XP Home Security malware

XP Home Security is a dangerous malware which should be categorized as rogue anti-spyware. Though it may look quite trustworthy and reliable, it will completely bombard you with its notifications telling about various cyber threats detected. However, you can be completely sure that XP Home Security is reporting invented viruses and is trying to swindle your money. It displays those annoying notifications with a reason to make you scared about your PC and then promises to fix everything after you pay the money. Note that if you have Windows Vista or Windows 7 OS running, you still have to be aware about this malware. XP Home Security 2011 hails from the huge family of malwares that change their names according to OS found.

Remove infection

1. Reboot into safe mode with networking.

   To reboot into safe mode, press F8 during bootup process, before the Windows Icon appears.

2. Download and run process explorer:

   http://www.2-viruses.com/wp-content/uploads/PE/eXplorer.exe

   In my case I was unable to use any browsers because of the infection. To download I used a cygwin shell and the wget program...

   wget http://www.2-viruses.com/wp-content/uploads/PE/eXplorer.exe

   Not sure what your alternative is if you do not have cygwin and wget already installed.

3. Start Process Explorer and stop all 3-letter named processes.

   In my case the 3-letter process was called uvc

4. Determine executable location of uvc process on file system by hovering cursor over the name.

   In my case, uvc.exe was located in...

   C:\Documents and Settings\MAP\foo\bar

   I tried clicking through Windows Explorer to go that folder. It was invisible. I was able to get there by pasting location into Windows Explorer address bar.

   The uvc.exe file, what Process Explorer indicate was in this folder, was invisible. I used a cygwin shell to remove the file.

   cd "/cygwin/c/Documents and Setting/MAP/foo/bar
   rm uvc.exe

5. Start registry editor by running regedit

   In my case I was unable start by running "Start | Run | regedit". I had to open Windows Explorer, go to c:\Windows, and double-click on regedit

6. Search registery for string "uvc.exe"

7. Install full version of Spyware Doctor, or malwarebytes

8. Reboot out of Safe Mode and update your antivirus programs (preferably to internet security versions) and scan again. Make sure you got all the trojans out.