XP Security 2011 is another way created by fraudulent cyber community to deceive PC users into wasting their money. Besides, because this program is categorized as rogue anti-spyware, people are also tricked into infecting their computers if they run Windows XP. XP Security 2011 is a successor of the very similar programs called XP Internet Security 2010 or recently released Win 7 Internet Security 2011. XP Security 2011 spreads its freeware executables through a fake online scanning sites and misleading pop-up ads that can be randomly displayed when you browse on the web.
Once XP Security 2011 finds itself in your computer, it quickly modifies the registry and invents a number of files so that it could later find them as infections. Additionally, OS gets paralyzed and malware starts disturbing the victim with its fabricated scanners and intensely streamed misleading popup ads. The above alerts tell you that your system is in great danger because it’s being attacked by some extremely dangerous viruses, trojans, keyloggers and additional malware. These alerts say:
The only reason why XP Security 2011 plays all this tricky game by reporting imaginary infections is to make you concerned about the status of your computer security. Having fallen in this campaign, XP Security 2011 malware asks to make a purchase of its registered version if you want to save your PC. Now it should be clear that you must avoid this trickery and don’t purchase it. Don’t believe its ads and remove XP Security 2011 from your computer.
UPDATE!!! One of PC security bloggers, S!Ri, has announced about a serial code that may help you to disable those malwares like XP Security 2011 that change their names according to OS they find. Enter this serial code when doing registration: 1145-17884799-7733. This and the order number 21197673 should also work for earlier versions of this type of parasite. After typing them, you should become able to use your anti-spyware, if it fails follow the guide written below. Be aware that these numbers are expected to change in the near future!
To remove XP Security 2011 you will need another PC, as removing it from safe mode with networking will not work in most of the cases.
a) Burn these programs to CD or write them to USB disk. You can use your MP3 player, or smartphone if it has storage functions. This parasite does not spread through USB at the moment:
1.STOPzilla or an automatic removal tool below. Update STOPzilla and run a full system scan.
2.You might want to download Hitman Pro or Malwarebytes as alternate scanners. Though you are likely to be able to download them later on.
b) Boot normally. Wait for XP Security 2011 to launch, and run exeregfix.reg . This should allow launching legitimate programs
c) Delete or remove the files that are mentioned in our files box. You can use STOPzilla to identify the infected files and additional infections or automatic XP Security 2011 removal tool. Do not forget update it before scanning. Remove what it finds.
d) Scan with STOPzilla and secondary tools and reboot your PC. This should fully get rid of XP Security 2011.
XP Security 2011 manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CURRENT_USERSoftwareClassespezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_CLASSES_ROOTpezfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "%1" %*
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Datapw.exe" /START "C:Program FilesInternet Exploreriexplore.exe"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = "1"
%UserProfile%Local SettingsApplication DataopRSK
%UserProfile%Local SettingsApplication Datapw.exe
%UserProfile%Local SettingsApplication DataMSASCui.exe