Jump to content
PC Doctor WI

XP Home Security 2011 - additional info

Recommended Posts

I'm working to remove this from a clients computer as I type this. At least in this instance, XP Home Security 2011 has turned out to be pretty nasty.

This started last night with the pop-ups that others have mentioned. Unfortunately, my client panicked and actually paid the $59.95 charge via a credit card. He then had second thoughts and decided to call me for an opinion.

Seeing the XP Home Security 2011 name, I instantly new it was a rogue.

Below is a listing of what I have found before attempting removal

1) I was able to log into his computer via TeamViewer with no problem.

2) XP Home Security icon runs in the taskbar.

3) The ".exe" file associations for the Firefox and IE web browsers had been broken, so they would not start. Strangely, it did not seem to effect any other programs at that time.

4) The rogue's executable file is eft.exe

5) Blocks some security software from starting.

6) On VirusTotal.com, only 5 of 43 antivirus/antispyware products detected eft.exe as of May 13, 2011. SUPERAntiSpyware was one of them.

A couple of additional details about XP Home Security 2011

7) In this case, it was downloaded from hyvinusys(dot)com (I was not able to determine what website had this redirect on it.)

8.) The charge card was billed from Win Micro Clean in Arizona, USA

I then ran a QuickScan using SAS. It found the rogue and the broken .exe association. I let SAS remove them and rebooted the computer. The following is what I found after reboot.

9) XP Home Security 2011 had been removed.

10) ALL of the .exe associations were now broken. There were now no programs that would start. (Although TeamViewer would still autostart. Insteresting.) Any program I attempted to start would cause a Windows box to open asking what program I wanted to use to start that program.

11) Avast Antivirus would not autostart.

12) Recreating the EXE file association using Folder Options did not fix this problem.

13) I attempted to try System Restore, but it would not start.

14) Regedit would not start.

Further searching and troubleshooting found the following:

15) A work-around for running programs.

A) Right-click on a program icon.

B.) From the sub-menu select "Run As"

C) From the Run As window that opens, uncheck "Protect my computer and data from unauthorized program activity", and click OK.

D) The program should now run. Unfortunately, this is not permanent, so further repairing is necessary.

16) Using the above work-around I was able to run System Restore, and restored the computer to the day before the rogue was installed. After the restore, all programs started and ran without trouble. It appears that everything is good again.

My client contacted his credit card company and stopped the charge. He also requested a change of account and new cards.

Share this post


Link to post
Share on other sites

You're welcome.

I've had quite a few customers who paid for a rogue. My first suggestion to them is to immediately contact their credit card company.

Share this post


Link to post
Share on other sites

Using UNLOCKER ASSISTANT I was able to erase XRG.EXE (located Local Settings\Application Data\). After that the system acted crazy.

Via a network connection I loaded and installed my copy of SAS professional but it kept crashing partway through. I then downloaded SAS Free and installed it. It ran and removed about 1800 dangerous files. I was then able to run SAS Professional which found and removes another 600+ files.

The system is no longer crazy and all seems to be normal again.

Share this post


Link to post
Share on other sites

Using UNLOCKER ASSISTANT I was able to erase XRG.EXE (located Local Settings\Application Data\). After that the system acted crazy.

Via a network connection I loaded and installed my copy of SAS professional but it kept crashing partway through. I then downloaded SAS Free and installed it. It ran and removed about 1800 dangerous files. I was then able to run SAS Professional which found and removes another 600+ files.

The system is no longer crazy and all seems to be normal again.

Great !

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...