XP Home Security 2016 (XPHomeSecurity 2016) Virus Removal Guide

Virus Type: Rogue Security Application
Threat Level: 8 / 10

XP Home Security 2016, also known as XPHomeSecurity2011, is a new fake antivirus / antispyware application. XP Home Security 2016 generally infects systems running Windows XP. The virus will change into Vista Home Security 2016 if it infects a computer running Vista; the virus will change into Win7 Home Security 2016 if it infects a computer running Windows 7. XP Home Security 2016 is a clone of a variety of fake antivirus programs and has a similar look to Total XP Security. XP Home Security 2016 main executable is a series of random letters; this executable is similar to AV.exe and AVE.exe, which are the main executable of previous clones of this virus. XP Home Security 2016 will modify the registry; therefore, the registry must be fixed before removing the main executable. The comments here and comments here may provide insight. The main executable is generally a hidden file.

Below is our recommended removal tool for XP Home Security 2016. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

If you are unable to run the removal tool, or are unable to run any programs in general, you may need to stop the processes associated with XP Home Security 2016 with task manager. If task manager has been blocked by XP Home Security 2016, try using Process Explorer.

It is recommended to use safe mode when removing the virus because XP Home Security 2016 will generally not be able to load in safe mode. To enter safe mode, restart the computer and press F8 multiple times before the Windows screen to bring up the boot options.

Boot Menu

The safe mode with networking option will allow the user to be able to use the internet in safe mode. XP Home Security 2016 can be removed by using the

or by manually removing the virus.

View XP Home Security 2016 Files
View XP Home Security 2016 Keys

Common symptoms and characteristics of XP Home Security 2016 and other rogue security programs include:
1. XP Home Security 2016 is generally installed without user permission.
2. XP Home Security 2016 uses pop ups and fake virus scans to scare the user.
3. Various antivirus and system programs on the user’s computer will stop functioning.

Manual XP Home Security 2016 Removal – In order to manually remove XP Home Security 2016, the processes associated with XP Home Security 2016 must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before XP Home Security 2016 entered the computer.

Important: Before attempting to manually remove XP Home Security 2016, we recommend that the user read through comments posted by other users on how they removed specific fake antivirus programs since many fake antivirus programs are similar. These comments can be found by clicking here. These comments may provide additional information which may be useful in removing XP Home Security 2016. However, please use discretion since these specific comments pertain to other fake antivirus programs.

Stop XP Home Security 2016 Processes (Learn How To Do This)
[random letters].exe

Remove XP Home Security 2016 Files (Learn How To Do This)
C:\Documents and Settings\[username]\Local Settings\Application Data\[random letters].exe

Remove XP Home Security 2016 Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER\Software\XP Home Security 2016
HKEY_LOCAL_MACHINE\SOFTWARE\XP Home Security 2016
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP Home Security 2016

Remove XP Home Security 2016 Startup Entry (Learn How To Do This)
[random letters].exe

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What is a rogue security application? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

If you have any questions or comments, please don’t hesitate to comment below. If you need any help with any of the steps, please don’t hesitate to comment below. We recommend that you follow our safety tips so that you can keep your computer clean Please Click Here to View Our Safety Tips.

Your feedback is very highly valued by others so please feel free to comment below. Please feel free to share a solution that you may have used to remove Vista Antispyware 2016.

This entry was posted on Saturday, February 19th, 2017 at 7:19 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

15 Responses to “XP Home Security 2016 (XPHomeSecurity 2016) Virus Removal Guide”

emma March 20th, 2017 at 4:03 am

hi ppl i just got this virus and cant figure out how to delete it i accidentaly did a virus scan without safemode and that only made it worse so i went into safemode used malwarebytes then went to normal settings, it wouldnt let me on the intErnet so i went back onto safemode, but the virus was still there and no internet, and no virus scanners work, i dont have another compy w/internet so no flash drive downloads, im using the phone for internet, i have no idea what processes to end on my task manager, i dont know if somethings supposed to be there or not, nor do i understand where to find and delete the HKEY//gjr stuff, plz help , computer needed tomorrow

asdfsdf April 4th, 2016 at 7:30 am

EVERY program that i open, opens xp home security.. EVERYTHING. cant open msconfig, regedit, system restore, IE, firefox, any of the 10 antivirus programs.. and here’s the kicker, xp home security even opens when i’m in safe mode. yep, still cant open anything even in SAFE MODE.

