XP Internet Security 2012 Removal Guide

XP Internet Security 2012 is a fake antivirus program that produce fake alert that there are several vulnerabilities are detected in the computer which XP Internet Security 2012 is installed. XP Internet Security 2012 installs into the computer and will configure itself to start automatically (in registry) when Windows boot. XP Internet Security 2012 will scan the computer and WILL SURELY detect many malwares in the computer. In fact, it is just a fake alert. The intention of XP Internet Security 2012 is to urge the user to register XP Internet Security 2012 by purchasing the full version of XP Internet Security 2012 so that to earn some money from the user. XP Internet Security 2012 cannot detect and remove any malware / virus / trojan. XP Internet Security 2012 will block the Internet browser, as well. Each try to open a web browser will be accompanied by a security warning about Trojan-BNK.Win32.Keylogger.gen infection allegedly keeping the user from going online and using the web services via the Internet browser.

XP Internet Security 2012 can be removed by stopping the processes and removing the files by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by XP Internet Security 2012 shown in the removal guide below. All files related to XP Internet Security 2012 must be deleted.

XP Internet Security 2012 should be removed immediately!

XP Internet Security 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\XP Internet Security 2012
HKEY_LOCAL_MACHINE\SOFTWARE\XP Internet Security 2012
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP Internet Security 2012

Remove Folders and Files
%AllUsersProfile%\Application Data\u3f7pnvfncsjk2e86abfbj5h %LocalAppData%\kdn.exe %LocalAppData%\u3f7pnvfncsjk2e86abfbj5h %Temp%\u3f7pnvfncsjk2e86abfbj5h %UserProfile%\Templates\u3f7pnvfncsjk2e86abfbj5h
[random].exe