XP Security 2012

From Wiki-Security, the free encyclopedia of computer security

XP Security 2012 Information
Type: Spyware
Analysis: Installs & gathers info from a PC without user permission.
Infection: By downloading freeware & shareware.
Symptoms: Changes PC settings, excessive popups & slow PC performance.
Detection Tool: >>> Download SpyHunter's Spyware Scanner <<<

SpyHunter's spyware scanner is intended to quickly scan and identify spyware on your PC. If you wish to eliminate spyware from your PC and prevent future spyware attacks, we recommend you buy SpyHunter's spyware removal tool, which includes full technical support and a Spyware HelpDesk to tackle spyware that is uniquely affecting your PC.
IE Alert:

If you are using Internet Explorer and can not download SpyHunter, please use a different browser like Firefox or Chrome.

While its name clearly attempts to infer that XP Security 2012 is an authentic computer security application, Wiki-security.com malware researchers have reported that this particular program is a criminally-derived rogue anti-spyware application. As a rogue anti-spyware application, XP Security 2012 is a very dangerous, malware based computer security threat, which was designed by cyber crooks to scam targeted computer users by posing as real computer security software. Unlike other malware-laced security threats - like Trojans and worms - rogue anti-spyware programs possess a tangible presence on the machines that they infect and as such, XP Security 2012 can be surmised as a bogus computer security tool that only pretends to be a real security program, so it can scam and rob its victims.

Also seen as Windows XP Security 2012, this particular rogue anti-spyware application is a member of the FakeScanti family of malware products, that is responsible for the long line of 2012 name-changing rogue anti-spyware programs, which are capable of altering their applications' names to correspond with the particular Windows OS operating that's being used on individual infected machines. This means that XP Security 2012 can also appear as Vista Security 2012 and Win 7 Security 2012.

How the XP Security 2012 Scam Works

What's more, XP Security 2012 was cleverly designed to utilize its deceptive appearance to frighten targeted users into thoroughly believing that their machines are severely infected with a variety of PC infections. For this reason, XP Security 2012 has been diagnosed as a malicious scareware campaign that seeks to run fake security scans on infected systems. The entire purpose for running its bogus scans is to allow XP Security 2012 to conclude them with equally phony, fabricated threat detection reports. Analysis of this rogue anti-spyware application clearly reveals that XP Security 2012 attempts to manipulate users into believing that their machines are rife with a list of fear-inducing security threats; to what end?

By appearing on infected machines as the kind of security tool that belongs there, XP Security 2012 attempts to trick users into buying into the nonsense that this rogue anti-spyware application spews at them via its scareware campaign. XP Security 2012 actively seeks to convince users that XP Security 2012 is a legitimate security application and that their machines are seriously infected in order to convince them to purchase the registered version of its bogus antispyware program. In other words, XP Security 2012's ultimate payload is to trick users into willingly shoveling out their hard earned cash for an entirely useless application.

XP Security 2012 Phony Security Alerts

Additionally, the XP Security 2012 scareware scam is comprised not only of fake security scans and bogus threat detections, but is also known to utilize a variety of fake pop-up security alerts. XP Security 2012's pop-up security alerts are fundamentally designed to enforce the false statements sold by this rogue anti-spyware application's fake scans and threat detections.
For you to be aware of the types of messages fabricated and displayed by XP Security 2012, Wiki-security.com malware researchers have provided the following examples of the kinds of pop-up security alerts that this rogue anti-spyware application is known to generate on compromised computer systems:

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

Malware Intrusion
Sensitive areas of your system were found to be under attack. Spy software attack or virus infection possible. Prevent further damage or your private data will get stolen. Run an anti-spyware scan now. Click here to start.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

Keep in mind that, while this bogus security software is attempting to convince you that your machine is rife with all kinds of security threats, this rogue anti-spyware application itself, is a threat that is more than capable of launching a malevolent malware attack against your system and allowing numerous other pests to breach your machine's compromised defenses.

To check your computer for XP Security 2012, download SpyHunter Spyware Detection Tool.

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting XP Security 2012 and other threats. If you detect the presence of XP Security 2012 on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of XP Security 2012.


Detection of XP Security 2012 (Recommended)

XP Security 2012 is difficult to detect and remove. XP Security 2012 is not likely to be removed through a convenient "uninstall" feature. XP Security 2012, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove XP Security 2012 and other spyware, adware, trojans and viruses on your computer.

Run a XP Security 2012 scan/check to successfully detect all XP Security 2012 files with the SpyHunter Spyware Detection Tool. If you wish to remove XP Security 2012, you can either purchase the SpyHunter spyware removal tool to remove XP Security 2012 or follow the XP Security 2012 manual removal method provided in the "Remedies and Prevention" section.

Method of Infection

There are many ways your computer could get infected with XP Security 2012. XP Security 2012 can come bundled with shareware or other downloadable software.

Another method of distributing XP Security 2012 involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing XP Security 2012 on your system. XP Security 2012 installs on your computer through a trojan and may infect your system without your knowledge or consent.

If you think you may already be infected with XP Security 2012, use this SpyHunter Spyware dectection tool to detect XP Security 2012 and other common Spyware infections. After detection of XP Security 2012, the next advised step is to remove XP Security 2012 with the purchase of the SpyHunter Spyware removal tool.


XP Security 2012 may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of XP Security 2012 from your computer.

Remedies and Prevention

XP Security 2012, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. XP Security 2012 along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.

Install a good anti-spyware software

When there's a large number of traces of Spyware, for example XP Security 2012, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect XP Security 2012 and other types of spyware.

Remove XP Security 2012 manually

Another method to remove XP Security 2012 is to manually delete XP Security 2012 files in your system. Detect and remove the following XP Security 2012 files:


  • %AppData%\Local\[random].exe

Other Files

  • %AllUsersProfile%\[random]
  • %AppData%\Local\[random]
  • %AppData%\Roaming\Microsoft\Windows\Templates\[random]
  • %Temp%\[random]

Registry Keys

  • HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
  • HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
  • HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1? = '"%UserProfile%\Local Settings\Application Data\[random].exe" /START "%1? %*'
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1? %*'
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1? %*'
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1? %*'
  • HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
  • HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
  • HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1?
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random].exe" /START "%1? %*'
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1? %*'
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1? %*'
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1? %*'
  • HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random].exe" /START "%1? %*'
  • HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random].exe" /START "%1? %*'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"

External links

PC Infected

If your computer is running slow, or making excessive popups, you may be infected with Spyware.

Click here to Download SpyHunter's Spyware detection tool.Click here

Disclaimer Information
This website, its content or any portion of this website is NOT affiliated with, connected to, or sponsored by XP Security 2012 or its creators in any way. This website does not advocate the actions or behavior of XP Security 2012 and its creators. Our objective is to provide Internet users with the know-how to detect and remove XP Security 2012 and other Internet threats.

The readers of this article should not mistake, confuse or associate this article to be an advertisement or a promotion of XP Security 2012 in any way. The content provided on this website is intended for educational or informational purposes and is provided "AS IS" with no warranties, and confers no rights.