How To Remove XP Internet Security 2012

Melanie Gross
Aug 16, 2011
Updated • Dec 16, 2014

In this post I’m going to tell you how to remove XP Internet Security 2012. If you didn’t know, this is a fake security tool that produces fake pop-ups and fake scan results with the sole purpose of intimidating you into buying the software.

All the viruses and security issues it finds are simply made up, and you’ll find this software takes over your computer and won’t allow you to do many things until you purchase the software to get rid of all those mythical bugs.

You’ll find that it activates in safe mode, and safe mode with networking, and also disables Internet Explorer, making it very hard to remove.

The first program you need is called RogueKiller, which is free to download and run. You can download this by going to your browser and typing Don’t worry if you get some pop-ups generated by the malware when you open IE because it’s been hijacked, just close them until you get to your browser and copy and paste that link in.

You’ll find the browser won’t block a direct link. Go ahead and save that file to your desktop. Before you save it however, change the name of the file from RogueKiller to Winlogon. If your browser really isn’t happy because of all the bugs, you can also paste that link into a run window. Go to start and then run, and paste the link. This will again open your browser and you may have to close a few windows before you can save the file.

xp internet security 2012

Run the file on your desktop called Winlogon, and you’ll be presented with a DOS screen with some information and six options. RogueKiller will already have identified the process that is causing the problem, so the option you want is number two, for delete. This deletes the process that is locking up your computer. You’ll see a few screens flash by, and you’ll be presented with a report. You don’t need to view the report, it’s just for information, and so close it and you’ll be back at the desktop.

The next piece of free software you need is called Malwarebytes. You can download this by going to You should find you have the use of your browser back, so go ahead and copy and past this into the address bar of IE and download the software. Again, copy it to your desktop, as this is a logical place to find it easily. Run the installation program and just follow the prompts, as it’s all fairly self-explanatory. When you get to two checkboxes at the end asking if you want to run the program and do an update, leave them checked and click finish. You may be asked if you want to buy the full version of Malwarebytes. At this point just decline and you can continue to use the free version.

Once the update has completed, you can go ahead and do a full scan. It will ask which drives to scan, uncheck everything except the C drive and run the scan. This may take some time, so go and do something else. Once it’s finished though, you can reboot your computer, and with fingers crossed your computer will be back to normal. Now’s a great time to update your antivirus software!!


Previous Post: «
Next Post: «


  1. Georgeta Tudose said on December 8, 2011 at 6:14 pm

    Thank you. It worked!! I could not get to the links to download thru any of the web browsers installed on the computer, so I used another computer to download the exe to a flash drive. Even then, the RUN command window run “F:\winlogon.exe” was blocked by the malware. I moved the executable at C:\ level, rebooted the computer and while the rest of the services/and programs were being restarted, I double-clicked on the executable in C:\ drive to run RogueKiller. It worked like a charm….

    1. Roger said on January 17, 2012 at 10:40 pm

      I understood everything in your post except the last step, where you say something like “while other files were being loaded I ran this program.” How did you do that?

  2. Leah said on December 5, 2011 at 6:13 am

    Ok, so what do you do if the second program won’t run? I tried double-clicking on the icon, but nothing happened.

  3. Wes said on November 27, 2011 at 2:44 am

    Thanks for your article on removing this virus. It is the only one I could get to work properly. I tried doing it manually as suggested by other sites but didn’t work. I had to move winlogon onto the root directory and then run it from the dos command as it was being blocked from the desktop. Once it did its thing, I was able to run Malwarebytes.

    1. Majickstar said on November 28, 2011 at 2:18 am

      This worked for me too. Needed to load as start run. I got infected today and after 4 hours on my own unsuccessfully removing these instructions only took me a few minutes. Thank you for saving my weekend. 11/27/2011. Majickstar

  4. Hutsy said on August 17, 2011 at 3:41 pm

    Another option is to perform a system restore to a known good point, then use unhackme or malwarbytes to remove any initiating files. Obviously this isn’t ideal if the user has turned off system restore, or has installed a heap of stuff since being infected.

  5. TRY said on August 16, 2011 at 11:31 pm

    Prevention is better than cure!
    Use Malwarebytes Antimalware Pro to ward Rogues like these and other malwares.


  6. Turea Alexandru Teodor said on August 16, 2011 at 3:35 pm

    I encountered a fake antivirus like this on a friend’s laptop and, among other things, it blocked all internet access.

    The only way to kill it was to boot with a live Linux (SLAX), delete the virus, then, upon reboot, restore the shell32.dll registry key because, as all the executable files were proxied/opened by the virus, only a few system executable files could be used/run (with the proxy-virus missing, most executable files gave an error).

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.