Run FREE PC Scanner Now!XP Antivirus 2012 Removal Process (remove XPAntivirus2012)
June 7, 2011 – 11:17 am
XP Antivirus 2012
XP Antivirus 2012 is on a long list of malicious security programs created by cybercrooks. XP Antivirus 2012 is not much different than some of the latest malware that we have seen circulated over the internet. If faced with XP Antivirus 2012, a computer user may get seriously annoyed with the strange pop-up alerts and system scans that repeat themselves. To eliminate those annoying characteristics, it is best to utilize a trusted spyware removal app to rid XP Antivirus 2012 and any of its related files.
Are you getting popups from XP Antivirus 2012? Have you identified that you have XP Antivirus 2012 installed on your computer? Do you wish to remove XP Antivirus 2012 completely from your computer?
Why should you remove XP Antivirus 2012?
If XP Antivirus 2012 resides on your computer, it can potentially damage your personal files or you may end up losing data stored on your system. Research has shown that XP Antivirus 2012 may have the ability to make your computer vulnerable to remote attacks which could result, initially, in loss of money, possibly identity theft, and, eventually, a painstaking XP Antivirus 2012 removal process.
How can you manually remove XP Antivirus 2012
Manual removal of XP Antivirus 2012 may not be for everyone. Each manual XP Antivirus 2012 removal step must be followed delicately to completely remove all related files and registry entries from your computer. If you are unsure or have doubts about editing your system registry, then we recommend that you use the automatic XP Antivirus 2012 removal process.
XP Antivirus 2012 can be removed manually by following the steps below.
- With all programs closed, click the Start Menu and go to the Control Panel.
- Locate the Add/Remove Programs icon and double click it.
- Locate XP Antivirus 2012 in the list of programs. If you find it, select it and remove it. If you cannot find XP Antivirus 2012, you can continue to step 5.
- Restart your computer.
- Close all open programs and windows on your desktop.
- Open your registry editor (regedit) program by going to Start Menu, type in regedit, and click OK.
- Find all of the following registry entries and delete them. If you do not know how to do this,
then you can read how to edit the registry in Windows.HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
-
You may need to return to this removal process for removing XP Antivirus 2012. You can do this easily by bookmarking or adding a favorite to this page by clicking here. If you are using the FireFox web browser you can press the keys Ctrl and D simultaneously to bookmark this page.
Image 1. Bookmark PCHubs removal process
-
Delete all of the following files that are associated with XP Antivirus 2012 from your computer.
%AllUsersProfile%\random.exe%AppData%\Local\.exe%AppData%\Local\random.exe%AppData%\Roaming\Microsoft\Windows\Templates\random.exe%Temp%\random.exe%UserProfile%Local SettingsApplication DataopRSKIf you need a better understanding on how to search for these files then you can read how to find and search for files and folders here.
If you have issues deleting any of the previously listed files that are associated with XP Antivirus 2012, you can try rebooting your computer into safe mode. Booting into safe mode may allow certain malicious files to be deleted. If you are wondering how to boot into safe mode, you can read our process for starting a computer in safe mode here.
Image 2. Select "Safe Mode with Networking"
After locating and deleting the previous files you must remove all directories associated with XP Antivirus 2012 by going to the C:\ProgramFiles\XP Antivirus 2012 folder, select it, and delete it. In some cases you may not be able to find this directory. You can still continue to the next step.
Restart your computer. You do not need to boot into safe mode at this point. You should have removed XP Antivirus 2012 completely from your computer. If you find that XP Antivirus 2012 is still on your computer, you can repeat the steps again or go to the automatic XP Antivirus 2012 removal process.
Thanks for the info, but to let you know that the rouge virus doesnt let you open the task manager. Somehow i just kept pressing CTRL+ALT+DELEAT like 100 times and then it said Antivirusscandemo is not responding and i pressed end now, and I cant find it in the task manager, or in the Registry Editor.
I’m really impressed that the scanner download detected this. went ahead and registered the spyhunter and it removed the XP program. Thanks you all.
I\’m not sure why so many people are having so many problems unless there are many variants of this and I happened to hook into an easier one.
I simply located the unknown file, der.exe in my case, located in Documents and Settings and changed it\’s name to something that would be found in a CAB file so the system does not become unstable or alarmed. That disabled it. I did this from Linux.
Then I booted back to windows and reloaded my ERUNT registry backup and rebooted again. That allowed me to run Panda, and a quick scan revealed the lingering stuff which Panda isolated.
I had the problem taken care of in about 10 minutes. Afterward, I looked to see what the sites had to say and I am extremely surprised at the verbiage I find relating to the fix and the problems.
Try a multiboot with one of the Linux distros and this is easy stuff. Additionally run ERUNT. One at each boot and a scheduled backup at 5pm.
Both are on the net. They will save your mind from all this. Seriously, I was ready to join some of the folks I assist at the local asylum so I could get quick help when all this crap got to be too much for me. Then I looked for solutions and those are the best.
