Wednesday, June 8, 2011

XP Antispyware 2012 Removal Guide

XP Antispyware 2012 Removal Guide
XP Antispyware 2012 is a fake antivirus program which come with a rootkit to prevent many program from running on the computer. XP Antispyware 2012 cannot detect and remove any kind of virus, malware and trojan. What XP Antispyware 2012 can do is displaying fake report to tell the user that the computer has been infected by many malwares, trojans and viruses. XP Antispyware 2012 will urge the user to purchase the full version of XP Antispyware 2012 to remove all the detected malwares, viruses and trojan. Bare in mind that XP Antispyware 2012 CANNOT detect and remove any malware, virus and trojan.

XP Antispyware 2012 provide fake features such as system scan, firewall, scan option, settings and updates. It scares the users with a lot of malwares detected on the computer such as Adware.Win32/Wheresphere, W32/Rimecud, Exploit-PDF.w etc. It claims itself that it can protect your PC just simple one-click solution. It ask the user to activate XP Antispyware 2012 so that to have auto protection on computer. All of them is a lie. Do not believe it.

XP Antispyware 2012 should be removed immediately!


XP Antispyware 2012Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Internet Explorer\iexplore.exe”‘
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’

Remove Folders and Files
%AppData%\Roaming\Microsoft\Windows\Templates\[rRANDOM CHARACTERS]
%AppData%\Local\[random]
%Temp%\[random]
%AppData%\Local\[random].exe
%AllUsersProfile%\[random]

No comments:

Post a Comment