Talk:Internet Security 2012 Virus

Return to "Internet Security 2012 Virus" page.

System registry

In order to function normally XP Antivirus 2012 creates the following branches in the system registry:

   HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\
   command  = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”
   HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\
   command  = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
   HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\
   command  = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”
   HKEY_CLASSES_ROOT\.exe
   (Default) = exefile
   HKEY_CLASSES_ROOT\.exe\
   Content Type = application/x-msdownload
   DefaultIcon  = %1
   HKEY_CLASSES_ROOT\.exe\shell\open\command
   (Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “%1″ %*
   IsolatedCommand = “%1″ %*
   HKEY_CLASSES_ROOT\.exe\shell\runas\command
   (Default) = “%1″ %*
   IsolatedCommand = “%1″ %*
   HKEY_CLASSES_ROOT\exefile
   (Default) = Application
   Content Type = application/x-msdownload
   DefaultIcon  = %1
   HKEY_CLASSES_ROOT\exefile\shell\open\command
   (Default) = “%UserProfile%\Local Settings\Application Data\%random%.exe” -a “%1″ %*
   IsolatedCommand = “%1″ %*
   HKEY_CLASSES_ROOT\exefile\shell\runas\command
   (Default) = “%1″ %*
   IsolatedCommand = “%1″ %*

Miscellanous Notes on Internet Security 2012 Virus

kjm.exe
MDM.exe
"C:\Documents and Settings\<username>\Local Settings\Application Data\kjm.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"
"C:\Documents and Settings\<username>\Local Settings\Application Data\kjm.exe" -a "%1" %*

XP Security 2012 Virus


just delete the below registry keys on your registry editor and after that you can solve your issue. to open the registry editor go to the start and after that make click on the run. now on the run type: regedit and after that click on the OK button. now you will get the registry editor and under that locate to the below location and after that delete everything. Quote:

HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%LocalAppData%\kdn.exe" -a "%1" %*'
HKEY_CURRENT_USER\Software\XP Internet Security 2012
HKEY_LOCAL_MACHINE\SOFTWARE\XP Internet Security 2012
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP Internet Security 2012

NO EXE WOULD OPEN. I HAD TO CREATE A SHORTCUT TO SYSTEM RESTORE ON THE DESKTOP. THEN I RIGHT CLICK AND CHOOSE TO OPEN AS USER ADMINISTRATOR WHICH SEEMED TO GET IT TO OPEN EVEN THOUGH THE EXE ASSOCIATION WAS BROKEN IN WINDOWS.

Good Resource:

XP Total Security 2012 Virus

This has been seen for over a year now and thousands have been infected. Called the Name changing Rogue, Depending on which Windows operating system it attacks Names at Present time

XP Antispyware 2012 AdminVista Antispyware 2012Admin Win 7 Antispyware 2012
XP Antivirus 2012 16:30, 17 December 2011 (CST)~Vista Antivirus 201216:30, 17 December 2011 (CST)~Win 7 Antivirus 2012
XP Security 201216:30, 17 December 2011 (CST)~~Vista Security 201216:30, 17 December 2011 (CST)~Win 7 Security 2012
XP Home Security 2012~~Vista Home Security 2012~Win 7 Home Security 2012
XP Internet Security 2012~Vista Internet Security 2012~Win 7 Internet Security 2012 

Last year there were over 60 different names for this rogue

Last modified on 17 December 2011, at 16:30