Severity scale:  
  (68/100)

XP Security 2012. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as XPSecurity2012, XPSecurity 2012 | Type: Rogue Antispyware

XP Security 2012 is a fake security program that pretends to be a malware removal tool. This rogue anti-spyware usually comes unnoticeably without any permission asked, so if you find XP Security 2012 on your computer you are most likely to have got it through a Trojan. These Trojans not only install this fake anti-spyware thing but also change the Registry and drop fake random files which later are detected as malware.

Security experts announce that when installed on different OS, XP Security 2012 appears in different name, though the malcode stays the same. So, when using Win 7 Antispyware name, the trial version of this parasite infects only Windows XP OS. Installed without any knowledge and consent, program firstly applies the tactics typical for this type of malware. It usually triggers fabricated general system scans that return the results which can be easily predetermined. Don’t get surprised after being informed that various threats of different severity are detected, please ignore such alerts:

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

XP Security 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?

XP Security 2012 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
– Dangerous code found in this site’s pages which installed unwanted software into your system.
– Suspicious and potentially unsafe network activity detected.
– Spyware infections in your system
– Complaints from other users about this site.
– Port and system scans performed by the site being visited.

Things you can do:
– Get a copy of Vista Security 2012 to safeguard your PC while surfing the web (RECOMMENDED)
– Run a spyware, virus and malware scan
– Continue surfing without any security measures (DANGEROUS)

XP Security 2012 also generates fake positives that report infections that are expected to make you doubt about your PC security. Keep in mind that clicking on any pop-up add will automatically get you into XP Security 2012 “official” website. These sites must be avoided because they only aggressively promote its “full” commercial version. Don’t buy this scam, because you will only support the scammers. Having XP Security 2012 “licensed” version is useless because it will lead you into finding your computer dramatically slow and vunerable to other viruses. To sum up, it must be clear that XP Security 2012 must be removed as soon as possible, so please, don’t waste any minute and delete this scam. Also, you can use one of these codes 3425-814615-3990, 2233-298080-3424 or 9443-077673-5028 to register the rogue program. Once activated, it won't block web browsers and anti-spyware software.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove XP Security 2012 you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall XP Security 2012. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.
Press mentions on Reimage

XP Security 2012 manual removal:

Kill processes:
kdn.exe, ppn.exe and similar, three or more letter randomly named , processes

Delete registry values:
HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation "TLDUpdates" = '1'

HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe"'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesInternet Exploreriexplore.exe"'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = '1'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = '1'

Delete files:
%AllUsersProfile%Application Datau3f7pnvfncsjk2e86abfbj5h

%AppData%kdn.exe

%LocalAppData%u3f7pnvfncsjk2e86abfbj5h

%Temp%u3f7pnvfncsjk2e86abfbj5h

%UserProfile%Templatesu3f7pnvfncsjk2e86abfbj5h

%LocalAppData%[random characters].exe

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions