XP Internet Security 2011 - How to remove?

 

XP Internet Security 2011 is another aggressively spreading rogue anti-spyware program. None of computer users that have been infected could detect XP Internet Security during its infiltration stage as application spreads via Trojans and doesn’t need authorization of computer user.

As soon as the program gets inside, it starts to scan your computer and reports about a bunch of different dangerous files supposedly existing on your system. They are recommended to be removed with a help of XP Internet Security 2011 program. All you need to do, according to the program, is purchase a full version of it. Another annoying thing is that your system is literarily bombarded with security notifications. Their interface reminds a lot of notifications by Windows Security Center. The messages report about critical threat detected, network attack, harmful viruses and similar things. Once again, the solution suggested for all these problems is purchasing a full version of XP Internet Security. Some of the notificaitons that may appear on the infected system:

XP Internet Security 2011 Firewall Alert
XP Internet Security 2011 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

Remember that XP Internet Security 2011 is malicious application. You are strongly recommended to remove XP Internet Security as soon as you notice its traces on your system. For the most efficient removal of rogue anti-spyware program you are recommended to use a reliable anti-spyware tool.

UPDATE!!! You can disable programs hailing from this huge family of malwares by entering this serial code: 1145-17884799-7733 or 1147-175591-6550 (the new one). After typing them, you should become able to use your anti-spyware, if it fails follow the guide written below.

XP Internet Security 2011 removal guide
To remove XP Internet Security 2011 you will need to download and burn into cd several programs on clean PC or Alternate OS scaner. Here instructions:
a) Burn these programs to CD or write them to USB disk (you can use an MP3 player):

  1. Spyware Doctor ( http://www.2-viruses.com/spdoc.exe )
  2. Registry fix : http://www.2-viruses.com/wp-content/uploads/exeregfix.reg to restore normal execution of registry
  3. You might want to download Hitman Pro or Malwarebytes as alternate scanners. Though you are likely to be able to download them later on.

b). Boot normally. Wait for XP Internet Security 2011 to launch, and run exeregfix.reg . This should allow launching legitimate programs
c) Delete or remove the files that are mentioned in our files box. Run http://www.2-viruses.com/downloads/spyhunter-i.exe (if you can’t download, STart->run and enter it in url box.
Note, that the last versions of XP Internet Security 2011 can install a rootkit, so it is nearly impossible to delete it manually.

 

Automatic XP Internet Security 2011 removal tools

 

Other tools

 
  0   0
    Spyhunter
  0   0
    Malwarebytes' Anti-Malware
 
  Download StopZilla for XP Internet Security 2011 detectionNote: StopZilla trial provides detection of parasite like XP Internet Security 2011 and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
 
 
 
* Support is performed by Callstream.
 
 

Manual XP Internet Security 2011 removal

 

Important Note: Although it is possible to manually remove XP Internet Security 2011, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using StopZilla or other tools found on 2-viruses.com.

Processes:
Files:
Registers:

It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other XP Internet Security 2011 infected files and get help in XP Internet Security 2011 removal by using StopZilla scanner. 

 

XP Internet Security 2011 screenshots

 
xp-internet-security-2011
 
 
 
 
 
 
 
 
 

10 thoughts on “XP Internet Security 2011

  1. Cheda
     

    OK for the dutch people out there this is what i did to remove him 100%

    English translation :

    Run task manager ( ctrl shift esc ).
    find XXX.exe.
    kill it run IE or Firefox.

    if XXX.exe starts again register your self with the next keys : 1145-17884799-7733 or 1147-175591-6550.

    Now the fun part starts:

    I found out that all of my executables werent working anymore and
    Explorer -> FIle types didnt had .exe in it this what i did.

    in CMD create a test.bat file like this :

    Notepad Test.bat
    type in the next commands:
    regedit.
    explorer.

    save File.

    in Cmd got to the path of test.bat and run it you will now see regedit and
    explorer up and running.

    First of all we have to locate were the XXX.exe file is.
    Got to regedit Ctrl+f key and look for XXX.exe.
    One of the reg keys shows you the location of the XXX.exe file.

    Copy paste the location.

    got to cmd and go to that location you type in:
    cd “path\to\executable”
    attrib -SH XXX.exe
    del XXX.exe.

    ( if its executed again then kill it first in taskmanager ).

    Now in Regedit Delete every key you find with XXX.exe.
    There now its almost done he XP internet security is almost gone.

    now you go to explorer and go to C:
    Press ctrl + F and look for all documents including system documents
    with the name “XXX.exe”

    At my experience i found a filename “XXX.exe-XXX” In c:\windows\prefetch\

    I deleted all XXX.exe.*** found with the search query.

    NOW YOUR RID OFF THE MALWARE.

    Now lets get executables fixed.

    Pretty easy tho.

    Go to http://www.haafje.nl/fix.zip
    open the zip file
    extract the files.

    got to cmd :
    cd \path\to\fix\

    Run fix.cmd

    VOILA

    Your system is ok now.

    Now what you have to do :

    get spywaredocter.
    update the definition files.
    run fullll system check.

    remove all entries.

    DONE…

    Cheers ,

    Cheda.

     
  2. vaayu
     

    Dude..you are a genious…it worked for me..

     
  3. Cheda
     

    @vaayu
    ^^ yw if you ment me )

     
  4. CCS
     

    Malwarebytes’ Anti-Malware 1.50.1.1100
    http://www.malwarebytes.org

    Database version: 6342

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/12/2011 11:43:47 AM
    mbam-log-2011-04-12 (11-43-47).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 188440
    Time elapsed: 51 minute(s), 39 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 6
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    c:\documents and settings\administrator\local settings\application data\ujv.exe (Trojan.Agent) -> 220 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: (“C:\Documents and Settings\Administrator\Local Settings\Application Data\ujv.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”) Good: (firefox.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: (“C:\Documents and Settings\Administrator\Local Settings\Application Data\ujv.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: (“C:\Documents and Settings\Administrator\Local Settings\Application Data\ujv.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”) Good: (iexplore.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\administrator\local settings\application data\ujv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\application data\Sun\Java\deployment\cache\6.0\39\56d17327-31c9b130 (Trojan.Agent) -> Quarantined and deleted successfully.

     
  5. Ansar
     

    i found uxt.exe rather than xxx.exe
    so it can be any unknown process. you can find the exe file at
    c:\documents & settings\user\application data (change user with your windows login)
    delete it
    search the entries of same in registry and delete also
    make sure it will find an entry with internet explorer shell command. open that registry value and delete it path of this file. don’t delete path of iternet explorer with double quotes (“)

     
  6. KSilerJr
     

    @Cheda
    Thanks your zip file was just what I needed. I was able to clean the drive but could not get the EXE’s to run again. Tried the other REG files but they didn’t help. Your zip file worked great. Doing a full scan of the system again just to make sure this gone. Second system in a week to get this hit with this one.

     
  7. Edzuarez
     

    Million thanks Cheda!!!! Your zip really help. you’re genius indeed

     
  8. Fabss
     

    @Cheda
    THANK YOU!! I’ve been trying to solve this all day and yours was the only good advice!

    tho instead of
    attrib -SH xxx.exe
    I had to use:
    attrib -S -H xxx.exe
    otherwise it would not work

    also when i searched in explorer for any files named xxx.exe (in my case vub.exe) I didn’t find any… but I’m pretty sure that the malware is no longer there.

    thanks again

     
  9. Gazelle
     

    Hello, I unfortunately just became a victim but I am not a “tech-y” at all so should I not attempt to fix this myself?

     
  10. Outkast
     

    Thanks Cheda…your instructions worked like a charm!!

     

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>