Pardon me for not providing explanations or how to’s on setup, but that info is on each site and neither are a problem. I was in my mid sixties when i did that and am over 70 now. If I can, I do believe it cannot be difficult for most people. It does require reading and tolerance, but the results are so nice.
XP Antivirus 2012 is history! I am glad I did not purchase XP Antivirus 2012, it kept redirecting me to the purchase page to buy it for about $60. I hear those hackers will take your credit card number and make charges without your consent. That is all I need for Christmas to get another credit card bill and nothing to show for it. Thank you for your help with the malware remover link download.
Hello! I was able to remove this rogue only by using your advertisement download. It installed and found the malware in addition to other trojans. registered it and it removed them all. Now our PC runs faster and is CLEAN. Many thanks!
Why didn’t Microsofts’ security essentials
anti virus program catch this?
Why arn’t these bastards charged with a crime?
Thanks a millon for this article! Luckily I have two admin accounts in my PC. Apparently the virus affected only one of them. I wasn’t able to browse the Internet in Firefox or IE from the account I was using when the PC got infected. However, when I logged into my other admin account, I was able to browse the internet without any issues. I removed the “.exe” files created by the virus and updated the registry as indicated.
I downloaded and run the trial version of Malwarebytes as suggested by other commenters. Oddly, after running for over an hour it just reported a minor infection. I wonder if the virus problem is really gone from my PC now!
This is the third reincarnation from these cybercrooks.They aren`t interested in any threats as they are operating in what they consider is a safe and undetectable system of methods.I.E. proxies and internet banking which is run from emails that don`t lead back to their real locations.However what they haven`t banked on is there is a flagging system running on these accounts as they usually have the same amounts of money coming in together and sooner or later they will slip up.
I gave up trying to beat this relentless onslaught that UK authorities seem to turn a blind eye to.
My solution now is to use Hirens Boot CD Version 14.Download the iso and burn using nero or such.Once you have the disk you can start the pc without needing access to your harddrive change bios to cd first start and then load mini xp.Once that has loaded click on the Internet explorer and let it connect it will load opera browser google default.Download Malwarebytes thisonce downloaded will install into a temporary directory B:\ will will auto matically download latest updates.Then full system scan which you can selct the drive of choice.This should clean the crap off the computer.once you have done that you should consider running ccleaner again you can download as per previous method.This you use to check the startup programs on the C:\ drive which you enable or delete before you restart machine.This live cd is amazing if you click on the Hirens logo there are over 100 other programs built in to do alot of amazing repair stuff.good luck.
Just move your date and time 6 days ahead that will deactivate the virus
I have somehow managed to get this fake antivirus shit on my computer. I never even installed anything it just somehow managed to install itself. I will find out who is responsible for this and when I do they will pay. The problem they have is they want you to buy this program and to do that there has to be a payment method involved which at some point will involve a bank account which has to be registered to somebody. That somebody is going to wish they were never born once I find out where they live.
hi, I have had the same problem as you guys. But i dont know how i did this but i was just getting really annoyed with this fake virsus shit. So in the end i clicked on something which nearly brought a tear to my eye, lol. Basically follow these steps to access your internet and search on how to get rid of this bloody thing:
step 1: Click on your internet explorer. (your page would either come up with your main homepage or it will come up on to the infected page, if this happens click on a new tab until your main homepage comes up, mine in this case is google.
Step 2: right now dont get excited becasue as soon as you type something you wait for around 3 mins and it will come back on to the virus page, so…. im hoping that your main homepage is google if not im not sure if this will work on your eg yahoo but it should do. Now right click on any clear white part on the google page which you will then be given a few options. Now there should be an option which says export excel or something like that anyway click on it!.
Step 4: This will now open up excell with your homepage on. Now at this point i was so happy becasue you can go ahead now and type in anything and it will work like a normal internet site. But do not be lazy and use this everytime you use your pc. Instead you should be wise and use this opportunity to search up on how to get rid of this anti virus fake shit.
i hope i have helped and please feel free to reply
same person again …
yeah i’m on safe mode on my pc (still writing this from my mac)
i cannot access the internet t still blocks it, it blocks me from running searches on the start menu, stops me accessing the control panel … hell it even stops me accessing MS paint … what now my pc is like a vegatble …
no you cant access the internet on safe mode on my pc (written from mac) i’m thoroughly stuck
Yeah I can’t even open anything. It tells me that the program might be infected and do I want to purchase the software or continue unprotected. When I say continue unprotected the box goes away but the program never opens. I can’t even run my registry mechanic or the add remove program to even attempt to fix it. Help!!!!
You can access you internet on Safe Mode- like I am now. Make sure you log in as administrator though
But if XP antivirus 2012 is blocking my Internet access, which it says it is, how do I go to the Smitfraud link?
(sent from my iPad)
David