Description of XP Anti-virus and consequences of its residing on your PC
XP Anti-virus is yet another headache for Windows users. It is a partial substitution for released roughly less than a day before it virtually the same by appearance programs under different names, XP Total Security 2011 and XP Security.
Exactly like its forerunners, the adware comes through the set of popups generated by trojan. They refer to random trojan name, e.g. Trojan.Horse.Win32.PAV.64.a, and are dressed up as Windows alerts.
Other propagation schemes are detected for this adware as it has been found to be introduced through several flaws of Windows XP and Windows Vista and then installed without user’s participation.
In order to remove XP Anti-virus and other rogue programs, click here to launch free scan as an inevitable initial stage for any malware extermination.
XP Anti-virus Technical Details:
- Full name: XP Anti-virus, XPAnti-virus, XP-Anti-virus
- Version: 2011
- Type: Rogue anti-spyware
- Origin: Russian Federation
Signs of being infected with XP Anti-virus
As stated above, XP Anti-virus is very similar by appearance to Windows Background Protection and Windows Lowlevel Solution. The two latter apps, in their turn, bear even more striking resemblance to yet older fake antispyware pushed through the set of fake Windows (Microsoft Security Essentials) alerts.
Therefore detection signs for the adware in question are very similar and even practically the same as for its forerunners.
All of its alerts, if not the same, deliver the same misleading messages as those of earlier counterfeits of this group. For instance, there are alerts explaining why system reboot is to happen and alert saying that firefox (in actuality, a legitimate web-navigator) is a keylogger.
Click here to start free system inspection in order to detect the adware and get rid of its core and supplementary components, as well as of other threats detected.
XP Anti-virus automatical removal:
Automatic way to get rid of XP Anti-virus takes into account that the adware is related to the trojan already known to facilitate propagation of dozens of counterfeits, but also treat the adware as a unique infection as it is actually a new threat in spite of the striking similarity of its GUI to dozens of other fake AV tools.
Manual Removal of XP Anti-virus:
There is no way to uninstall XP Anti-virus but its removal. Manual removal of XP Anti-virus is a complete extermination of its constituents and registry entries.
Remove XP Anti-virus files and dll’s:
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
Unregister XP Anti-virus registry values:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1”