XP Antispyware 2012 looks like a genuine antivirus application but it is a virus in disguise. It will deceive computer users and make them believe that an ongoing attack persists. XP Antispyware 2012 simulates what appears to be a virus scan, but it will provide only fabricated and false detection. Threats identified by this fake antivirus program do not exist on the system. By manipulating the results, authors of XP Antispyware 2012 hope to convince user that the licensed version of the program is essential to clean the system.
You must be aware that this rogue changes names based on the target computer’s operating system. It can be installed as Vista Antispyware 2012 or Win 7 Antispyware 2012. The malware also uses random names on each installation to avoid easy detection by antivirus programs using pattern files. What is more daunting about this malware is its ability to disable security applications. Getting more help from an associated Rootkit Trojan, XP Antispyware 2012 can complete more harm than reported.
Graphical User Interface (GUI) of XP Antispyware 2012
The primary goal of XP Antispyware 2012 is to control the computer. Once it dominates the PC, it will start providing a number of fake security scans and fake warnings. To mislead user even more, this malware will react to every execution of programs and state that it is infected. Next, it advises victim to purchase the registration key for XP Antispyware 2012 to remove all threats and regain computers normal operation.
Do not get worried about the reports published by this fake security programs. In fact, the sole infection needs to eliminate from the computer. Follow the removal guide on this page for free and instant removal.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | Vista Antispyware 2012, Win 7 Antispyware 2012 |
| OS Affected | Windows XP |
| Detected By | MalwareBytes |
What are the Symptoms of XP Antispyware 2012?
It is common for rogue security application to produce unnecessary threat detection to deceive victims. In fact, XP Antispyware 2012 will disclose a number of non-existing Trojans, virus and worms on the compromised computer. Some of these infections may include Trojan-SMS.SymbOS.Viver.a, Trojan-SMS.J2ME.RedBrowser.a, Happy_II.506, P2P-Worm.Win32.Franvir and so much more.
From time to time, this rogue security program also displays fake system tray alerts. Alert messages vary from blocked programs, firewall alert, system hijack, privacy threat and malware intrusion. These fake warnings are additional scare tactics by XP Antispyware 2012 to persuade victims into obtaining the registration key.
Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.
Automatic Removal of XP Antispyware 2012
STEP 1 – Registration
It is important that you enter the provided serial number and register XP Antispyware 2012. While running in full version, you may take back Internet access previously blocks by the malware. It is common for rogue program to prevent infected computer from browsing the web to avoid downloading of removal tool.
A) To enter the registration code, click on “Registration” located at the top of XP Antispyware 2012 console.
B) On registration box, click on “Manual Activation” and type any of the following key below on the box labeled Reg key: . Then click on “Activate Now.”
3425-814615-3990
1147-175591-6550
C) Once activated, XP Antispyware 2012 will attempt to remove detected threats. After that, it will also update the program. These process will take a while. You may cancel “Removing… and “Updating…” process and proceed with the actual removal immediately.
Now that XP Antispyware 2012 is running in full version, your computer will work normally even with the presence of the malware. Accessing the Internet will not be a problem and you can now download the removal tool as on next step.
Step 2 – Download Removal Tool
A) Download the removal tool and save it to any location on your hard drive. For quick access, it is recommended to save on your desktop.
| XP Antispyware 2012 Remover Download Now |
B) After downloading, locate the file and double-click to install. If unable to execute, right-click on the file and select “Run as Administrator.”
C) Install the program with default configuration. No changes is required during the installation process. It will open and update the database afterwards.
Step 3 – Restart Computer in Safe Mode
A) From an OFF mode, turn on the computer and before Windows logo begins to load, press F8 on your keyboard.
B) Windows will display Windows Advanced Options Menu. Select Safe Mode from the option. While on Safe Mode, Windows will only load minimal files and registry enties excluding malicious components created by XP Antispyware 2012.
Step 4 – Scan and Remove
A) While on Safe Mode of Windows, locate the installed removal program. Double-click to run it.
