General discussion

XP Home Security 2012

Hello:

Suddenly my laptop says: your pc is infected and in danger. It's needing
to do " XP Home Security 2012" and want to do scan and asked to purchase some software.

Is this "intrusion" legitimately from MS or some kind of attack?

Tell me, please!

Discussion is locked

Follow
Reply to: XP Home Security 2012
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: XP Home Security 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Windows XP Home Security 2012

I have the same thing happening on my Dell desktop. It has blocked us from doing anything online and says we have a trojan that needs to be removed. My Kapersky Virus program says everything is fine. How do I get rid of this?

- Collapse -
XP Home Security 2012

Hi Plattmd:

Now I can judge that it is an evail attack, not from MS legitimate upgrade.

Who knows more about it?

- Collapse -
Dell Latitude D600 Laptop Infected too!

I'm having the same exact problem with my Dell Latitude 600 Laptop running Windows XP Pro ... I'm getting messages that: Drive C is unreadable; Hard drive does not respond to System Requests; Windows OS can't detect hard drive space; Hard drive error; Hard drive clusters partly damaged -- only to name a few. Messages also say I have Trojans! I can't do anything on the computer now! What to do??? Help!!!!

- Collapse -
XP Home Security 2012 fix

I've removed this rogue software many times using methods I've found on the internet on my coworkers PC's.

After all those methods, I like to do it this way. Here's how I do it for Windows XP Pro:

Restart.
During Restart boot up,press F8 multiple times to get to Safe Mode.
Navigate with the keyboard arrow to Safe Mode with Networking.
Do a system restore. (I couldn't find it in the control panel. So I searched the C:Drive for rstrui.exe. It's located in the C:/Windows/system32/Restore folder.)
Run System Restore, by clicking on the icon. (Note:A Windows Security 2012 window will pop up, but so will System Restore. Ignore the window, don't touch it. I kill it in task manager. It's a random 3 character exe, ex. "nge.exe". You don't have to kill it though. I just do it because I hate seeing it.)
Restore your PC to a date before you got the XP HS2012.
Then when your PC restores to that date, download Malwarebytes and run a full scan. Then have it delete what it finds.

That's it. Hopefully. They are constantly updating it's pop-ups. What I want to know is how these guys get away with this, they should be in jail. It's actually a company making money from this.

Sir Francis Drake

- Collapse -
XP Home Security 2012 fix

Its great to beat the rogue attacker.

- Collapse -
Re: Rogue Attacker

Are you the rogue attacker? If so, get to coding. Drake? If not, did it work?

- Collapse -
XP Home Security 2012 Fix

I am running the Malwarebytes scan now. It seems to have worked. Thank you.

- Collapse -
restore won't run

I'm trying to follow these instructions:

"Restart. During Restart boot up,press F8 multiple times to get to Safe Mode. Navigate with the keyboard arrow to Safe Mode with Networking. Do a system restore. (I couldn't find it in the control panel. So I searched the C:Drive for rstrui.exe. It's located in the C:/Windows/system32/Restore folder.) Run System Restore, by clicking on the icon. (Note:A Windows Security 2012 window will pop up, but so will System Restore. Ignore the window, don't touch it. I kill it in task manager. It's a random 3 character exe, ex. "nge.exe". You don't have to kill it though. I just do it because I hate seeing it.) "

XP HS2012 appears to be blocking my use of Restore. I also can't run Malwarebytes, or several other programs I've tried. When I click on the application I just get the XP HS2012 popup and no sign of the program I want to run.

Help!!!

Thanks!!!

- Collapse -
Re: Restore won't run

Susan..

System Restore was not designed as a virus/malware removal tool. It backs up "the bad with the good". The success of its use, depends upon on the type of infection, and what was restored in the process.

Download the below tools. If you're prevented from doing so, you will need to use another computer and transfer them to yours. (Using a CD/DVD or Flash Drive)

Download and run the "Rkill" tool. You will only need to launch one of files, in order for Rkill to work. (Right-click and "Run as Administrator" if using Vista or Win7) If you have no success running Rkill.exe, try the next. When Rkill runs you will see a command prompt window similar to this. When one DOES work (immediately) run a Scan with Malwarebytes' Anti-Malware. (See below) Do NOT reboot after running Rkill.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Rkill's purpose is to terminate the offending / malicious processes. A more detailed explanation of what Rkill "does and doesn't do", can be found at the bottom of the Rkill download page.

You're also going to scan with Malwarebytes' Anti-Malware. The direct links for the installer and manual updater are listed below. To avoid any problems, rename the installer, prior to transferring it to your computer. Change it from mbam-setup.exe to susan.exe. Don't forget to update, after the transfer.

