Severity scale:  

XP Security 2012. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as XPSecurity2012, XPSecurity 2012 | Type: Rogue Antispyware

XP Security 2012 is a fake security program that pretends to be a malware removal tool. This rogue anti-spyware usually comes unnoticeably without any permission asked, so if you find XP Security 2012 on your computer you are most likely to have got it through a Trojan. These Trojans not only install this fake anti-spyware thing but also change the Registry and drop fake random files which later are detected as malware.

Security experts announce that when installed on different OS, XP Security 2012 appears in different name, though the malcode stays the same. So, when using Win 7 Antispyware name, the trial version of this parasite infects only Windows XP OS. Installed without any knowledge and consent, program firstly applies the tactics typical for this type of malware. It usually triggers fabricated general system scans that return the results which can be easily predetermined. Don’t get surprised after being informed that various threats of different severity are detected, please ignore such alerts:

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

XP Security 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?

XP Security 2012 Alert
Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
– Dangerous code found in this site’s pages which installed unwanted software into your system.
– Suspicious and potentially unsafe network activity detected.
– Spyware infections in your system
– Complaints from other users about this site.
– Port and system scans performed by the site being visited.

Things you can do:
– Get a copy of Vista Security 2012 to safeguard your PC while surfing the web (RECOMMENDED)
– Run a spyware, virus and malware scan
– Continue surfing without any security measures (DANGEROUS)

XP Security 2012 also generates fake positives that report infections that are expected to make you doubt about your PC security. Keep in mind that clicking on any pop-up add will automatically get you into XP Security 2012 “official” website. These sites must be avoided because they only aggressively promote its “full” commercial version. Don’t buy this scam, because you will only support the scammers. Having XP Security 2012 “licensed” version is useless because it will lead you into finding your computer dramatically slow and vunerable to other viruses. To sum up, it must be clear that XP Security 2012 must be removed as soon as possible, so please, don’t waste any minute and delete this scam. Also, you can use one of these codes 3425-814615-3990, 2233-298080-3424 or 9443-077673-5028 to register the rogue program. Once activated, it won't block web browsers and anti-spyware software.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove XP Security 2012 you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall XP Security 2012. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.
Press mentions on Reimage

XP Security 2012 manual removal:

Kill processes:
kdn.exe, ppn.exe and similar, three or more letter randomly named , processes

Delete registry values:
HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerBrowserEmulation "TLDUpdates" = '1'

HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "%1" %*'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe"'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = '"%LocalAppData%kdn.exe" -a "C:Program FilesInternet Exploreriexplore.exe"'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = '1'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = '1'

Delete files:
%AllUsersProfile%Application Datau3f7pnvfncsjk2e86abfbj5h





%LocalAppData%[random characters].exe

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions

  • Chaos

    psf.exe on mine and thanks for the .bat tip it worked beautifully.^-^

  • shiva

    sir, the registration key working fine–3425-814615-3990 — now it is accepted this , what else i do sir, is that my poplem solved?//
    As now computer is working normal with all firewall protection , auto update ,pc protection all ON

  • mikey

    Ive done everything listed above, but I still cant renew my ip address! This is driving me crazy. tried to use system restore, but it wont let me. My files seem to be clear, although in my system32/drivers folder, I got a warning from AVG that my netbt.sys file is infected. b

  • Angela

    My virus name was jua.exe. First I killed the process to be able to access thee internet. Then i searched for it and deleted it. But then after for some reason I wasnt able to open .exe files so I went to the registry data by typing in regedit on the command prompt and had to change the exe value to exefiles (I followed this video: After I downloaded malwarebytes and they took care of the rest 🙂

  • LC

    I had just downloaded Malwarebytes and was about to install it when McAfee started automatically downloading an update. I waited for it to finish, as the update process is a big memory hog on my old computer, and at the end of the installation, McAfee notified me it had removed a trojan named gey.exe. This was the 3-letter name the XP Security 2012 was using. And it was totally gone – I rebooted, and it didnt come back! McAfee did the job automatically.

  • Ant

    Go into safe mode (usually hit the F12 button on the load up page before the windows logo) once in safe mode restore to a few days previous to infection and then itt will be gone, then scan computer for malware and anti virus.

  • EJ

    The registration key 3425-814615-3990 doesnt work. Does someone has an updated one?

    • Cody

      Dude, theres no point in doing that.

  • Cody

    Thank you so much! Ive had this program for weeks and have been begging friends to look it up for me. Its a blessing to have my internet back! 😀

  • Jeff

    System restore, then a malware-bytes scan was and poof, it was gone.

  • Bob

    Spybot worked for me

  • mrsverdantgreen

    Hubbys was tpb.exe. Instructions worked wonderfully, thanx so much!

  • waone

    mine is hoy.exe. im trying clean it now

  • Mike

    I had to kill ixh.exe.

  • anonymous

    my computer wont even let me enter safe mode after I select it. All of a sudden a blue screen appears for a millisecond and restarts my computer what can I do?

  • anonymous

    I found that it only seems to run under one profile, so if you have other user accounts on the computer you might be able to log in as one of them to do the Malwarebytes scans. I also then renamed the infected profile, and the user was able to log in again creating a new profile in the process, and thus far has not had the XP security 2012 show up again.

  • Ignasijus

    I had do kill gju.exe proces.