B) Choose the option where you can provide full scan on the computer. Doing full scan is necessary to find all files and registry entries that are related to XP Antispyware 2012.
C) Once finished scanning, it will display all detected threats. Mark all items with check and click on “Remove Selected.” The program will prompt you to restart the computer, please do so.
IMPORTANT! Proceed to Step 3 of Manual Removal below to remove Rootkit Trojan associate with this malware.
How to Remove XP Antispyware 2012 Manually
Step 1 – Fix Windows Registry and Delete Files
A) Press F8 on keyboard as soon as you turn on the computer. Select Safe Mode from the list. This method loads only minimal resources of Windows.
B) There is a possibility that the malware will prevent your from running executable files. XP Antispyware 2012 also made changes to Windows registry that will launch a fake pop-up alerts when you attempt to run any programs. We need to resolve this issue by downloading the following file to fix the registry
FixReg.reg (http://file-download.im-infected.com/FixReg.reg)
Note: If malware prevents you from downloading the file, please get it using a separate clean computer. Transfer the file to an infected unit using optical disc such as CD and DVD, flash drive, external hard drive or memory modules.
C) Delete Windows registry entries. It is important to BACKUP YOUR REGISTRY FIRST.
- On Windows Start Menu, Click Start > Run. Alternatively, you can press [Windows Key] + R on your keyboard.
- Type in the field, regedit
- Find and delete the following registry entries
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1' HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\htu.exe" -a "%1" %*' HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\htu.exe" -a "%1" %*' HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\htu.exe" -a "%1" %*' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\htu.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\htu.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\htu.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
D) Files related to XP Antispyware 2012 must be deleted:
- Browse and delete malicious files below.
- Some files cannot be deleted instantly. Press Ctrl+Alt+Del to open Windows Task Manager, look for any virus-related files mentioned on this page and highlight it, click End Process. Try to delete the file once more.
C:\Documents and Settings\Local Settings\Temp\(random folder)\htu.exe C:\Documents and Settings\All Users\Application Data\HNHWY89EYUMC7XP01KIDJYTRDF C:\Documents and Settings\Local Settings\Application Data\HNHWY89EYUMC7XP01KIDJYTRDF C:\Documents and Settings\Local Settings\Application Data\htu.exe C:\DOCUMENTS AND SETTINGS\LOCAL SETTINGS\Temp\HNHWY89EYUMC7XP01KIDJYTRDF C:\Documents and Settings\Templates\HNHWY89EYUMC7XP01KIDJYTRDF
Note: HNHWY89EYUMC7XP01KIDJYTRDF and htu.exe can be any random characters. The malware uses random file name whenever it is installed on the system.
Step 2 – Run Antivirus Program
A) You must be connected to Internet to be able to update your anti-virus program. This is needed to have the latest database available and detect newer threats. Some antivirus programs update itself on a regular basis. There is also an option for manual update through the console of antivirus application.
B) Once updated, thoroughly scan the computer and clean or delete all detected threats. If your AV software is unable to delete malicious files, better put them into quarantine.
Step 3 – Remove the Rootkit Trojan
Rootkit Trojan are the one responsible why your system is infected with XP Antispyware 2012. This is also liable for most of the irregularities happening to your computer. Failure to remove rootkit Trojan may reinstate other infections including the rogue security application.
A) First, you need to download TDSS Killer from this location:
http://support.kaspersky.com/faq/?qid=208280684
Copy and paste the link to your browser. Once you are on the legitimate page of anti-rootkit, follow required instructions to download and install TDSSKiller.
B) When fully installed, click on the icon to run the program.
C) Press the button that says “Start Scan” to begin detection of malicious objects.
D) It will display a list of detected objects and their description. This tool will recommend the appropriate action (Cure or Delete). We suggest to Cure objects that were identified Suspicious.
E) To apply desired actions, click on Continue. It will display the result and advise to restart the computer.