antiant April 4th, 2016 at 4:28 pm

I got this virus today, when i clicked to open internet explorer it would just bring up home security, i found i could get onto firefox and also google chrome by right clicking and running as admin, but when i got onto trendmicro site to run a scan it just would not have it, started in safe more and to my amazement and disgust home security was there, opened up system restore as administrator and restored to yesterday, when it finished and i restarted computer home security aint appeared so now im off to run a virus scan or 10, well paranoia does have a habbit of setting in after unsure removal of a virus ;D

Catherine April 5th, 2016 at 1:52 am

Hello!
I also get this virus today but I am not able to do anything, is there someone who can help? my internet doesnt work on my computer. Thanks.

Justin April 6th, 2016 at 7:38 am

Hey Guys,
I was working on fixing this today on my gf’s computer. So far I’ve only found a solution while HAVING an internet connection. I’m trying to fix another computer which isn’t getting internet access… if I find a solution, I will post it.

Here is what worked for me while having a WORKING internet connection (this is the simple version… iow, using a program to remove it for you)
(1)First off, go to task manager (ctrl/alt/dlt)>processes and then end the security process. This will most likely show up as PW.exe, or as a random 3 letter combo.exe (ie hjk.exe). THEN, reboot and get into safe mode WITH networking…
(2)Download either malwarbytes or spybot, personally i prefer malwarbytes…
(3)Install mbytes, and run AS ADMMINISTRATOR…
(4) Run a quickscan, and the infected files/reg keys should show up… i.e. (HKEY_CURRENT_USER\Software\XP Home Security 2016)
(5) Reboot and DONE! It is probably a good idea to run a full system scan with malware bytes to be sure, as well as AVG or another trustworthy anti-virus prog.

Justin April 6th, 2016 at 7:40 am

I forgot to mention this, and just in case it isn’t clear…
once mbytes or spybot has found the infected files and keys, etc. you must click REMOVE/DELETE in the scan result section. Then reboot.

Cheers :)

Josh April 7th, 2016 at 5:08 am

I had this one bad – could not open browser, regedit, msconfig, malwarebytes. It would just load the virus and run the bogus scan. Tried safemode – still problems. Solution was system restore to earlier this morning when I first turned computer on. After that scanned with malwarebytes and MSE. So far everything seems back to normal!

Lars April 18th, 2016 at 8:15 am

seems like its changing behaviour.

for me,

HKEY_CURRENT_USER\Software\Classes\exefile

HKEY_CURRENT_USER\Software\Classes\.exe

is both linking to the trojan, thats why its just showing the xp home security window when you try to start any applications.

i couldn’t find any other startup entries, as mentioned.

i also couldnt find the other registry keys mentioned.

so beware if you stumble into this one!

Chris April 19th, 2016 at 2:19 am

Jusin, everything you said worked great. I can’t thank you enough. Was able to get internet access long enough to read and download the spyware programs. This windows xp program is such a pain. Thanks for the help again.

Jim Hofman May 6th, 2016 at 4:02 pm

I got rid of the malware (brn.exe) and keys but now I can’t install AVG or Windows Defender.
Any Ideas?

X May 8th, 2016 at 11:05 pm

This is what I did for my Windows XP computer. I hope this helps:

1. When you first see the threat or the alerts, or if you have a feeling that something isn’t right, go ahead and download Malwarebytes.
2. After you do that, open Task Manager, (just in case you need it if you’re in a pickle).
3. After MalwareBytes is installed and fully operational, right-click it and look for run as…Click it. Change the option of the user to Administrator or Admin, and if it has a password type it in. Now press ok.
4. After that, scan your computer. A quick scan is recommended, but I personally did a full scan.
5. When you get the results, delete all of the viruses and threats as such. After this, restart or reboot your computer.
6. Now go in your Administrator account, (unless you were originally in it already), and go to start menu > all programs > Accessories > System Tools > System Restore.
7. I suggest you read what it says if you never did a System Restore before. If you know what it does already, just go ahead and do the instructions so you can restore your computer to an earlier date.
8. After you did the System Restore, full scan your computer AGAIN with Malwarebytes. This helps you find any more threats possible, and to be perfectly sure you’re computer is protected.

