028. Once activated, it won't block web browsers and anti-spyware software.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

XP Antivirus 2012 manual removal:

Kill processes:
[random characters].exe, like kdn.exe, ppn.exe or similar

MSASCui.exe

pw.exe

vz.exe

Delete registry values:
HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation "TLDUpdates" = '1'

HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe"'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesInternet Exploreriexplore.exe"'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = '1'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = '1'

Delete files:
%AllUsersProfile%Application Datau3f7pnvfncsjk2e86abfbj5h

%LocalAppData%kdn.exe

%LocalAppData%u3f7pnvfncsjk2e86abfbj5h

%Temp%u3f7pnvfncsjk2e86abfbj5h

%UserProfile%Templatesu3f7pnvfncsjk2e86abfbj5h

%UserProfile%AppDataLocalopRSK

%UserProfile%AppDataLocalpw.exe

%UserProfile%AppDataLocalvz.exe

%UserProfile%AppDataLocalMSASCui.exe

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions