XP Anti-Virus 2012 can block websites, redirect your browser, prevent programs from functioning correctly, and create desktop alert messages with false information. It shouws pop-up alert messages on your desktop and browser such as Internet Explorer alert, Security breach, System danger, Privacy threat etc.
XP Anti-Virus 2012 can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added. These can be done by using Emsisoft HiJackFree.
XP Anti-Virus 2012 should be removed immediately!
XP Anti-Virus 2012 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
Remove Folders and Files
%Temp%\[random].exe
%AppData%\Roaming\Microsoft\Windows\Templates\[random].exe
%AppData%\Local\[random].exe
%AppData%\Local\.exe
%AllUsersProfile%\[random].exe
%UserProfile%\Local Settings\Application Data\opRSK
No comments:
Post a Comment