I know this looks a bit like Justin’s comment, but this is what I did for this virus. I did use Justin’s comment to walk me through this, and then I did some of my own things. Thanks alot, Justin!! Also, if you didn’t read his comment already, (above this one here), or Josh’s comment, (also above this one), then be sure to do so. It really helps. All I did was combine their comments and did a little bit extra. Hope this helped!

Joanna Belunek May 16th, 2016 at 12:38 pm

I used Windows Defender, a removal tool. I downloaded it free from the Mircosoft website. It is free to most Windows users (some older windows versions can’t use it) My system is XP. It was simple to install, ran scan, found 3 viruses, and removed them (XP Home Security 2016 was one of the viruses removed)

Jay from Apr 4th May 27th, 2016 at 3:18 am

Hi all I recently had a similar virus to this I fixed back on Apr.4th within a 5 hr time span. I was working on my sister’s computer tonight and pretty much narrowed it down to being an updated version. These are the actions I took last time…

The file showed up as vno.exe for me (This time it was a bunch of crazy #’s and letters). I deleted it. For reference I’m using XP.

Thx to some Christian guy somewhere on this site I was able to kinda
pinpoint what file it was I had to get rid of. Noticed the CPU usage
in the task manager every time I tried opening something that was
blocked by the virus. (You must end the task of this mysterious file. You’ll notice the rogue program’s icon disappear when you slide the mouse over it in the bottom right of your screen.)

When looking in C:\Documents and Settings\user name\Local
Settings\Application Data make sure to click on Tools. Folder Options.
View. Check the radio button “Show Hidden files and folders”. Also
uncheck “Hide protected system operating files.” This should show the
hidden file causing the prob.

I then followed Kwisatz Haderach’s post from this site:

“1.I pasted this text onto the notepad application:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”

2.Then I saved it to my desktop naming it fix.reg

3.I then opened up the newly made .reg file and clicked yes when
prompted whether or not I wanted to update my registry with the newly
modified information.”

But I was still getting the “Open with” error so I then followed
Alex’s post from this site as well.

“1. Open Task Manager
2. Click File, then holding CTRL, click on “New Task (Run…)”
3. A command prompt window should open. Type in “regedit.exe”
4. You should now have the registry editor open. Go into
HKEY_CLASSES_ROOT / .exe
5. Change the (Default) entry to “exefile” if it isn’t already (it was
secfile for me)
6. Now go into HKEY_CLASSES_ROOT / exefile / shell / open / command
and change the (Default) entry to (“%1″ %*) without the brackets.”

Everything worked for me the 1st time. Ran Malwarebyte’s Anti-Malware. All is good for my computer. For my sister’s computer I did get rid of the nasty virus. However a page still doesn’t load when the browser is opened. I’m thinking the program changed a setting of sorts. Something I’ll have to look in to later. Please let me know if you have any ideas on how to get a page to load in the browser. Thanks again and I hope my info helps.

ken July 6th, 2016 at 5:18 pm

I got hit last night after I went to a photo archive site some guy directed me to on Facebook.
I am not a Facebook user.
I went to my PROGRAMS folder and found a folder named YANTOO that I didn’t reconize.
I deleted the YANTOO folder and re-booted.
No problems so far.

kerem cebeci July 12th, 2016 at 9:16 am

if you want manual remowe this virus pleae attention this stuation.

if you del virus (randomletter.exe).exe file, your system can’t open any .exe files. (double click=open with).

Please note random letter virus file name. (like rqw.exe)

Please do this;

open safe mode your computer.

Start –> Run. (or press windows key + R)

Type “command.com” and press Enter. (a dos window opens.)

Type this and press enter typing each one
cd\
cd \windows
copy “regedit.exe regedit.com”
start regedit.com

regedit window are open.

Navigate to and select the key:

HKEY_CLASSES_ROOT\exefile\shell\open\command

In the right pane double-click the (Default) value.

Delete the current value data, and then just type this:

“%1″ %* (please copy and paste)

Close Regedit and restart your computer.

Start-> Click Run and type regedit.exe and press enter.

Open regedit utility.

press CTRL+F and search your virus file name (like rqv.exe)

find collumn and dell or fix it. (attention to open shell words)

sory for bad english.

Leave a Reply