[SOLVED] XP Home Security 2011/XP Total Security Virus/Malware Removal Instructions in Safe Mode

Posted by admin on April 4, 2011 at 8:22 pm.

I think it is important to share this experience because I had to waste an hour dealing with this thing and I want to save some other people time.

How I Got The Virus

I am a programmer, former IRC geek and earn my living running websites and doing internet marketing so I generally like to think of myself as savvy with computers.  However, I was browsing an admittedly dodgy site, using Firefox, and loaded the page.  That’s it.  That is enough to get this virus.  You do not need to click on file attachments or use Internet Explorer 6.  Using the latest version of Firefox I got the virus just by visiting the page.  I guess I am going to have to switch to Google Chrome.xp_home_security_2011

The Symptoms

  • A window with the title XP Home Security or XP Anti Spyware or XP Total Security (all synonyms for the same thing) pops up with an animation of files being scanned.
  • You cannot run MalwareBytes, RKill, AVG or anything else
  • Even when you reboot into Safe Mode (hold F8 while rebooting) the virus somehow still runs and kills your processes like Internet Explorer, Add/Remove Programs etc.  This is a first for me.  I have never seen a virus that runs in SafeMode.

Why Would Someone Make This Virus That Runs In Safe Mode

Almost all viruses are made to make money.  Some are for building up a network of infected computer drones to email spam (so they can sell Viagara and crap like that and make money).  This one is new in that it is directly trying to trick you into paying with your credit card to get rid of it.  This is not far off how McAfee and Norton make their money only the viruses they protect from “just happen” and then they sell you a solution. Note: everything the program tells you is just fake to convince people that they actually paid for something useful. Ignore anything the program says.

How I Fixed It

Note: this fix requires running three (3) files which you can download as a ZIP here. If you have it at your disposal, use a second PC to download these files and put them on a memory key and then put that memory key into the infected PC and run them from there.

1. Reboot The Computer Into Safe Mode

  1. This is not a silver bullet like with most viruses but worth doing.
  2. Reboot the computer and keep pressing F8,
  3. You will get a prompt with a bunch of options
  4. Pick Safe Mode with Networking

2. Get The Virus To Give You Some Breathing Room

  1. When the XP Home Security runs, click on Register (top right corner of the program)
  2. Then click Manual Activation (or maybe Installation)
  3. Use this Reg Code: 1147-175591-6550
  4. It will do some stuff like Downloading Updates then finally complete.

3. Restore The Ability To Run Browsers and Other EXE Files

4. Kill The Virus’ Various Malicious Processes

5. Remove The Virus With A Full Scan From A Good AntiVirus

6. Avoid Getting A Virus Like This Again

  • Use Google Chrome Browser - http://www.google.com/chrome
  • Use a Mac - these viruses are usually not written for Mac computers (I do not use one but am considering it)
  • Do not visit really dodgy web pages.  If you want to look for warez, find a safer way to find them.

Let me know how you make out in the comments below.  Hopefully this saves others time and frustration.

If You Liked This, Please Share:
  • Facebook
  • Twitter
  • Print
  • email
  • PDF
  • StumbleUpon
  • Google Bookmarks
blog comments powered by Disqus