Malwarebytes' Installer
http://www.besttechie.net/tools/mbam-setup.exe

Manual Update link
http://data.mbamupdates.com/tools/mbam-rules.exe

I would also recommend scanning with SUPERAntiSpyware. SUPERAntiSpyware FREE Edition can be downloaded from here.

Please see the below removal guide, for further details.

Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide)

Best of luck..
Carol

- Collapse -
restore doesn't work, rkill doesn't work

thought I'd gotten rid of the trojan but it's back with a vengeance.

when I try to do system restore it says it can't restore to that date.

when I try to run rkill from a flash drive I just get an increased volume of the trojan screens

I tries renaming rkill to susan-rkill, same thing.

yikes I say, yikes!!!

help!!!

Pls note at the bottom of Carol's msg it refers to "Remove Win 7 Antispyware..." but this is an XP thread, not Windows 7... if that even matters at this point...

- Collapse -
I think it's time for antivirus boot CDs.
- Collapse -
If you read the guide it includes "XP Home Security 2012"

and quite a few other similar rogues.

- Collapse -
rkill, itself, contains a trojan???

FYI for those following along in this sad sad thread:

I tried various methods of downloading and/or renaming the rkill.exe as Carol suggests, putting it on a flash drive and either running it directly on my infected computer or copying it to the infected computer, in safe mode and in regular old XP. It either didn't run or just disappeared from the directory or both. Finally figured out that my McAfee realtime virus protection (!) was showing it as containing a trojan whose name starts with Artemis and then deleting it! Eventually I got it to run -- not sure, but I think I might have downloaded rkill directly from the internet but really I'm not sure what the heck I did.

Anyway, I'm back to where I can at least run malwarebytes again, which takes hours and hours...

Trojan disseminators are EVIL!!!

- Collapse -
Rkill does NOT contain a trojan..

Susan..

Where the author wrote, "Rkill - What it does and What it Doesn't - A brief introduction to the program" you will find the following:

'On a final note, when you download and run RKill, certain anti-virus programs may state that the program is a security risk. This is because some of the tools used by RKill can be used for good or bad, though the programs themselves are perfectly harmless, and most anti-virus programs just lump them into the bad category. I assure you we are using them only for good purposes.'

Hopefully, Malwarebytes' Anti-Malware will be able to help you clean this nasty rogue.

Best of luck..
Carol

- Collapse -
Try These Steps Instead
- Collapse -
System Restore won't run...
Carol, system restore does remove rogue software installations whether it was designed for that or not. Susan, Try to click on the system restore .exe again after the HS2012 popup comes up. I've had luck with that. If that doesn't work, try to run system restore in Safe Mode only, not Safe Mode with Networking. Good luck. If that doesn't work, try Carol's methods.
- Collapse -
System Restore won't run...

thanks so much, all of you --

I kept dinking around & eventually got System Restore to run. continued with the Malwarebytes part of the procedure, all is well now as far as I can tell ---

Susan

- Collapse -
Great info!!

THANK YOU!!! This information has totally worked for me! I searched high and low on the internet that could explain what to do in an easy way. Looks like it did it. Scanning my PC right now, as I write you from my laptop.

- Collapse -
thank you!

It was really really a very good relief to get rid of this virus! I tried a lot of ways, methods and even system restore. Not until I decided to look up some alternative solutions in a open forum then I found YOURS, Sir Francis Drake. My problem was I can't locate exactly the calendar dialogue box for options to choose for dates. Thank you very much sir!

- Collapse -
I'll Suggestion You Continue And Scan Some More

If you only did a system restore, there may be remnants of the malware on your computer and you will probably become re-infected.. Please click on the link below and follow the instructions completely.. (This particular remedy was mentioned in other responses in this thread. Apparently, you didn't see them.)

http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

Hope this helps.

Grif

- Collapse -
How To Remove XP Home Security 2010

zpxykm..

I would suggest following the below removal guide. Scroll down to where you see, "Automated Removal Instructions for Win 7 Antispyware 2012, Vista Antivirus 2012, and XP Security 2012 using Malwarebytes' Anti-Malware:" and continue on from there. Bypass any ads, you might see.

Take note of Step #2, where it states:

"It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive."

Otherwise, follow ALL the steps. The Rkill tool was designed to "kill" the offending process and allow you to scan with Malwarebytes' Anti-Malware. As noted at the end of Step #5, "Do not reboot your computer after running RKill as the malware programs will start again."


Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide)

If you run into any problems along the way, please post back and let us know.

