XP Internet Security 2012 is misleading software. The main goal for creating this product is to steal money from credit card account of its victims. Coming from a large family of fake antivirus, XP Internet Security 2012 spreads through malicious web sites as well as legitimate but compromised sites. Once you visited the said location, it will show an online fake scanner that will produce a bunch of false threat detection. This manner may trick visitors to download the trial version of XP Internet Security 2012 that will serve similar purpose once inside the computer.
The rogue program silently installs self on the system. There are no indication and will never produce any prompts. When successfully installed, you will witness a local virus scan by XP Internet Security 2012. In the end, it will provide results consisting dozens of Trojans, worms and viruses. Keep in mind that this detection is part of a scare tactics. None of the infection is present on the computer. Only remaining contamination inside your PC is XP Internet Security 2012 and the Trojan that comes with it.
Therefore, to recover your computer from the current troubled condition, eliminating the rogue software is the first thing to do. Download and install a powerful anti-malware program and initiate a complete scan as suggested on the removal procedure below.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | Vista Internet Security 2012, Win 7 Internet Security 2012 |
| OS Affected | Windows XP |
| Detected By | MalwareBytes |
What are the Symptoms of XP Internet Security 2012?
While XP Internet Security 2012 is active on the computer, it will attempt to fool uses with a number of fake security alerts and virus detection. It aims to persuade victims into buying the registered version of the program. Once the false alert contains this message:
Attention: DANGER!
ALERT! System scan for spyware, adware, Trojans and viruses is complete. XP Internet Security 2012 detected 32 critical system objects. These security breaches may be exploited and lead to the following…
Aside from that, infected computer may also observe severe system tray alerts stating several attacks and file infection. Majority of the programs are also block and declare that the file is compromised with malware.
Automatic Removal of XP Internet Security 2012
STEP 1 – Registration
It is important that you enter the provided serial number and register XP Internet Security 2012. While running in full version, you may take back Internet access previously blocks by the malware. It is common for rogue program to prevent infected computer from browsing the web to avoid downloading of removal tool.
A) To enter the registration code, click on “Registration” located at the top of XP Internet Security 2012 console.
B) On registration box, click on “Manual Activation” and type any of the following key below on the box labeled Reg key: . Then click on “Activate Now.”
3425-814615-3990
1147-175591-6550
C) Once activated, XP Internet Security 2012 will attempt to remove detected threats. After that, it will also update the program. These process will take a while. You may cancel “Removing… and “Updating…” process and proceed with the actual removal immediately.
Now that XP Internet Security 2012 is running in full version, your computer will work normally even with the presence of the malware. Accessing the Internet will not be a problem and you can now download the removal tool as on next step.
Step 2 – Download Removal Tool
A) Download the removal tool and save it to any location on your hard drive. For quick access, it is recommended to save on your desktop.
| XP Internet Security 2012 Remover Download Now |
B) After downloading, locate the file and double-click to install. If unable to execute, right-click on the file and select “Run as Administrator.”
C) Install the program with default configuration. No changes is required during the installation process. It will open and update the database afterwards.
Step 3 – Restart Computer in Safe Mode
A) From an OFF mode, turn on the computer and before Windows logo begins to load, press F8 on your keyboard.
B) Windows will display Windows Advanced Options Menu. Select Safe Mode from the option. While on Safe Mode, Windows will only load minimal files and registry enties excluding malicious components created by XP Internet Security 2012.
Step 4 – Scan and Remove
A) While on Safe Mode of Windows, locate the installed removal program. Double-click to run it.
B) Choose the option where you can provide full scan on the computer. Doing full scan is necessary to find all files and registry entries that are related to XP Internet Security 2012.
C) Once finished scanning, it will display all detected threats. Mark all items with check and click on “Remove Selected.” The program will prompt you to restart the computer, please do so.
IMPORTANT! Proceed to Step 3 of Manual Removal below to remove Rootkit Trojan associate with this malware.
How to Remove XP Internet Security 2012 Manually
Step 1 – Fix Windows Registry and Delete Files
A) Press F8 on keyboard as soon as you turn on the computer. Select Safe Mode from the list. This method loads only minimal resources of Windows.
B) There is a possibility that the malware will prevent your from running executable files. XP Internet Security 2012 also made changes to Windows registry that will launch a fake pop-up alerts when you attempt to run any programs. We need to resolve this issue by downloading the following file to fix the registry
FixReg-XP.reg (http://file-download.im-infected.com/FixReg-XP.reg)
Note: If malware prevents you from downloading the file, please get it using a separate clean computer. Transfer the file to an infected unit using optical disc such as CD and DVD, flash drive, external hard drive or memory modules.
C) Delete Windows registry entries. It is important to BACKUP YOUR REGISTRY FIRST.
- On Windows Start Menu, Click Start > Run. Alternatively, you can press [Windows Key] + R on your keyboard.
- Type in the field, regedit
- Find and delete the following registry entries
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1' HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\htu.exe" -a "%1" %*' HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\htu.exe" -a "%1" %*' HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\htu.exe" -a "%1" %*' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\htu.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\htu.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\htu.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
D) Files related to XP Internet Security 2012 must be deleted:
- Browse and delete malicious files below.
- Some files cannot be deleted instantly. Press Ctrl+Alt+Del to open Windows Task Manager, look for any virus-related files mentioned on this page and highlight it, click End Process. Try to delete the file once more.
C:\Documents and Settings\Local Settings\Temp\(random folder)\htu.exe C:\Documents and Settings\All Users\Application Data\HNHWY89EYUMC7XP01KIDJYTRDF C:\Documents and Settings\Local Settings\Application Data\HNHWY89EYUMC7XP01KIDJYTRDF C:\Documents and Settings\Local Settings\Application Data\htu.exe C:\DOCUMENTS AND SETTINGS\LOCAL SETTINGS\Temp\HNHWY89EYUMC7XP01KIDJYTRDF C:\Documents and Settings\Templates\HNHWY89EYUMC7XP01KIDJYTRDF
Note: HNHWY89EYUMC7XP01KIDJYTRDF and htu.exe can be any random characters. The malware uses random file name whenever it is installed on the system.
Step 2 – Run Antivirus Program
A) You must be connected to Internet to be able to update your anti-virus program. This is needed to have the latest database available and detect newer threats. Some antivirus programs update itself on a regular basis. There is also an option for manual update through the console of antivirus application.
B) Once updated, thoroughly scan the computer and clean or delete all detected threats. If your AV software is unable to delete malicious files, better put them into quarantine.
Step 3 – Remove the Rootkit Trojan
Rootkit Trojan are the one responsible why your system is infected with XP Internet Security 2012. This is also liable for most of the irregularities happening to your computer. Failure to remove rootkit Trojan may reinstate other infections including the rogue security application.
A) First, you need to download TDSS Killer from this location:
http://support.kaspersky.com/faq/?qid=208280684
Copy and paste the link to your browser. Once you are on the legitimate page of anti-rootkit, follow required instructions to download and install TDSSKiller.
B) When fully installed, click on the icon to run the program.
C) Press the button that says “Start Scan” to begin detection of malicious objects.
D) It will display a list of detected objects and their description. This tool will recommend the appropriate action (Cure or Delete). We suggest to Cure objects that were identified Suspicious.
E) To apply desired actions, click on Continue. It will display the result and advise to restart the computer.