Thursday, April 29, 2010

Total XP Security Removal GuideTotal XP Security Removal Guide

Total XP Security Removal Guide
Total XP Security is a rogue antispyware program which use Trojans to find security holes to enter the targeted Operating System. Once active, Total XP Security will add corrupt files and create registry keys for those files to be launched every time the PC is rebooted. Soon the unwary user will receive annoying popup messages about malware on the computer. Those are fake warnings to redirect users to one of Total XP Security rogue websites which distribute the paid licensed version of the useless software. Do not click on anything which seems related to this blatant scam and have Total XP Security removed as soon as it has been detected.

Removal Tool: Remove Fake Antivirus. (Download it here.)

Removal Guide
Kill Process
(How to kill a process effectively?)
av.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "av.exe /START "iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "av.exe" /START "firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "av.exe" /START "firefox.exe"
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "av.exe"
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "av.exe"
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "av.exe"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "av.exe"

Remove Folders and Files
%UserProfile%\Local Settings\Application Data\av.exe
%UserProfile%\Local Settings\Application Data\WRblt8464P

No comments:

Post a Comment