Home Malware Programs Rogue Anti-Spyware Programs XP Total Security 2012

XP Total Security 2012

Posted: June 9, 2011

XP Total Security 2012 is a rogue anti-virus scanner that pretends to find infections on your PC, to persuade you to purchase a worthless registration key. All XP Total Security 2012 alerts and warnings, including its system scan results, are faked, and don't indicate that these infections are really on your computer. XP Total Security 2012 may also pose as a direct threat to your security by exerting control over your web browser with hijack attacks, and preventing other programs from working properly. You should use a genuine anti-virus scanner to detect and remove XP Total Security 2012 to insure your computer's safety.

XP Total Security 2012 – Not as XP-Specific as It Would Like You to Think

The name and basic interface for XP Total Security 2012 makes it look like an individual and specific security program for Windows XP, but XP Total Security 2012 is really a copy of other rogue security programs. Some other members of the same family of threats include Win 7 Security 2012, Live Security Platinum, Vista Security 2012, XP Anti-Spyware 2012, XP Internet Security 2012 and Vista Anti-Spyware 2012.

XP Total Security 2012 can fake system scans, but makes no effort to scan any aspect of your computer for infections and other threats. Scanning results will always tell you that XP Total Security 2012 has found infections on your computer, even if XP Total Security 2012 is the only malicious software that's present!

As is often the case with rogue security programs, XP Total Security 2012 also has a large hand of fake pop-up alerts to deal out. All of these pop-ups will inaccurately indicate that serious threats are on your PC for the sake of making you purchase a useless XP Total Security 2012 registration key to remove them:

System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.

System warning!
Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.

Security Alert!
Your computer is being attacked from a remote machine!
Block Internet access to your computer to prevent system infection.

Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)

How XP Total Security 2012 Ravages Your PC Security a Year Ahead of Schedule

Despite XP Total Security 2012's attempts to lull you into trusting it, XP Total Security 2012's only working functions are ones directed towards dismantling your computer's safety features. Standard XP Total Security 2012 attacks include:

  • Corrupting the Registry to let XP Total Security 2012 run with Windows. XP Total Security 2012 won't let you disable this 'feature', and may even remain active as a hidden memory process if you try to close it. This lets XP Total Security 2012 take up system resources constantly, while it engages in the even more harmful behavior seen further down in the list.
  • While active, XP Total Security 2012 may block any number of different programs from working, with a particular emphasis on security programs. Task Manager, MSConfig, the Registry Editor and popular anti-malware scanners can all be targeted by XP Total Security 2012. These crashes may also make use of fake errors to make you think that XP Total Security 2012 isn't the reason why these programs aren't working.
  • Most dangerously, XP Total Security 2012 can also hijack your web browser and redirect it to harmful websites. Hijacks may be as mild as changing your homepage, or as severe as directly blocking your ability to load normal websites. XP Total Security 2012 hijacks may also include pop-ups or fake website safety warnings.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AllUsersProfile%XP Total Security 2012
    2 %UserProfile%\Desktop\XP Total Security 2012.lnk
    3 %UserProfile%\Start Menu\Programs\XP Total Security 2012.lnk

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1"HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" – '"%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%Program Files%\Internet Explorer\iexplore.exe"'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe" /START "%1" %*'

Additional Information on XP Total Security 2012

  • The following messages's were detected:
    # Message
    1 Critical Warning!
    Critical System Warning! Your system is probably infected with a version of Trojan-Spy.HTML.Visafraud. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)
    2 Security Alert!
    Your computer is being attacked from a remote machine!
    Block Internet access to your computer to prevent system infection.
    3 System warning!
    Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.
    4 System warning!
    Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.

2 Comments

  • Hannelore Pons says:

    I'd love to try Alfred's method, but the right click on my laptop is busted.

  • Sinan says:

    Joe, that file was searched for but not found. What was found of inrsetet, however, was in the security event log, the IP 178.178.19.91 is where the attack was coming from and it was always using the local admin account. Not sure how they learned this password as nobody ever logs into this server as local admin. A couple of techs are still digging for more clues. One thinks he may have successfully cleaned it. I'm still waiting to hear for sure, and if so, how.

Loading...