XP Antivirus 2012 is a rogue antivirus program infecting thousands of new computer’s everyday. It comes to your computer in a disguised manner and takes control over your computer’s security. It can get downloaded your computer in the form of a video codec, a flash update or similar ways. You’ll actually download its installer file yourself thinking it is going to help your computer. Just to make it more clear, there are many websites which will ask you to download a special codec to view the videos on that particular site. If you are desperate to watch that video, you’ll download that file (which is actually XP Antivirus 2012 virus’s installer file) and install it yourself. Within a few moments after clicking on the installer file, XP Antivirus 2012 will pop-up and start scanning your computer. I downloaded this virus off Internet for testing purposes and here is a screenshot of the virus :
Please note that this is a name changing rogue and It spreads people’s computer using random names. There are 15 variants of this virus and It changes the name depending on the windows operating system. If you got this virus in Windows XP, It will show up as XP Antivirus 2012. If you had did the same activity on a Vista machine, It will show up as Vista Antivirus 2012. This name changing rogue is developed by very highly skilled computer experts who are using their knowledge to make big money.
The main aim of XP Antivirus 2012 virus is cheating your computer. Once your computer is a victim of this rogue product, it will start scanning your computer every now to show a long list of fake infections. The fact is, none of the reported files is infected and the scan results are manufactured to drag you into purchasing full version of this product. Whenever you’ll run a legitimate application on your computer, XP Antivirus 2012 virus will also pop-up. Some people get too worried when they see infections on the computer and pull out the credit card too son. Make sure that you don’t purchase this rogue product and buy a genuine spyware remover with this money instead which will protect your computer forever.
Remove XP Antivirus 2012 Virus Automatically
During my testing of the virus, I found that It is very easy to remove this rogue software using automatic removal method. As name implies, automatic removal method means downloading a genuine spyware remover and scanning your whole computer for infections. Then remove the infections and you are all okay again.
I personally use and recommend Spyware Doctor as front line protection on your computer because It is the most respected anti-malware tool. Here is a screenshot of Spyware Doctor when It caught XP Antivirus 2012 on my computer. It shows the infected files and as soon as you click on “Fix Checked” button, threats are removed automatically and your computer will start performing great gain. Automatic removal is very fast and guarantees complete results. Here is a screenshot of the software when it caught this rogue Antispyware :
 Over 130 Million Downloads! |
Automatic removal is highly recommended for all computer users as not only It helps you remove the virus but also you get protection for all future threats. If your main antivirus product couldn’t catch XP Antivirus 2012 Virus, Its time to get the right protection so that your computer stays safe from similar threats in future.
Remove XP Antivirus 2012 Manually
It is also possible to remove XP Antivirus 2012 manually. This method is tedious and you may not get success If you don’t remove the right files. If you don’t know which files should be removed, please don’t attempt your hands on this method. Removing important files from your computer can result in more complications later.
Please follow these steps to get rid of the virus manually :
First of all, please run Task Manager and look for a process which has three characters name, like inj.exe or something similar. It is likely that you’ll find that process and then you should right click on it and end the process. As soon as you end that process. XP Antivirus 2012 should also close automatically. Now follow these steps :
A) Please access Registry Editor by clicking on Start/Run, type “regedit” and click OK. Please find these entries :
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Internet Explorer\iexplore.exe”
Please remove above registry entries carefully as removing a wrong entry can cause other problems in your computer. Registry is a core part of your computer and you shouldn’t edit it If you don’t have ample knowledge.
B) After deleting the registry entries, please remove these files from your computer.
%UserProfile%\Local Settings\Application Data\[random characters].exe
Now reboot your computer and XP Antivirus 2012 virus shouldn’t pop-up again. Please do a follow up scan of your computer using a genuine spyware remover to find out all the traces of the virus. It is impossible to find all the traces of the virus manually unless you do a complete scan of your computer. Post here If your problem doesn’t resolve or you need any additional help.
