Saturday, 24 December 2011

Removing XP Security 2012

(Update: Although what I posted below was the method I used to resolve this issue, I have found a link to Norton/Symantec offering a free tool to remove this program. You may like to try that first. Note that if you enter Windows Task Manager, you may find the XP Security program running as wdt.exe, which I found I could safely stop. The trouble is, it will reload when you try to get online. You need to close all the 'fake' windows to get past it and browse the internet. Good luck!)

There aren't many people who deserve to be hung up by their goolies, but the devisers of XP Security 2012 certainly come into that category.

Somehow my wife managed to install their scam software on her half of the desktop PC this morning and it has taken me an hour plus to remove it. In a moment, I'll tell you how (as usual the time went in finding the solution, not applying it).

For those of you unfamiliar with the product, XP Security 2012 flashes up a series of fake 'security alerts' on your screen. These, however, look incredibly like the 'real thing' from Microsoft - so much so that, despite being a long-term PC user, and innately suspicious, even I was nearly fooled.

The programme will tell you that your firewall and automatic updates are turned off (which they were, but I suspect the programme had done that itself.) It even runs a fake 'scan' of your computer in front of your eyes, telling you that all sorts of worms, viruses and trojans are installed.

If you will only register and buy the full version, XP Security 2012 will get rid of them for you.

The trouble is, the whole thing is a fake, a scam, a con-trick, and undoubtedly illegal, given that the software adjusts the settings on your computer to do things you don't want it to do - so that, for example, every internet-using programme you try to open is blocked. Moreover, I suspect that some of the advertised removal systems may just be trying to take advantage of the problem.

(Incidentally, if you run Windows Task Manager [ctrl] [alt] [del] I think you'll find the offending .exe file running as Wdt.exe. Closing it gets rid of the problem temporarily, but it will keep 'reactivating', for example if you open a browser.)
So what to do? In my case I simply used a registry restoration point. Click [Help], search for 'system restore' then selext [Run the System Restore Wizard] and let the wizard do the rest. I went back two days to be on the safe side. You could try [Run System Restore in safe mode] as an alternative. You should be able to undo this if it doesn't work, and please be aware as always I'm not guaranteeing the safety or security of this - it just worked for me is all.

However, I then used 'Iolo System Mechanic', which I have on my machine, to 'repair' the registry and to delete all cached internet files and temporary windows files in the hope this might have got rid of the problem files which must have been downloaded somewhere.

I had to reboot the system a couple of times to get everything back to as near normal as possible, but it all seems OK now.

If anyone else has found this approach works, or if they know any undetected hazards, please post a comment.

Please give a full name and location when posting. Comments without this information may be deleted. Recommend:

6 comments:

  1. I don't want to gloat But...
    "You should of gone to Apple"

    Richard Wood
    Apple User - Leytonstone.

    ReplyDelete
  2. Thank you Richard! (Who for the trolls out there is an old mate of mine and has made this suggestion before.) One day, all Apples will self-destruct, as evil genius Steve Jobs programmed them to do before he died. (That, at least, is what I keep telling myself.)

    ReplyDelete
  3. Check out this link:
    "http://www.bleepingcomputer.com/virus-removal/remove-xp-home-security-2012"

    It will give you step by step instructions on how to remove this virus.

    Jeff Kemnitz
    Desktop Technician

    ReplyDelete
  4. Hello John,

    Great post. I have blogspot blog too. I write mostly about rogue security programs, adware, spyware and other malware. It would be great if you could add link to my XP Security 2012 (alias Fake.Rean) removal guide:

    http://deletemalware.blogspot.com/2011/06/remove-xp-antispyware-2012-xp-internet.html

    Thanks!

    Michael Kaur

    ReplyDelete
  5. Thanks for your nice post. Feel curiosity to visit Home security systems

    ReplyDelete