How do I remove XP Home Security 2011?

Here is a great page that provides both some automated solutions as well as some manual solutions depending on what you are looking for.

http://www.spywares-remove.com/remove-xp-home-security-2011-xphomesecurity2011-removal-steps

Have you tried any of the above applications in safe mode w/ networking? That's your best bet for the initial scanning until your system is clean enough to scan from normal windows mode.

Also try spybot search and destroy http://www.safer-networking.org/index2.html

Super antispyware portable is a great program (gets past a lot of spyware programs that block .exe applications from running) http://www.superantispyware.com/portablescanner.html

Also, a fantastic program is Hitman Pro. It installs several different scanners for a more thorough cleaning of your system.

http://www.surfright.nl/en/hitmanpro

If MB won't load you will need to run a program called Rkill first.

http://www.bleepingcomputer.com/download/anti-virus/rkill

It will help stop any program trying to prevent you from opening anything else. However try and see if anything will load. It's possible your .exe file within the registry has been modified so no .exe will run. If that is the case then run the attached registry file. It will replace your data with the correct default data then allow you to open files. After you can run MB you should be ok as MB removes most if not everything. Also please refer to the following thread for more information.
https://www.experts-exchange.com/questions/24860646/ComboFix-MBAM-basic-posts.html?anchorAnswerId=35002621#a35002621

Fix-EXE.reg

Did you use the "Save As" function when you downloaded MBAM?
Many variants of malware can recognize and affect the file name when you are downloading it.

You may have to download it to a clean machine, then copy it to USB stick or CD.
Manual update executable here:
http://forums.malwarebytes.org/index.php?showtopic=3436 

I wrote a little about it here:
https://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)

Are you sure that is the exact name of the malware you're seeing?
If you can post a screenshot for us to look at, it might give us some more clues.

There are only one or two malware variants that call for using Malwarebytes in a "Safe Mode" scan and you should never do that unless you see an actual link/reference to the instructions.

If you are facing issues running MalwareBytes I would recommend you to rename the mbam.exe to some dummy name like mb.com and then run it.

http://www.malwarebytes.org/mbam-download.php

I hope that would help

Sudeep

digisel -
You CANNOT "rename" the Malwarebytes executable AFTER downloading it.
You must use the "Save As" function before the file hits your computer.

Hi all
Thanks for your suggestions.   I have tried all of them but none of them will load.
Younghv  when I download Malwarebytes executable I do not get the option to @Save As@

In any case I already have Malwarebytes loaded on this Pc but I cannot load the file.

ANY OTHER SUGGESTIONS BECAUSE i AM BACK WHERE I STARTED.

Well, one shot of last resort is to download Malwarebytes and replace the standard explorer.exe with the malwarebytes exe file.  Explorer is seldom if ever blocked and once you reboot, it should startup malwarebytes in place of explorer.

Once you clean things up you can use safe mode command prompt mode to put explorer.exe back where it belongs.

Try this:

http://www.pandasecurity.com/activescan/index/?lang=en-US

It's a cloud scanner by Panda Security.

digisel - Are you using Internet Explorer as your browser?
When downloading any file from the Internet, the options are "Run", "Save", and "Cancel".

Select "Save" and then "Rename" it to something like "xyz" when the "Save As" box opens.

@digisel

Are you posting these from the current infected computer? If so that means your exe is broken. If not, try opening up any other executable file (i.e. a shortcut) and see if it works. If it doesn't then it could be your exe is broken. Refer to my older post as I attached the reg key to fix it.

If it does open but MB is the only thing not opening then you have to run the rkill and then try opening MB in that order. In your case Mb is the last thing you are going to do as you want it to be able to run thoroughly and also with an updated database.

We might be able to help you further if you could explain the symptoms itself that are happening because the XP Security 2011 has different variations/versions with different symptoms.

Scissors.   I can open Adobe Reader from the shortcut and Notepad but not IE or Firefox.

Younghv:   I cannot open IE.   I normally use Firefox which I can open

I don't know anything about Firefox - never used it.
Maybe another Expert can tell you how.

I did find this link, but it doesn't mean anything to me:
https://addons.mozilla.org/en-US/firefox/addon/save-file-to/

@digisel

Sounds like your specific shortcuts might be broken. If you know how travel to your My Computer and go to the program files and search for IE. Right click on your shortcut and see can see where it currently is leading to. The symptoms seem kind of weird but we can get you through this. I have never had to reformat a PC due to a virus.

@younghv

Forgot to add..Firefox is similar to IE in you can Save or Cancel but Firefox does not allow you to directly run an object through the browser. So when you right click and do save as there is only save or cancel. No run option is there for security reasons. So he still should be able to save the file and change the name.

S_85 - thanks.
I have to try that thing one of these days.
(Old Dogs, New Tricks.)

Hi Digisel.
Were you able to download Hitmanpro(mentioned above)?
If so, we can suggest a route to take :)

@ optoma    No I was not able to download HItmanpro

Can you boot into safe mode with networking and see if it will download for you or download it on another machine and transfer it via cd / removable device

What OS are you Running?? if Win Vista or 7 you will need to go to C:\ program data ( if program data is not there you will need to enable "show hidden files and folders" to see the folder) , and look for a folder with random letters and numbers E.G ....thuehe0068948 and inside there you will have 2 files, one is an .exe and cant be deleted right now, please right click the .exe file and rename it to whatever you like (example.exe) and then restart the PC.

That should stop the rogueware from starting up. Now please go back to that location and delete the files inside there. Please then run a full virus and spyware scan which will remove any registry entries of this Rogueware.

If you are running XP,, do you have an icon on the desktop?? if so right click and go properties, this will give you the location of where the .exe file is sitting, navigate to that location and follow the steps above.

Please get back to us as soon as you can, I hope this helps.

digisel,
You really need to figure out how to properly run "Malwarebytes" on this system - as I recommended here: http:#a35021168

Even if you do as a I said and use another computer - then copy to USB/CD (with the update file), at least you get the right program to start attacking this.

@Trusol - the "XP" in the malware name tells you the OS. The leading word will be either XP, Vista, or Win 7 for the different variants.

@younghv, completely overlooked that one!

TBH - I learned that about ONLY after reading Grinler's instructions, so I had about a 10 minute head start.

PROBLEMS PERSIST
thanks for the input from everyone.
 I successfully loaded RKill.exe from a memory stick off another PC.
This allowed me to run malwarebytes on the infected PC.
That program has taken well over two hours.
It found NO infections.
I have that PC sitting there showing this (surprising) news.
Should I try re-booting or what???
Regards

digisel,
I can't tell from your last comment what steps you have actually taken.

Did you manage to download a clean (re-named) version of MBAM?
Did you follow the instructions contained in my latest post?
http:#a35026192

Hi younghv
1.   I copied the Rkill from my laptop onto a memory stick
2.  I activated Rkill on the infected pc from the memory stick
3.  I activated Malwarebytes from the desktop icon (as per the instruction on bleeping computer)
Then subsequent to your last post I tried to load a new and freshly named malbutes.ex file from thememory stick.
This resulted in the system suddenly re-booting.
Than BINGO - without Malwarebuytes activating the system was cleared of this cursed program and all is well.
Thank you for your diligence and patience and to everyone else who pitched in.

I am sure that everyone has taken something away from this.   And the more people who know how to combat this curse from hell then the less money they will make.
Once again many thanks.

Thanks to DIRE particularly for coming up with RKill - that is what clearly fixed it.
Thanks to all who took part, hope everyone got something out of it.
Cheers