XP Internet Security 2011
XP Internet Security 2011 is a chameleon of a rogue security program that not only changes its name to one of dozens of different permutations, but also pretends to find infections and other problems on your PC. These fake alerts and scanning results are used as leverage to get unsuspecting PC users to purchase XP Internet Security 2011's registration key. Along with its fake information, XP Internet Security 2011 will also hijack your web browser and disable applications related to computer security. If you place any value whatsoever on your computer's safety, you should delete XP Internet Security 2011 by using a well-known and fully-updated anti-malware scanner.
Portents of XP Internet Security 2011 Infestation
XP Internet Security 2011 is known for infecting computers through Trojans and browser security holes that allow XP Internet Security 2011 to hop aboard without asking for your permission first. It will not be difficult to spot XP Internet Security 2011, since XP Internet Security 2011 will openly display itself during each system startup, offering fake system scans alongside pop-up warnings like the ones you can see below:
“Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue security software. Eliminate the infection safely, perform a security scan and deletion now.”
“Privacy Threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.”
“XP Internet Security 2011 Firewall Alert!
XP Internet Security 2011 has blocked a program from accessing the Internet.
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen. Private data can be stolen by third parties, including credit card details and passwords.”
“Windows Security Center
XP Internet Security 2011 reports that it is currently turned off. A firewall helps to protect your computer from potentially harmful content on the Internet. Click Recommendations to learn how to fix this problem.”
System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.
Security breach!
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for an anti-spyware scan.
XP Internet Security 2011 has no ability to detect real viruses or other threats to your computer; these messages are only presented to make you want to buy the registered version of XP Internet Security 2011. However, you definitely will not want to waste your money on XP Internet Security 2011 once you hear what else XP Internet Security 2011 can do!
Fighting Fake Security with the Real Thing
Other problems resulting from infection by XP Internet Security 2011 can be less forgiving, as you can see from the below list:
- XP Internet Security 2011 may stop applications from running, especially in the case of programs related to anti-virus security or general system maintenance. If you experience crashes in vital system programs, then the chances are high that XP Internet Security 2011 is the culprit.
- You may experience problems with your web browser such as strange errors blocking off fake websites or being redirected towards dangerous sites. Keep in mind that avoiding any real interaction with a website affiliated with XP Internet Security 2011 may not be enough to protect your PC from drive-by downloads and other exploits.
- XP Internet Security 2011 may change its name to avoid detection. The XP Internet Security 2011 family is best known for changing the 'XP' portion of the name to another operating system, and the name may also contain or lack the '2011' tag at the end. Some examples include Vista Internet Security 2011, Win 7 Internet Security 2011, XP Internet Security, Vista Internet Security and Win 7 Internet Security. However, many other names are also possible.
To delete XP Internet Security 2011, you'll need to begin by switching to Safe Mode or an equivalently secure operating mode. This stops XP Internet Security 2011 from launching during startup and causing all of the problems listed above.
Once you've done that, finishing off XP Internet Security 2011 is relatively simple, provided you have a good anti-malware product. With complete updates, any high-quality anti-virus scanner can detect and remove XP Internet Security 2011, along with related threats like Trojans and malicious browser helper objects.
Additional Information on XP Internet Security 2011
- The following messages's were detected:
# Message 1 System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here.System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
I have gone through all your recommended actions to remove this rogue program but none work. e.g. there is no sign of the XP Internet Security 2011 files anywhere in Task Manager or in file search, but the program still keeps coming back. Help please
I have been through the same excersize as Patrick with the same results. Can anyone make anymore reccomendations? Thanks
I have gotten the same recults as Patrick and Robert, someone please help us? Thank you.
I found something else. The malware / spyware does change names but here is one way you can pick it up. If you get to the windows task manager, select the application XP internet security that is running, then select "go to process" and it brings you to the selected process that is running. In my case it was something called "fty.exe" which I then halted. I have not dug through and found anything else yet on steps 2 and 3
Adding to Don's comment above, it seems that XPIS2011 randomly generates the name of its executable. Mine was called KRN.EXE. I found it hiding in
C:\Documents and Settings\Administrator\Local Settings\Application Data\
Once I ended the process, I searched my registry for "krn.exe" and it found a few instances of this string preceding the shell command for FIREFOX.EXE:
"C:\Documents and Settings\Administrator\Local Settings\Application Data\krn.exe" -a
After deleting these strings from the registry keys (Don't delete the whole key, just this much. Leave everything after the "-a" alone.) and deleting krn.exe, my system seems to be working fine again.
Your mileage may vary, and if registry-diving scares you, take the pc to a professional.
Per Don, I also found the exe file through task manager. It was named Kqb.exe. I was able to stop the process long enough to bring up regedit. Did the search. One key did not let me modify it but was able to find mulitiple instances embedded in the root. I have removed all those and am in the process of rebooting to see if I can go back in after the other bad keys.
i stumbled across a fix.
i could not get into safe mode and all other attempts failed, continued to get the various rogue messages. system prevented most everything from executing.
I booted normal and got a task manager list noticed xp internet security 2012 executing and killed it. next i ran mcafee which ended up removing the infested internet explorer.
I had another icon pointer to another version of explorer which worked and had no rogue. (this tells me the rogue is infestating IE.
I than put on malwarebytes which found 5 issues and removed them.
I booted and so far no rogue messages
some things to get on another pc and place on the infected pc.
malwarebytes install package
IE 7/8 install package or another pointer