Search this blog

Friday, April 8, 2011

XP Total Security - rogue. How to get rid of XP Total Security virus.

The complete screenshot of XP Total Security is shown in the upper-left part of this post. XP Total Security is the next representative of rogue applications. Rogue program means the application that claims many great things of itself, whereas the fact is that it is not what it claims to be. Well, this is exactly about XP Total Security virus.

XP Total Security claims to be able to detect viruses and successfully remove them. What a bunch of lies indeed. It should be mentioned that XP Total Security is the virus in its very essence. How can virus remove viruses? This is really ridiculous indeed, isn't it? Moreover, XP Total Security would not let you remove supposedly detected viruses if you do not pay for it. What a trick of frauds and crooks! Do not ever trust its fake statements and do not treat anything it says as serious.

By this moment you probably understand that XP Total Security is the malware that should be removed. There are several options on how to do it. You may do it either manually or automatically as stipulated below. Please find the video attached on how to remove similar virus using the program recommended by us - GridinSoft Trojan Killer. The removal procedure of removal of XP Total Security malware is not different from removal of XP Anti-Spyware virus as shown at the video provided below.

For automatic removal of XP Total Security download GridinSoft Trojan Killer and run it. If the download process is blocked by XP Total Security virus you may download GridinSoft Trojan Killer from clean computer and copy it to your flash drive (memory stick). Then you may transfer the installation file of GridinSoft Trojan Killer to your infected computer and install it there.

XP Total Security manual removal:

Delete XP Total Security files:

%AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru %AppData%\Local\[random].exe (look for 3-letter names) %AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru %AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru %Temp%\t3e0ilfioi3684m2nt3ps2b6lru

Delete XP Total Security registry entries:

HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile' HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload' HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon "(Default)" = '%1' = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*' HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "IsolatedCommand" = '"%1" %*' HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "(Default)" = '"%1" %*' HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*' HKEY_CURRENT_USER\Software\Classes\exefile "(Default)" = 'Application' HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload' HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1' HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*' HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "IsolatedCommand" = '"%1" %*' HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "(Default)" = '"%1" %*' HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command "IsolatedCommand" - '"%1" %*' HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1' HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*' HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*' HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*' HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*' HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload' HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*' HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*' HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "%1" %*' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode' HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\[random 3 letters].exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"'

No comments:

Post a Comment

Search this blog