XP Home Security 2011
XP Home Security 2011 is a fake anti-virus application developed to extract money from computer users by means of online fraudulent transactions. XP Home Security 2011 will provide a report regarding false threats and also displays fake security warnings on computer to make users believe that PC is contracted with virus and Trojans. This malicious application can be obtained from fake online virus scanner web site. A Trojan will execute everything when this site is accessed. There is also a possibility that XP Home Security 2011 can be acquired from fake multimedia web sites that will require users to download a player to be able to view the video. Unknown to them a Trojan is embedded in the file that will drop XP Home Security 2011 on visitors computer.
Once XP Home Security 2011 is loaded on to the system. It will start to modify system settings and create an entry to the registry that will make itself run when Windows is started. Internet browser will be redirected to unknown websites and prevent most programs from functioning properly. Each time a program is executed, it will state that it is infected with virus and must be cleaned with the registered version of XP Home Security 2011. Stop the annoyances by removing XP Home Security 2011 with a trusted application. Follow carefully the procedures on this page to get rid of this unwanted application.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of XP Home Security 2011 Infection?
It will modify Windows Registry and add the following entries:
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1′ = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1′
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘
HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “%1″ %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1′
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random 3 characters].exe” /START “%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
The threat will drop the following malicious files:
%UserProfile%\Templates\hfjd7f9fgmdkkd0900sjd69a
%UserProfile%\Local Settings\Application Data\[random 3 characters].exe
%AllUsersProfile%\hfjd7f9fgmdkkd0900sjd69a
%AppData%\Roaming\Microsoft\Windows\Templates\hfjd7f9fgmdkkd0900sjd69a
%AppData%\Local\hfjd7f9fgmdkkd0900sjd69a
%AppData%\Local\[random 3 characters].exe
%AppData%\hfjd7f9fgmdkkd0900sjd69a
%Temp%\hfjd7f9fgmdkkd0900sjd69a
How to Remove XP Home Security 2011 Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.
How to Easily Remove XP Home Security 2011
1. Download and run Removal Tool to remove this computer threat.
Vista Total Security 2011 XP Total Security 2011