Home Malware Programs Rogue Anti-Spyware Programs XP Total Security 2011

XP Total Security 2011

Posted: February 19, 2011

As another member of an expansive group of rogue security products, XP Total Security 2011 uses false positive infection errors and browser redirection strategies to get you to waste money on registering it. XP Total Security 2011 is completely lacking in worth as a security product and actually poses a significant danger to any system subjected to its presence. Be aware of potential infection routes for this rogue security product, and be ready to delete XP Total Security 2011 the very instant it raises its ugly head on your computer.

XP Total Security 2011's Infection Methodology

XP Total Security 2011 uses a constantly shifting variation on its name and basic external appearance, attempting to look like a new program to different computers. Over a dozen different subtypes of this rogue scanner have been identified, most noticeably with name differences based on the system being infected. For example, if your computer runs Windows 7, you can expect XP Total Security 2011 to morph into Win 7 Total Security 2011 to infect you. The year in the title is also optional and may or may not occur in any given individual infection.

XP Total Security 2011 and its many cousins are spread through malicious websites, through trojans and even through legitimate but unguarded file-sharing sites. You should avoid downloads without verified trustworthiness is your best defense, along with keeping actual security scanners active and your browser settings tight.

What Happens When XP Total Security 2011 Gets In

Any computer unfortunate enough to get stuck with XP Total Security 2011 will find itself under attack from multiple directions:

  • XP Total Security 2011 will use a proxy server to hijack your browser. This can alter search results or even block you from visiting websites by displaying erroneous danger alert messages. Websites you're redirected to are practically guaranteed to install more malware or simply to exist with the intent of stealing your credit card information.
  • XP Total Security 2011 will also prevent security software and other critical maintenance processes from running. The error message it uses as a cover for this may resemble the following, but isn't limited to it:

    XP Total Security 2011 Firewall Alert
    XP Total Security 2011 has blocked a program from accessing the internet
    Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
    Private data can be stolen by third parties, including credit card details and passwords.

  • False alerts are the defining attribute of XP Total Security 2011, and will pop up even if XP Total Security 2011 is the only infection actually on your computer. These fake errors are designed to be highly alarming, with threats of spyware, keyloggers, viruses and severe system problems. XP Total Security 2011 isn't actually able to detect infections, and all files it points to with such alarm are quite harmless.
Dealing with XP Total Security 2011 the Only Way You Can

Besides all its many threatening tactics, XP Total Security 2011 is also known to be difficult to delete, and may persist even after an anti-malware scan in Safe Mode. Nonetheless, removing XP Total Security 2011 is your only serious option for regaining unhindered use of your system. If other tactics have failed, try entering the code '1147-175591-6550', which may cause XP Total Security 2011 to tone down some of its attacks.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
    2 %AppData%\Local\[3 RANDOM LETTERS].exe
    3 %AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
    4 %AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
    5 %AppData%\t3e0ilfioi3684m2nt3ps2b6lru
    6 %Temp%\t3e0ilfioi3684m2nt3ps2b6lru
    7 %UserProfile%\AppData\Local\MSASCui.exe
    8 %UserProfile%\AppData\Local\opRSK
    9 %UserProfile%\AppData\Local\pw.exe
    10 %UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe
    11 %UserProfile%\Local Settings\Application Data\MSASCui.exe
    12 %UserProfile%\Local Settings\Application Data\opRSK
    13 %UserProfile%\Local Settings\Application Data\pw.exe
    14 %UserProfile%\Templates\t3e0ilfioi3684m2nt3ps2b6lru

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'

2 Comments

  • john says:
    March 28, 2011 at 3:55 pm

    "gpe.exe"
    i deleted all regs and file manualy

    thanks

  • Tom Vedder says:
    April 11, 2011 at 10:26 pm

    xp Total security 2011 wont let me install any windows updates, security, malware, spyware or your program either. it was tough getting on the web period, trying to open Mozilla Fire fox was not a option, nor was internet explorer, you need to track them down & remove any possible future birthdays for them

Loading...