Search this blog

Friday, April 8, 2011

How to remove XP Anti-Spyware virus using GridinSoft Trojan Killer

XP Anti-Spyware is a virus that aims to deceive users. Its only goal is to steal money from them. Bear in mind that XP Anti-Spyware scam penerates to PC via gaps in the system security and other system leaks that make your PC vulnerable to external threats. However, if you use a good anti-virus program you can remove XP-Antipyware virus without any problems.

We have been able to download this virus sample on our test computer in order to analyse it and to tell you how to remove XP Anti-Spyware fake anti-virus application. The video on how go get rid of XP Anti-Spyware is shown below. Do not trust any fake promises made by XP Anti-Spyware and do not buy it. On the contrary, make sure to delete XP Anti-Spyware virus from your computer as shown below. Please do not hesitate to contact us at any time if you need our help.


Delete XP Anti-Spyware files:

%Documents and Settings%\[User Name]\Local Settings\Application Data\opRSK %Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe %Documents and Settings%\[User Name]\Local Settings\Application Data\MSASCui.exe

Delete XP Anti-Spyware registry entries:

HKEY_CURRENT_USER\Software\Classes\pezfile HKEY_CLASSES_ROOT\pezfile HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe” /START “%1″ %* HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command “(Default)” = “%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe” /START “%1″ %* HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe” /START “%1″ %* HKEY_CLASSES_ROOT\pezfile\shell\open\command “(Default)” = “%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe” /START “%1″ %* HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%Documents and Settings%\[User Name]\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″

No comments:

Post a Comment

Search this blog