XP Home Security 2012

XP Home Security 2012 Description

ScreenshotIn early 2011, a malicious file caught the attention of computer security experts worldwide. This file, created in the Russian Federation, is the Ppn.exe file process. This file is a master of disguise, changing its name and appearance to match the operating system it is infecting. XP Home Security 2012 is one of the dozens of masks that this Ppn.exe file can wear to disguise itself. This clever feature makes this rogue anti-spyware program very difficult for security experts.

The Many Faces of XP Home Security 2012

Like a chameleon, Ppn.exe changes skins constantly. However, all the time it remains the same file process. In some computers, it has also shown up under the name Kdn.exe, which is essentially the same file. To help hide its presence, this program has been known to create additional processes in the Task Manager. All of them with names comprised of three random letters. While it is installing, it will check for the computer user's operating system. Then it will choose from three possible sets of names and skins, one for each of the most common operating systems. These are Windows XP, Windows Vista, and Windows 7. XP Home Security 2012 would be downloaded from the Windows XP set. It has a name and layout that match with what a genuine Windows XP security application would look like. If this program came from the Windows Vista set or the Windows 7 set, it would then be named Vista Home Security 2012 or Win 7 Home Security 2012 respectively. In rare cases, the program can become confused and download a skin from the wrong set. In those cases, in a system running Windows Vista or Windows 7, one would get an XP Home Security 2012 infection.

The XP Home Security 2012 Scam

One of the first actions XP Home Security 2012 will take is altering the registry so that XP Home Security 2012 starts up along with Windows. The next time the computer user starts up the PC, he/her)will be greeted with the XP Home Security 2012 splash screen. This annoying window will prevent access to other parts of the user's computer, claiming XP Home Security 2012 has found security problems. XP Home Security 2012 will show the computer user a genuine-looking system scan. Don't fall for XP Home Security 2012's charm, because all the information in that scan is false. Then, to fix the false security problems XP Home Security 2012 found, it will ask the computer user to enter his/her credit card information. XP Home Security 2012 is made up of Trojans and harmful scripts. This program has no real security capabilities. Because of this, giving XP Home Security 2012 your credit card information does nothing. If you've been tricked by this scam and have already entered your credit card information, call your credit card company to block the charges.

As a rogue security program from the FakeRean family, XP Home Security 2012 has uncountable clones. Among its clones are Windows Antivirus 2008, Vista Antivirus 2008, PC Clean Pro, Antivirus Pro 2009, AntiSpy Safeguard, ThinkPoint, Spyware Protection 2010, Internet Antivirus 2011, Palladium Pro, XP Anti-Virus 2011, CleanThis, Windows Clear Problems, XP Security 2012, Antivirus PRO 2015.

Three Easy Steps to Prevent Being Infected by XP Home Security 2012

  1. Use a reliable anti-virus and or anti-spyware utility.
  2. Avoid visiting high-risk websites or clicking on unknown links or banner advertisements.
  3. Don't download unknown files or email attachments.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how XP Home Security 2012 infects a computer.

XP Home Security 2012 Video

Registry Details

XP Home Security 2012 creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exee” -a “%Program Files%\Internet Explorer\iexplore.exe”‘
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe” -a “%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe” -a “%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = ’1?
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation “TLDUpdates” = ’1?
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[random].exe” -a “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = ’1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe” -a “%1? %*’

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

5 Comments

  • marwan:

    Hi i cant download the spy hunter because the xp home security it s make a problem for me pleas what can i do in this case could you help me pleas.

    marwan

    • GoldSparrow:

      Hello marwan,

      The situation that you are experiencing is where XP Home Security 2012, like many other rogues, blocks downloads to trusted security resources. You can, however, download SpyHunter through the following alternate link: https://www.enigmasoftware.com/SpyHunter-Installer.com This link will bypass XP Home Security 2012's ability to block the download of security software.

  • Tom Montero:

    How do I get rid of XP Home Security 2012 and is there a way to retrieve my credit card payment?

    • GoldSparrow:

      Tom,

      If you have purchased XP Home Security 2012, we strongly suggest you contact your credit card company and inform them of the situation. You will want to explain how your card was charged for a bogus security product and that you suspect your card information is in the hands of cybercriminals. At that time you may elect to cancel your credit card and have a new one issued to be sure they cannot run up additional charges without your consent.

      To safely detect XP Home Security 2012 you may utilize SpyHunter. After registering your copy of SpyHunter it will automatically remove XP Home Security 2012 from your PC.

  • Repair file Access:

    You made some good points there. I checked on the net for
    more info about the issue and found most people will go along with your views on this
    site.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.