How To Remove XP Antivirus 2012 Virus For Free

If you think that your XP computer might be infected with the XP Antivirus 2012 Virus, you are probably right! You will see notices like these:

  1. Alerts trying to get you to buy, download and install Full version of XP Antivirus 2012 (don't do that, it is a virus!)
  2. Alerts warning you of visiting dangerous sites (such as google.com etc)
  3. You will have problems even controlling your computer programs with Task Manager, it just won't work properly.
It is possible to remove XP Antivirus 2012 virus for free. Here are the exact two steps to accomplish this. I was able to do it on a case of a XP netbook that was infected with XP Antivirus 2012 virus.

Step 1: Follow the directions at http://www.bleepingcomputer.com/virus-removal/remove-xp-antivirus-2012.

Step 1 requirements are: a second computer that will allow you to download files to a USB stick, or a SD drive, then transfer these files to the infected XP computer.

Step 1 has substep 1 of running FixNCR.reg (find this in the directions, link above) which fixed parts of the registry so it becomes possible to run programs. Substep 2 involves downloading and running Rkill which stops all running malware programs, including the XP Antivirus 2012 virus. Substep 3 (which might be optional for you, it didn't do anything for me), is to remove google redirects with TDSSkiller. Again, the download location is on the page linked above.

At this point, the malware XP Antivirus 2012 virus has been removed. But, the computer still is unable to access the internet. Step 2 takes care of that.

Step 2: Follow directions either from http://www.tek-tips.com/viewthread.cfm?qid=1165500 or http://titlerequired.com/2011/11/25/quick-fix-afd-sys-afd-service-is-missing-windows-xp/ (this last post exactly describes the symptoms which were the "nonexistent service" Afd, upon which the DHCP and the internet connectivity depends.

I was fortunate to have another XP computer running, and I used regedit to navigate to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\] Where the Afd key was located, export that key, transfer the exported file, say AFD.reg, to previously infected computer and import it through regdit to the same place [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\] on the infected XP, where it was missing.

Probably the last Easter egg remaining from the XP Antivirus 2012 virus!

Indeed, after reboot, the internet connectivity is back, and the XP netbook was working like new!!!

If these directions helped you, let us know by leaving the comment below.

Also, you can follow the blog through RSS or through Google Friends (or Google Plus?) if you want more helpful tips on keeping your computer healthy.

Finally, if you want to prevent future virus infections, download my favorite Antivirus program, Malwarebytes' Anti-Malware Lifetime. While the free version (available through the link abobe) will remove viruses already creating havoc on your computer, the paid version (only 20 bucks or so) will have REAL TIME shields which will prevent viruses from ever landing on your computer in the first place.

You can get my favorite *REAL* antivirus software, the Malwarebytes' Anti-Malware through my Amazon affiliate link: Malwarebytes Anti-Malware Lifetime

2 comments:

Virus Removal said...

Great information, Thanks for such a nice post..

Anonymous said...

hi nice post keep up. if possible visit mine qmediaz

Post a Comment