System registry
In order to function normally XP Antivirus 2012 creates the following branches in the system registry:
HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\ command = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”
HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\ command = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\ command = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”
HKEY_CLASSES_ROOT\.exe (Default) = exefile
HKEY_CLASSES_ROOT\.exe\ Content Type = application/x-msdownload DefaultIcon = %1
HKEY_CLASSES_ROOT\.exe\shell\open\command (Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “%1″ %* IsolatedCommand = “%1″ %*
HKEY_CLASSES_ROOT\.exe\shell\runas\command (Default) = “%1″ %* IsolatedCommand = “%1″ %*
HKEY_CLASSES_ROOT\exefile (Default) = Application Content Type = application/x-msdownload DefaultIcon = %1
HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “%1″ %* IsolatedCommand = “%1″ %*
HKEY_CLASSES_ROOT\exefile\shell\runas\command (Default) = “%1″ %* IsolatedCommand = “%1″ %*
Miscellanous Notes on Internet Security 2012 Virus
kjm.exe MDM.exe "C:\Documents and Settings\<username>\Local Settings\Application Data\kjm.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
"C:\Documents and Settings\<username>\Local Settings\Application Data\kjm.exe" -a "%1" %*
XP Security 2012 Virus
just delete the below registry keys on your registry editor and after that you can solve your issue. to open the registry editor go to the start and after that make click on the run. now on the run type: regedit and after that click on the OK button. now you will get the registry editor and under that locate to the below location and after that delete everything.
Quote:
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"' HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1' HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*' HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*' HKEY_CURRENT_USER\Software\XP Internet Security 2012 HKEY_LOCAL_MACHINE\SOFTWARE\XP Internet Security 2012 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP Internet Security 2012
NO EXE WOULD OPEN. I HAD TO CREATE A SHORTCUT TO SYSTEM RESTORE ON THE DESKTOP. THEN I RIGHT CLICK AND CHOOSE TO OPEN AS USER ADMINISTRATOR WHICH SEEMED TO GET IT TO OPEN EVEN THOUGH THE EXE ASSOCIATION WAS BROKEN IN WINDOWS.
Good Resource:
- http://deletemalware.blogspot.com/2011/06/remove-xp-antispyware-2012-xp-internet.html
- http://www.readwriteweb.com/archives/report_fake_anti-virus_scareware_programs_on_the_d.php
XP Total Security 2012 Virus
This has been seen for over a year now and thousands have been infected. Called the Name changing Rogue, Depending on which Windows operating system it attacks Names at Present time
XP Antispyware 2012 AdminVista Antispyware 2012Admin Win 7 Antispyware 2012 XP Antivirus 2012 16:30, 17 December 2011 (CST)~Vista Antivirus 201216:30, 17 December 2011 (CST)~Win 7 Antivirus 2012 XP Security 201216:30, 17 December 2011 (CST)~~Vista Security 201216:30, 17 December 2011 (CST)~Win 7 Security 2012 XP Home Security 2012~~Vista Home Security 2012~Win 7 Home Security 2012 XP Internet Security 2012~Vista Internet Security 2012~Win 7 Internet Security 2012
Last year there were over 60 different names for this rogue