XP Security 2012 Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 7969
Category: Fake Antispyware

XP Security 2012 is a rogue antispyware program which comes forth pretending to be a computer safeguard application. It is a fake malware removal tool that is extremely cunning, because it enters your system without your knowledge and/or consent and it can remain dormant for sometime, because it starts executing its evil deeds. If you have XP Security 2012 in your computer it means that you are most probably infected with dozens of Trojans, because that is the usual way for this rogue to enter affected computers. Most of the time, it spreads via Trojan infections.

Rogue which are distributed by Trojans are especially annoying, because this infection is able to mess up your registry entries and drop random files everywhere, thus enabling the infection to avoid being detected by a security program. It is very likely that XP Security 2012 is also using rootkits to avoid being notice by system’s safeguard applications. Also it can install various harmless files that are later recognized as malware in XP Security 2012 system scan.

It should be mentioned that XP Security 2012 is one of many rogues that have the same malicious code but go by different names. The name of the rogue in question is generated according to which Operating system the affected computer is running on. For example, if your computer runs on Vista or Windows 7 and you catch this rogue, then it will be called Vista Security 2012 or Win 7 Security 2012. Either way, the symptoms of the infections are the same and so are the fake security alerts received from these rogues. You should pay no attention to the following messages received from XP Security 2012:

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy Threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

It is rather ironic that a rogue is warning the user about security threats that only a rogue can pose. Instead of following XP Security 2012’s instructions, you should remove this rogue from your computer once and for all. Nothing is real about this program and it only wants your money. Erase XP Security 2012 from your system as soon as possible and shield it against similar attacks in the near future, because you can never know when the next rogue might come barging in.

Download Remover for XP Security 2012 *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

XP Security 2012 Screenshots:

XP Security 2012

XP Security 2012 technical info for manual removal:

Files Modified/Created on the system:

# File Name File Size (Bytes) File Hash
1cht.exe319488 bytesMD5: 01c8cd4e532465a3a3a90137cc200ccb
2setup.exe348160 bytesMD5: d91454e0e028db3aad86196f404676af
3Cofi.exe4130198 bytesMD5: 22c79223cab449a0b44f64130119314b
5fjn.exe372224 bytesMD5: 5f4ef2db6bcaff93b96025b60ed03fae
6Protector-lrqe.exe2216960 bytesMD5: 32b652fee344c25f4bfed0ca2a472b1f
7rwh.exe356352 bytesMD5: 31d5dbdc23d510e4fed060c167ce06f4
8U-Ch3atsSFDFI_012912.dll582144 bytesMD5: 1d80d09144d6e714627dbdbd55b0acfd
9WDvdauthoe.cpl171417 bytesMD5: ae0c989485969d8b48a65b7c96b5a88a
10Boonty.exe69120 bytesMD5: 8842fabd13e8e3f1a85854aa70d15ba0
11install.exe344064 bytesMD5: a8a1ec0be621d5e5237e5057d428640a

Registry Modifications:

The following Registry Keys were created:

  • HKEY_CURRENT_USER\Software\Classes\.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe”‘
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
  • HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ’1′


Your email address will not be published.


Enter the numbers in the box to the right *