Home Malware Programs Rogue Anti-Spyware Programs XP Anti-Virus 2011

XP Anti-Virus 2011

Posted: February 19, 2011

Threat Metric

Threat Level: 10/10
Infected PCs: 9
First Seen: February 19, 2011
Last Seen: January 8, 2020
OS(es) Affected: Windows

ScreenshotXP Anti-Virus 2011 is a rogue anti-virus product from tyhe FakeRean family that alters its name slightly to suit each operating system, as well as adding a few more randomized touches to make it less recognizable. The XP Anti-Virus 2011 rogue scanner will detect clean files as infections, use error messages to block websites and hijack your browser, alter your registry arbitrarily and interfere with the running of programs such as legitimate anti-malware scanners. Consider this rogue scanner a high threat, since deleting XP Anti-Virus 2011 is mandatory if you want your computer to work like normally ever again!

XP Anti-Virus 2011's Many Aliases

Since XP Anti-Virus 2011 changes its outer appearance and name a little with every installation, it can be harder to identify this rogue anti-virus product than most. Here are the known names of XP Anti-Virus 2011 clones: Antivirus 2008 Pro, Antivirus XP 2008, Windows Antivirus 2008, Vista Antivirus 2008, PC Clean Pro, Antivirus Pro 2009, Rogue.Vista Antivirus 2008, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, CleanThis, XP Security 2012, XP Home Security 2012 and AntiVirus PRO 2015.

All of these may or may not be randomized to have the '2011' year tag included at the end of their names, just to add one more layer to the deception! If you're running a different operating system, you can also expect XP Anti-Virus 2011 to change its name to a more appropriate one, such as 'Win 7 Anti-Virus 2011.'

The Many Errors Behind the Many Brand Names

Ultimately, XP Anti-Virus 2011's name is of little import, since the underlying behavior remains exactly the same. You can find it as a randomly-named, three-character .exe file that runs automatically whenever you start another program due to registry alterations XP Anti-Virus 2011 slips in without your permission.

This registry-fiddling has other consequences as well, including being forced to endure XP Anti-Virus 2011 interfering with your browsing sessions in Firefox and Internet Explorer. XP Anti-Virus 2011 will shut down websites with the following inaccurate error message:

Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
- Dangerous code found in this site's pages which installed unwanted software into your system.
- Suspicious and potentially unsafe network activity detected.
- Spyware infections in your system
- Complaints from other users about this site.
- Port and system scans performed by the site being visited.

Things you can do:
- Get a copy of XP Anti-Virus 2011 to safeguard your PC while surfing the web (RECOMMENDED)
- Run a spyware, virus and malware scan
- Continue surfing without any security measures (DANGEROUS)

XP Anti-Virus 2011 also uses old rogue product tactics in detecting clean files as infections both via faked scans and falsified error messages. All instances of this should be completely ignored, since they're just XP Anti-Virus 2011's way of trying to get you to spend money on malware. Common messages XP Anti-Virus 2011 may create include:

Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
XP Anti-Virus 2011 detected 35 critical system objects.

Security breach!
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for an anti-spyware scan.

System Hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or trojans may be working the background right now. Perform an in-depth scan and removal now, click here.

This rogue anti-virus product will also shut down programs, such as anti-malware scanning software that could remove XP Anti-Virus 2011, with the following error:

XP Anti-Virus 2011 Firewall Alert
XP Anti-Virus 2011 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

None of these errors will stop as long as this rogue infection is on your computer, so be ready to fight the good fight until you've deleted XP Anti-Virus 2011 for good. Using the key 1147-175591-6550 to register this malware may also help if removal is proving difficult!

ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AppData%\tby.exe File name: tby.exe
Size: 339.96 KB (339968 bytes)
MD5: D083C8A59A063CFC81CCEBD52A34CB56
Detection count: 15
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%
Group: Malware file
Last Updated: January 8, 2020

15 Comments

  • ronny oatneal says:

    Thanks, you help me save my system. Kepp up the great work.

    Ronny

  • James Huerto says:

    i really hope this works...

  • deb says:

    It won't let me open up chrome or firefox ??? Help

  • Jill says:

    2 computers in this house. One has XP Virus which won't allow access to internet. How can I download scanner or removal tool. Could I download it on my computer to a disk and use the disk on the infected computer?

  • dee dee says:

    Thank you SO much for the code!!! It worked like a charm!! You are AWESOME!!!!

  • tardier says:

    you discounted in my bill would back and of my wife two values 69.95 in the weells fargo and citizenz bank by the I buy of the antiviros xp antivirus 2011 and not was possivel lower the product in the my computer i want of the my one reimbolso my money back. tardier neres and marcella pereira

  • Adrian says:

    Another approach that worked for a friend of mine: boot into Safe Mode (hit F8 while booting), and do a System Restore.

  • Tom H says:

    The RESTORE worked perfectly. Went back to the day before the infection. THANKS TO ALL

  • david d. says:

    Code worked perfectly. Thanks so much.

  • Jake262 says:

    Restoring my PC to a previous restore point worked well enough but isn't there any way to be protected against future attacks? I mean it wasn't even detected until it was too late..

  • Tonyglez17 says:

    I thank so much becuse this virus infected my son's computer and was really difficult to get rid of it. Thanks very much for your help, all the info is good, very, very GOOD!!!!

  • Rachel H says:

    You people are saints.. Thank you for the adivce, im trying all of them until this thing is off my computer for good!!!

  • Bobby Belk says:

    I want to check my windows xp computer for malware.

  • joan mcquillan says:

    i HAVE THE VIRUS BUT CANNOT ACCESS THE INTERNET IN ORDER TO BE ABLE TO DOWNLOAD anything to help. Can anyone advise what I should do?

  • Daniel M Barnes says:

    Start computer in safe mode with command prompt and open sytem restore from command prompt C:\windows\\system32\restore\rstrui.exe and follow instructions to restore to an earlier safe point. I tried several other methods to remove xp antivirus 2012 and this was the only one that worked, hope this helps

Loading...