XP Antivirus 2012 Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 8736
Category: Fake Antispyware

XP Antivirus 2012 is part of a sophisticated family of rogue antispyware tools with the ability to adapt its properties to its environment. This means that should the user be running Windows 7 or Vista, XP Antivirus 2012 can alter its name to either Win 7 Antivirus 2012 or Vista Antivirus 2012. The developers behind XP Antivirus 2012 invested a lot of time and sophistication into their rogue application in an effort to trick inexperienced users into paying for this rubbish software. The truth if that XP Antivirus 2012 certainly does not have the ability to detect or remove any type of threat from the system.

This XP Antivirus 2012 is promoted in a variety of ways. The most popular being through the use of bogus online antivirus scanners which inform the user falsely that his system is under attack. It will then inform the user that he needs to download XP Antivirus 2012 in order to secure his PC and stave off these attacks. Another popular method used by XP Antivirus 2012 as part of its online marketing campaign is seditious browser hijacking websites. These browser hijackers forcefully redirect the user to their compromised landing pages where drive-by download tactics are used to forcefully root the XP Antivirus 2012 infection into the PC.

The first clue users will have as to the presence of XP Antivirus 2012 on the system will come from XP Antivirus 2012 initiating a fake system scan. This fake security scan will yield many bogus security threats on the PC. Shortly following this XP Antivirus 2012 start spamming the user with various falsely generated security messages in the form of annoying pop up messages:

Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

Symptoms associated with the XP Antivirus 2012 infection range from users being unable to launch applications and programs on the afflicted PC to blocked Internet connections and randomly generated and deleted Desktop items. Other symptoms reported include increased erratic system behavior and poor system performance.

XP Antivirus 2012 will be responsible for permanent damage to your PC if left untreated. Avoid this and destroy XP Antivirus 2012 before it destroys your PC. This can best and easiest be achieved by using the removal power of a genuine security tool which will protect your PC against similar attacks in future.

Download Remover for XP Antivirus 2012 *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

XP Antivirus 2012 technical info for manual removal:

Files Modified/Created on the system:

# File Name File Size (Bytes) File Hash
2mmc.exe344064 bytesMD5: 1434c50385a6e81f7ba5d081aafa9e0e
3qvf.exe348160 bytesMD5: f6dd62fb6849e79d8025036a097e8f80
4vxe.exe339968 bytesMD5: 45d35cc0fbd7ffdf35f7ef86730cdc15
5questbrowse191.exe26112 bytesMD5: 6702cfdbd648eb45d6ecc60bb8cd56ae
6questscan173.exe26112 bytesMD5: e53fb610fb4c8800db4dd1209066d2e0
7oqf.exe367104 bytesMD5: 718b31c6d90a7731f88f92400cc1a212
8questscan172.exe26112 bytesMD5: 5bffd0b4493b22b8385b73e17638fff6
9aka.exe339968 bytesMD5: 8759b185ac5d846a6665f47e0a9bdf13

Registry Modifications:

The following Registry Keys were created:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe”‘
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exee” -a “%Program Files%\Internet Explorer\iexplore.exe”‘
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = ’1′
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = ’1′
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ’1′
  • HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’


Your email address will not be published.


Enter the numbers in the box to the right *