XP Home Security 2011 and 2012 Simple Removal

Hey, look who’s still around (and updated)!  It’s our good ole rogue XP Home Security now full updated for 2011 and 2012.  This version that I encountered disabled the customers Norton Antivirus 2010 and prevented them from loading any .exe or website.

Here’s how I quickly removed XP Home Security 2011 or 2012:

  1. Used RKill.scr (the .com .exe and .pif versions were killed by the rogue).  Rkill.scr terminated the rogue.
  2. Installed Malwarebytes, updated, scanned and removed all items.
  3. Turned off proxy settings in internet explorer.

, , , ,

11 Responses to XP Home Security 2011 and 2012 Simple Removal

  1. emontech February 25, 2011 at 3:31 am #


  2. Icaro February 25, 2011 at 3:46 pm #

    Thanks for the tool…… BTW, a video of a manual (meaning no AntiVirus Software used, at least at first of the cleaning) malware desinfection would be nice. Is good to refresh some good Registry, Process, and System files cleanup techniques by hand. Thanks for sharing your knowledge.

  3. john February 25, 2011 at 7:36 pm #


    what would you have used if rkill hadn’t worked?

  4. Reggie March 1, 2011 at 10:49 am #

    I’m going to add RKill to my toolbox. Thanks Matt.

  5. thomas March 2, 2011 at 12:44 am #

    You made quick work of that rouge Matt! lol

  6. Carlos March 2, 2011 at 5:28 am #


    The next time you are dealing with Fake AVs trying to kill their running processes try this application (can be downloaded from this link): http://www.sur-la-toile.com/RogueKiller/ It works nicely by terminating whatever processes the Rogue is running on your computer allowing you to use the tool of your choice (MBAM, SAS) to clean up the infection.

    Best regards,


  7. estechguy March 3, 2011 at 2:45 am #

    @ carols – I think Matt did use Rouge Killer to kill the process.

  8. C. C. March 7, 2011 at 7:06 am #

    Hi Matt
    I got a photo of a rogue av and the sample I’d like to see you remove on one of your videos. (AntiVirus Monitor)
    You have my email address with this comment, so send me an email and I will send the sample and photo to you.

    Code Hunter
    MBAM Malware Hunters Group

  9. Colby March 7, 2011 at 11:51 pm #

    I hope you submitted the malware to Symantec Security Response, for those of us who use NIS/NAV…

  10. C. C. March 8, 2011 at 1:47 am #

    @ Colby I submit samples only to MBAM & G-Data…………….

    G-Data Internet Security 2012 Beta testing will be over on March 15. You can get an extended beta license. First time there has been an English beta version.
    Download here; (315MB)
    Several major improvements including both engines upgraded. Avast 4 engine upgraded to Avast 5. GUI improvements and settings menu is easier to access and make changes,

  11. Tom March 11, 2011 at 12:24 pm #

    Thanks matt, saved me a bunch of stress when my mum’s laptop got this little bugger

Leave a Reply