  • Frank

    There may be a companion parasite that reloads XPS 2012 and acts as a redirector and messes with file associations. On the system I just worked on the xps 2012 file was xul.exe. The companion was _68-ex.exe. I had to go through the registry twice to clean the entries, and the three files we are instructed to delete did not exist.

  • Happy Remover Guy

    The program probably assigns 3 random Alpha characters to create the .exe name. Mine was .hrb! 🙂

    Deleted the registry entries above and everything seems square. Thanks for the info! Even n00bs can fix it. Cheers.

  • radrr

    Hi, my application name of XP Security 2012 was rsp.exe.

  • Bert

    I had do kill gju.exe proces.

  • john

    found instructions to work but mine was installed as ivh.exe

  • Vinay

    1. Running Malwarebytes :

    The so called virus in this case blocks all .exe files to be executed hence ;
    first rename the setup file to .bat extension and then the setup will run so you can install it.

    Once installed again the .exe file in C:/Program Files/…/Malwarebtes Antimalware.exe will not work so again rename that to .bat extension and then run the application.

    This time it will work and then do the full scan and it will be cleaned.

    2. Other alternative Solution is running Kaspersly Virus Removal Tool in safe mode

    3. Another Alternative[Ultimate last resort ] Kaspersky Rescue Disk

    • Tom

      WOW!!!! As the neighborhood computer troubleshooter, Ive battled these rogue “fake security” programs dozens of times in the last couple of years, and have NEVER seen such an elegant solution as simply changing the malwarebytes (or other trusted software) to a batch file!!! Pure genius. One of those, “why the hell didnt I think of that?” moments.

    • Jazz

      Thank you so much. follow your instruction I was able to remove it!

    • geo

      You are awesome changing to .bat is borderline genius

  • mike

    in the past killing the process has been effective, but this time it just restarts automatically. Started in safe mode, but malwarebytes wont run, the stupid malware just starts again. Tried reinstalling malware bytes, but same reaction….what to do?

  • hasan

    how to remove xp security 2012

  • Sam

    Start in safe mode (F8 on boot) then install Malewarebytest. perform a complete scan to clean your system.


    Use CTRL – SHIFT – ESC right after log in to bring up Task Manager. Then kill the process thats bringing up the window. Mine was named csc.exe. Once youve killed the process,. you can do the manual stuff above, but I also run Malwarebytes (Free) for a full scan to get rid of it.

  • Bex29782

    My computer wont let me restore it to an earlier time and the xp security virus wont let me get on the internet to fix it! Ive tried to delete the files but its took over my computer and wont even let me open files!! Gonna have to completely wipe my hard drive!! 🙁 Get it off asap people!!

    • Rhambeaux

      Virus wont let you run system restore from control panel. I ran msconfig which then allowed me to use system restore. Restored system.
      Then I was able to run virus scan and registry repair tool. So far so good.

  • gunhed

    Followed the instructions… other than the obvious .exe filename difference, it worked!

    Once I was able to determine the process name, I simply killed the process, dumped the offending files into another folder, deleted them, and was able to run MalwareBytes afterward. It all seems to be working now… thanks!

  • JohnF

    My virus file was called orw.exe, but it can have many names.

    Im no expert, but… Open your task manager and watch the processes.

    Now open IE or Firefox and watch for a new process to show up when security center runs. That will be the file you search for and delete at the end of all this.

  • JC

    I did everything listed here and ran multiple anti-malware scanners, but it wont go away! I had to give it a fake product key so its not doing anything harmful right now, but I want it gone!

  • Bo

    We are trying to delete the XP Security 2012 malware program using MalwareBytes, but we cannot actually load the MalwareBytes software. We have successfully downloaded the install .exe file for MalwareBytes, but whenever we try to run it. XP Security 2012 software blocks the install program from launching. Does anyone know how to get past this or have other suggestion?

  • Dennis

    Hi Dummies
    Just go to an earlier restore point, shut down and restart and make an new restore point. After restart delete all previouse restore points and let malware check your system.
    And done wiyh that
    gretings from [edited]

    • Maria

      I am doing what you suggest because it seems lke the only right way. However, when i restart to delete all previous restore point and let malware check m y system; which will be the restore point if something should happen again like if that stupid fake program installs itself again, if all previously made restore points are deleted. IM confused.

      • kenneth

        Once you have finished removing the infection, just create a restore point for the now working computer so youll have something to restore it to later should the issue arrise again. 🙂

    • Amanda

      I did that seems to work

  • Batclaw

    When I got this it used tnj.exe not instead of kdn.exe
    “C:Documents and Settings…Local SettingsApplication Datatnj.exe” -a “C:Program FilesMozilla Firefoxfirefox.exe”

  • Adam

    I can verify Jason and K. Greys comments about the variety of the process name, on my Dads computer it was called rlm.exe. Fortunately the file name always seems to be always three letters long, once I identified it I was able to remove it.

  • Jason

    The process name varies and will appear in the registry key(s). Mine was uyn.exe


    use combofix and then malwarebyres anti malware. That took care of my problem

    • Maestro

      Ill second the combofix/malwarebytes method. It worked for me as well.

  • John

    After removing this malware with malwarebytes, my internet explorer, outlook express, nor windows explorer work. Did I not catch everything or is there something else I need to do?

  • K. Grey

    Thanks fot the helpful information, however I found that my harmful process was named under lrl.exe