Best of luck..
Carol

- Collapse -
(NT) Subject Correction: "How To Remove XP Home Security 2012"
- Collapse -
I have Malwarebytes on my infected computer
I cannot run Malwarebytes on my computer. Hourglass pops up briefly, then nothing. Soooo, I transferred a new copy via thumb drive. Cannot use it either--whether directly from flash drive or with newly transferred file. I did use the program to fix problem on son's laptop, but cannot use it on mine. Should I just blow up the thing?
- Collapse -
Did you rename Malwarebytes' Anti-Malware before transfer?

Jan..

If MBAM is already on your system, you can TRY renaming the MBAM.exe. It may (or may not) work. Rename it to something such as jan.exe. You'll find it in your Program Files folder. (C:\Programs Files\Malwarebytes' Anti-Malware\MBAM.exe) Run it from there.

Otherwise, try the below direct links for the installer and manual updater. Rename the installer//mbam-setup.exe, prior to transferring it to yours. Don't forget to update it, after the transfer.

Malwarebytes' Installer
http://www.besttechie.net/tools/mbam-setup.exe

Manual Update link
http://data.mbamupdates.com/tools/mbam-rules.exe

Did you first run the Rkill tool, as suggested in "Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide)"? If you had done so, it would have "killed" the malicious process and allowed MBAM to run.

Let us know how you make out..
Carol

- Collapse -
thanks for helping

Thanks for your help Carol! I ran rkill from a flash drive then downlaoded and ran Malewarebytes and everything disappeared. I do have a new problem. When I Google something and then try to go a website in Google I get redirected to another site. Is this related or a new problem? I have run Malewarebytes again but it is not detecting anything.

- Collapse -
Not Carol

but I suggest you run RKill again and follow the same procedures to the letter.

This time however, it would seem you can run RKill from the OS itself and not from a flash drive.

Follow the instructions in Carol's post and also, follow carefully the steps in the "Bleeping Computer" guidance link given by Carol, copied below;
http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

It is often the case that remnants can remain, and so running RKill again followed immediately by MBAM without rebooting, (restarting), the computer may be necessary.

When you've done that, also download the free version of SUPERAntiSpyware. Install it but watch the install process carefully to see if it offers to set a "Load at Startup" option, and refuse that.

RUN that SAS software to let it get updates, then exit the program, re-open it and run a full scan.

Hope that helps.

Mark

- Collapse -
Some additional things to try..

If what Mark suggested doesn't help, give the below a try. Some infections come bundled with a rootkit, which could be causing the Google redirects. It may (or may not) be your specific case.

Kaspersky's TDSSKiller - Instructions are listed below. (Additional instructions can be found here)
http://support.kaspersky.com/viruses/solutions?qid=208280684

Hitman Pro - It's free to use without a license. If a virus is found, you will receive a free 30-day license to remove the threat. Note: There are separate downloads for 32 and 64-bit versions of Windows 7.

http://www.surfright.nl/en/home/

Other considerations:

Check to make sure your LAN settings haven't been changed to use a Proxy Server:

Open Internet Explorer. Go to Tools>Internet Options>Connections Tab. Click on the "LAN Settings" button. If there is a check in the box "Use a proxy server for your LAN", uncheck it. Click "OK". Then "OK", again.

Open Firefox. Go to Tools>Options>Advanced. Click on the "Network" tab. To the right of where you see ""Configure how Firefox connects to the Internet", click on the "Settings" button. Put a tick mark next to "No proxy". Click "OK". Then "OK", again.

It may become necessary to reset your HOSTS file, or reset your router to its default configuration. For now, try the above scanners.

Best of luck..
Carol

- Collapse -
RE: some additional things to try

Thanks Carol! I have run rkill and malewarebytes again and both told me there were no threats. I then ran Super antispyware and it found 4 threats and 89 adware which i removed. I then rebooted downloaded and ran Kaspersky which found no threats. I opened Firefox (which I had set to no proxy), googled 2011 federal tax rates, clicked the link for savingtoinvest.com and it redirected to Yellowise.com. I tryed it again and this time went to Butterflysearchengine.com. Am I in danger of having personal information compromised or is this just a nuisance? I am really becoming frustrated.

- Collapse -
Got it!

I ran Kaspersky again. this time it found 11 threats. Quarantined them all. went to Google...same site, this time no redirect! Thanks so much to all for the help...much appreciated!!!!!!!!

- Collapse -
Nice work!

Good job in getting it clear finally.

It seems that scanning once or twice is not enough with this malware and we have to keep scanning over and over again; as we remove some, others manifest and so become visible to the scanners.

Mark

CNET Forums

Forum Info