Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got the XP security 2012 virus


  • Please log in to reply
15 replies to this topic

#1 kjackson

kjackson

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 14 June 2011 - 10:43 AM

Hello, this morning I was on the internet (monster.com) and all of a sudden got a pop-up that said my computer was at risk, my firewall was off, I shouldn't continue as it was unsafe, etc., etc. The title bar says "Windows XP Security 2012" and it has blocked me from using the internet (I had to log on with my laptop and create a new account to get on here) and can't even get to my "add/remove programs" on my computer. Now when I start my computer it pops up over and over again.

I'm using an Acer desktop with Windows XP, and have never had a virus problem before. Is there anything that can be done to fix this?

Karen

Edited by hamluis, 14 June 2011 - 11:38 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 portsteel

portsteel

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 14 June 2011 - 01:10 PM

I just had the 2011 virus that did the same thing. What I did was i entered the virus name on google and went to the bleepingcomputer answer and followed the steps that it gave me. my old computer is now working great, well as good as it can be, lol.

#3 invision

invision

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 14 June 2011 - 01:24 PM

Hello, this morning I was on the internet (monster.com) and all of a sudden got a pop-up that said my computer was at risk, my firewall was off, I shouldn't continue as it was unsafe, etc., etc. The title bar says "Windows XP Security 2012" and it has blocked me from using the internet (I had to log on with my laptop and create a new account to get on here) and can't even get to my "add/remove programs" on my computer. Now when I start my computer it pops up over and over again.

I'm using an Acer desktop with Windows XP, and have never had a virus problem before. Is there anything that can be done to fix this?

Karen



Follow this guide http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

#4 kjackson

kjackson
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 14 June 2011 - 06:34 PM

I can't get onto my computer or the internet to get this file (I'm typing this on my laptop).

The virus won't let me run any executable, and I can't get to my control panel or system area. I mean I can't get to ANYTHING! I've taken every thing I need off my computer so all I want to do is completely wipe it clean. I tried using the restore disks and they won't boot. How do I erase the hard drive when I can't get to anything?

Thanks.

#5 kjackson

kjackson
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 15 June 2011 - 06:42 AM

I ended up just restoring the computer back to the original settings. Luckily there was nothing on there that I can't replace.

Thanks.

#6 Philopher

Philopher

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 19 June 2011 - 03:42 PM

I tried running the removal instructions here: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012 but the "rkill" program will not work. It will run for 5 seconds, say a certain file can't be found, and turn off.

#7 Nermi

Nermi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 20 June 2011 - 02:25 PM

There are multiple versions of rkill, or I should say multiple names for the same file. If you are having problems with the one you downloaded, you should go back to the #5 step and read it all and especially the text in bold.
Good luck

There are multiple versions of rkill, or I should say multiple names for the same file. If you are having problems with the one you downloaded, you should go back to the #5 step and read it all and especially the text in bold.
Good luck

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:14 PM

Posted 20 June 2011 - 02:52 PM

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.

^^

If you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.


Try this with RKill.... download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Do not reboot your computer after running rkill as the malware programs will start again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 dub3

dub3

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 24 June 2011 - 08:32 PM

"... you should go back to step 5" ... and if that does not work? What do you suggest? I am desperate. Thanks.

#10 flaghouse

flaghouse

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 26 June 2011 - 10:20 AM

I have downloaded the FixNCR.reg & all the RKill files to a thumb drive.

When I double click on the FixNCR.reg a notepad file opens a TXT file.

I have then tried each of the RKill variants in turn. After double clicking I get one or other of the "XP Home Security 2012" screens opening. Nothing works! Occassionally I get Super Anti Spyware or Symantec Endpoint Protection to run. Super Anti Spyware shows some Trojan variants, which it says it has cleaned, but when I reboot, they are still there. Symantec shows nothing.

The CMD control does not allow me to run Regedit.

If I reboot into Safe Mode my password is not recognised.

I'm now stuck!

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:14 PM

Posted 26 June 2011 - 06:58 PM

@ flaghouse
If XP
Go here to Doug KNox's Windows® XP File Association Fixes
Run 9th down on left... EXE File Association Fix ... the EXE not EML one.

Now run FixNCR.reg
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 flaghouse

flaghouse

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 27 June 2011 - 05:07 AM

When I extract the xp_exe_fix.reg & double click on it I get a TXT file. Running the FixNCR.reg results in another TXT file being opened. I still cannot run the CMD or Regedit prompts . attempts to do so produce another XP Home Security 2012 window.

Am I doing something wrong?

Any other ideas?

#13 flaghouse

flaghouse

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 27 June 2011 - 09:26 AM

OK - Fixed it doing the following:

1. Start the computer in Safe Mode with Networking
2. Click Start > Run.
3. In Run dialog box, type the following text: msconfig
4. Click OK.
5. If the User Account Control window appears, click Continue.
6. In the System Configuration Utility window, on the BOOT.INI tab, check /SAFEBOOT and Network.
7. Click OK.
8. When asked to restart the computer, click Restart.
9. At this stage I was still getting the XP Home Security 2012 windows appearing
10. Run a Super AntiSpyware Scan & clean accordingly – I had this loaded previously
11. Restart – still in Safe Mode with Networking
12. Run Rkill.exe & TDSSKiller – both showed no infections
13. Start the computer in Safe Mode with Networking
14. Click Start > Run.
15. In Run dialog box, type the following text: msconfig
16. Click OK.
17. In the System Configuration Utility window, on the BOOT.INI tab, uncheck /SAFEBOOT.
18. Press Restart

Nothing else worked. I tried all the recommendations above, but my infection was pretty virulent.

#14 wcgprinting

wcgprinting

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 29 June 2011 - 10:55 AM

I went through this yesterday
Re-start your computer and hit F-8 during re-boot
Select safe mode as start up
Go to programs/accessories/system tools/system restore
Select a date prior to virus
You will lose what you did since the virus, but I'm guessing it wont be much
Randy

#15 MAD Computers

MAD Computers

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 05 July 2011 - 04:46 AM

Just though i'd make a quick addition to this. I have experienced this malware quite a few times recently and in some cases the malware has deleted the actual .exe file extension from the file extensions list. In some cases you can just add it back in, but more often than not you have to do it manually through the registry.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users