Sunday, February 20, 2011

XP Home Security 2011 Removal GuideXP Home Security 2011 Removal Guide

XP Home Security 2011 Removal Guide
XP Home Security 2011 is a fake antivirus program designed to pilfer money form hapless computer users. XP Home Security 2011 reports bogus threats and displays fake security warnings on your computer to trick you into thinking that your PC is infected with malware. XP Home Security 2011 uses Trojans, that come from fake online scanners or fake video sites, to do its dirty work. Once active, XP Home Security 2011 do a fake system scan and displays a list of errors. Soon popups will prompt you to pay for a full version of the program to remove the alleged infections. Do not fall for this blatant scam and have XP Home Security 2011 removed form your system immediately.

XP Home Security 2011 can block websites, redirect your browser, prevent programs from functioning correctly, and create desktop alert messages with false information. It shouws pop-up alert messages on your desktop and browser such as Internet Explorer alert, Security breach, System danger, Privacy threat etc.

XP Home Security 2011 can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added. These can be done by using Emsisoft HiJackFree.

XP Home Security 2011 should be removed immediately!

XP Home Security 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[RANDOM].exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'

Remove Folders and Files
%UserProfile%\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%UserProfile%\Local Settings\Application Data\[3 RANDOM LETTERS].exe
%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru
%AppData%\Local\[3 RANDOM LETTERS].exe
%AppData%\t3e0ilfioi3684m2nt3ps2b6lru
%Temp%\t3e0ilfioi3684m2nt3ps2b6lru
Posted by Olzen at 1:36 PM
Labels:

1 comment:

falcon said...

To remove XP Home Security 2011, go to safe mode with networking, then quickly create a new user account, log in to the new account, download combofix and run it, the computer will be restarted, wait until combofix finish, download malwarebytes, install it and run it, download ccleaner and clean up all temp files.
Good luck
A2Z PC

March 25, 2011 at 1:49 PM

Post a Comment

Subscribe to: Post Comments (Atom)