Remove XP Home Security 2011 Virus
This virus looks like a real antivirus program, namely Total XP Security. It blocks all or many of your antivirus and internet applications from running properly, or running at all. Before you begin, understand, I AM NOT an expert, especially when it comes to the REGISTRY KEYS. Be very careful when making any edits in the registry as this will mess up your computer. If you do not feel comfortable performing the Registry edits below, PLEASE seek an expert!
- To get rid of this virus, restart your computer.
- Hold down the F8 key
- Choose Safe Mode with Networking
- Choose your operating system
- When your computer loads, press Ctrl, Alt, Delete to open your Task Manager
- Click on the Processes Tab
NOTE: Keep an eye on this list. If the rogue program has not launched yet, chances are, it will soon. If it has launched, and a window or windows have opened, close them. They will reopen, but when they do, watch your processes. This will help you identify the virus (.exe file).
Some names it could show up as:
- Try to launch your antivirus program, like Malwarebytes…this should call up the virus program to launch instead.
- When you see the new .exe file show up in the Task Manager Processes, select it and write down the name.
- Choose END PROCESS
- If you have your Folder Options set to view hidden files, go to the next step. If you’re not sure…go to START > CONTROL PANEL > FOLDER OPTIONS > VIEW tab > under HIDDEN FILES AND FOLDER select SHOW HIDDEN FILES AND FOLDERS > click APPLY > close the window
- Open MY COMPUTER
- double-click drive C:/
- double-click DOCUMENTS AND SETTINGS
- double-click on your folder (whatever your username for the computer is)
- double-click LOCAL SETTINGS
- double-click APPLICATION DATA
- delete the rogue .exe file in this location; if it’s not in this location, chances are, you may have deleted it if you were able to run a virus scan previously. This happened to me. However, you are NOT finished. Check all other user (username) files by repeating steps 11-17. Once all of these locations have been checked, proceed.
- Select START
- Select RUN
- Type: regedit
- Select EDIT
- Choose FIND
- Type in the name of the rogue file without the .exe
- If you see 2 files in this area, you should only see 1. The correct file says (Default) under the Name heading. Delete the other file.
- If you see your rogue virus name under the Data heading for your (Default) file:
[system information]rogue-virus-name.exe %1
[system information]rogue-virus-name.exe “%1″%*
- then double-click on the (Default) file name > in the Value Date field and delete the rogue-virus-name.exe ONLY; “%1” %* or %1 must stay!
- The Value Date field for the following Registry Keys should also be checked:
- Repeat steps 24 and 25 if the rogue virus name is present
NOTE!!!!! If you find another .exe file, like I did, in one of these registries, open another internet browser window, type the full name into a search engine to see what comes up. If you start finding information links about removing the .exe file because it’s maleware, a virus, etc., chances are, it’s a virus. Delete it. Otherwise, leave it alone.
- Run a full Virus Scan using a antivirus program like Malwarebytes, STOPzilla, etc. This may take several hours.
- Remove any viruses the software finds.
- IF you have CCleaner, a freeware program, RUN CLEANER; then SCAN REGISTRY and fix any issues.
- RESTART under normal mode.