Tuesday, May 7, 2013

Remove XP Protection 2013Remove XP Protection 2013

Remove XP Protection 2013
XP Protection 2013 is a fake antivirus program which intend to urge the user whose computer is infected by XP Protection 2013 to purchase the full version of XP Protection 2013. XP Protection 2013 produces fake alert in order to cheat the user. XP Protection 2013 installs into the computer without the confirmation of the user and configure itself to start automatically when windows boot. XP Protection 2013 will then scan the computer and state that there are many malware in the computer and ask the user to purchase full version of XP Protection 2013 to remove all the malwares. XP Protection 2013 is highly likely to block genuine scanning software and hijack your web browser through a proxy server.

XP Protection 2013 can be remove by stopping the process hee.exe and remove the file by using Emsisoft HiJackFree. Then the user should remove the registries entries added and modified by XP Protection 2013 according to the removal guide stated below.

XP Protection 2013 should be removed immediately!

XP Protection 2013 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = "application/x-msdownload"
HKEY_CURRENT_USER\Software\Classes\.exe | @ = "pezfile"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = ""%1? %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = ""%AppData%\hee.exe" /START "%1? %*"
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = ""%1? %*"
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = ""%AppData%\hee.exe" /START "%1? %*"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile

Remove Folders and Files
%AppData%\[random].exe
Posted by Olzen at 7:51 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)