1 of 3
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer

Xp Security 2012

XP Security 2012 is a rogue antispyware program which has many other versions. Depending on the operating system of the targeted computer, the rogue can change its name into either Vista Security 2012 or Win 7 Security 2012. XP Security 2012 is obviously intended for the computers which run on Windows XP operating system. The objective of the rogue is rather simple – it infects the computer pretending to be a reliable security application while in fact in only wants to tap into the user’s bank account. If the user wants to avoid getting infected by this rogue, he has to be very careful about clicking on various links on the Internet, because XP Security 2012 has many ways to infiltrate the system.

Download Spyware Removal Tool to Remove* Xp Security 2012
  • Quick & tested solution for Xp Security 2012 removal.
  • 100% Free Scan for Windows

The infection might be hiding even among the website that the user knows very well. For example, there are a lot of blogging sites, which encourage “following” among the users, and sometimes, there are simply spam accounts which follow other users. Later on these spam accounts might start sending comments full of hacked links to the user, or even worse – if the user tries to check the profile of his followers, the spam profile might be designed so that the Trojan associated with XP Security 2012 download automatically once the user opens it. The user is not prompted about the download and later on the Trojan infection downloads XP Security 2012 without the user’s consent as well.

Since this rogue is using the name of the operating system, when it gets installed XP Security 2012 pretends to be a legitimate upgrade of the Windows security tools. Upon the installation the rogue changes the system’s setting in a way which allows it to load along with the Windows. XP Security 2012 also blocks the user from launching .exe files, loading the malicious program instead or simply stating that the program has been infected and XP Security 2012 has to close it.

The rogue will also perform a fake system security scan, and will obviously “find” multiple infections. The scan results will show the user the location of the infection and its name. Even though the malware names are not made up, they do not reside in the affected computer and are only generated in order to scare the user into believing that something is definitely wrong and one must register XP Security 2012 to remove the infections found. But everything about this program is fake so the user must ignore its urges to purchase the full version of XP Security 2012, and also the fake security notifications, popping up on his screen which includes:

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

XP Security 2012 Alert
Security Hole Detected!
A program is trying to exploit Windows security holes! Passwords and sensitive data may be stolen. Do you want to block this attack?

Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan

In order to protect himself and his computer the user must remove XP Security 2012 as quickly as possible. This rogue can damage the system faster than one expects, not to mention that is constantly attempts to steal one’s money. If the manual removal is too challenging for the user, then he is advised to invest into a reliable security program which would delete XP Security 2012 automatically.

Update:

The rogue removal will be easier if you used these activation codes to “register” the rogue:

2233-298080-3424
3425-814615-3990
9443-077673-5028

This rogue is particularly annoying because right after the installation it blocks every single exe file and you can no longer run your computer. Then there is nothing else left to but to restart your computer. When you do, while it boots press F8 and select to load the Safe Mode with Networking, so that you could download SpyHunter from our website. Then restart again, and load your computer in Normal mode to install SpyHunter. Another way to install the program is to download it on another computer, rename the installer file from installer.exe to installer.com and then transfer the file into a USB flash drive. Plug the drive into the infected computer and use it to install the program.

Once SpyHunter is installed, it will scan your computer and detect the rogue, and kill it.

NOTE: Just because you can no longer see the rogue it does not mean that it doesn’t exist. Perform a full system scan to locate and terminate all of its components, because any file associated with the rogue can leave your computer’s door open for other malware.

Download Spyware Removal Tool to Remove* Xp Security 2012
  • Quick & tested solution for Xp Security 2012 removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Xp Security 2012

Files associated with infection (Xp Security 2012):

U-Ch3atsSFDFI_012912.dll
Boonty.exe
Cofi.exe
setup.exe
install.exe
cht.exe
rwh.exe
fjn.exe
%AppData%\[random].exe

Dynamic Link Libraries to remove (Xp Security 2012):

U-Ch3atsSFDFI_012912.dll

Processes to kill (Xp Security 2012):

Boonty.exe
Cofi.exe
setup.exe
install.exe
cht.exe
rwh.exe
fjn.exe
%AppData%\[random].exe

Remove registry entries (Xp Security 2012):

HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ’1′
Disclaimer

Comments

  1. Cristina O'Sullivan Jan 8, 2012

    I'm having a major problem; I know nothing about computers and have just tried to dowload the anti-spywere and the win 7 security announcement comes up and won't let me open it, and run it. What can I do?
    I've just seen your video on youtube and I'm now really concearned about it.
    Thanks a lot
    Cristina

  2. Pcthreat Jan 9, 2012

    Christina,

    Did you try entering the registration codes for Win 7 Security program?

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.