XP Security 2012

By | January 17, 2012 | 0 Comment

XP Security 2012, also known as the Earth Antivirus is a misleading computer security program that has no capability to perform as a legitimate anti-virus program. This is the primary reason why it was categorized as rogue, fake and unwanted application. This malware is promoted as “Protect your PC, files, and identity with the industry’s fastest, lightest, most complete security solution.” But in reality, XP Security 2012 was created to deceive users with fake virus detection and aims to sell the software via fraudulent activities. Aside from that, XP Security 2012 also promises to have advanced protection, block phishing web sites and secure your home network. All of these were not feasible when diagnosing its installed files. It does not even have a database and necessary files to protect a computer from threats and harmful attacks.

Remove XP Security 2012 as soon as an instance was observed on computer. Only legitimate anti-malware application that can be downloaded below this page can remove it and all of its associated files. XP Security 2012 can also be remove manually by technically trained computer users.

Type Rogue
Sub-Type FakeAV
OS Affected Windows XP

What are the Symptoms of XP Security 2012 Infection?

XP Security 2012 Screenshot Image

It will modify Windows Registry and add the following entries:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ‘1’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kjt.exe” -a “%1” %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%LocalAppData%\kjt.exe” -a “%1” %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kjt.exe” -a “%1” %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kjt.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%LocalAppData%\kjt.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kjt.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = ‘1’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = ‘1’

The threat will drop the following malicious files:
C:\Documents and Settings\Local Settings\Temp\(random folder)\kjt.exe
C:\Documents and Settings\All Users\Application Data\MKLOKI9065HJU34NMKOPP09OLST
C:\Documents and Settings\Local Settings\Application Data\MKLOKI9065HJU34NMKOPP09OLST
C:\Documents and Settings\Local Settings\Application Data\kjt.exe
C:\DOCUMENTS AND SETTINGS\LOCAL SETTINGS\Temp\MKLOKI9065HJU34NMKOPP09OLST
C:\Documents and Settings\Templates\MKLOKI9065HJU34NMKOPP09OLST

Leave a Reply

Your email address will not be published. Required fields are marked *