Tuesday, May 31, 2011

Removing the Windows XP Security 2011 malware

[ed.  My computer got infected by this very annoying and persistent piece of malware yesterday.  Initially, a Windows Security screen pops up telling you that you've been infected by 32 different viruses, then it proceeds to scan and list them before asking you to click a button to remove them or purchase a professional removal program.  Numerous other pop up warning screens occur after that.  I was dubious so I tried getting rid of the infections using Malwarebytes.  Here's the thing: this malware blocks not only access to the internet but all executable files, so programs won't load.  Fortunately, for some reason, it didn't affect Spybot Search and Destroy, so I removed what I could with that program (about nine files), got Malwarebytes running, and took care of the rest (another three files).  Rebooted clean.  Here's another approach:]


XP Home Security 2011 is a misleading security application that commonly spread by means of a Trojan that can penetrate the computer without being detected by anti-virus application. XP Home Security 2011 virus will be installed remotely when a prompt displayed by the Trojan is executed. Normally users may get infected when a malicious web site is visited. If installed on the computer, this rogue program will provide virus scan results that tells users to obtain the licensed version to be able to remove detected threats. In fact, there will be a dozens of threats detected. These threats do not really exists on the system and are just a fabrication of XP Home Security 2011 to deceive its victims. On some machines, this can be installed as Vista Home Security 2011 or Win7  Home Security 2011, defending on victim’s operating system.

To be able to remove all the irregularities brought on the PC, users must remove XP Home Security 2011. As mentioned, this is just a rogue program pretending to be a useful application to scam money from computer users. It can be remove by a legitimate anti-malware application included on this page. It is also advise to protect the computer with a legitimate and full version of anti-malware program to prevent any attacks coming from rogue programs like XP Home Security 2011.
Alias: Vista Home Security 2011, Win7  Home Security 2011


Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

XP Home Security 2011 Removal Procedures

Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “XP Home Security 2011″. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe
2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to XP Home Security 2011 Virus.
4. Registry entries created by XP Home Security 2011 must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of XP Home Security 2011 start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe
7. Click Apply and restart the computer.

XP Home Security 2011 Removal Tool:

In order to completely remove the threat from a computer, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected computer.

Using Portable SuperAntiSpyware:

To thoroughly clean a computer, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Download and run SuperAntiSpyware Portable Scanner.

Technical Details and Additional Information:

Malicious Files Added by XP Home Security 2011:
c:\[random].exe
c:\Program Files\XP Home Security 2011
c:\Program Files\XP Home Security 2011\HS2011.exe
c:\WINDOWS\system32\[random].exe
c:\WINDOWS\system32\winhelper86.dll
c:\WINDOWS\system32\winlogon86.exe
c:\WINDOWS\system32\winupdate86.exe
XP Home Security 2011 Registry Entries:
Vista Security 2011 Registry Entries:
HKEY_CURRENT_USER\Software\HS2011
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “XP Home Security 2011″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “winupdate86.exe”

via: