Description of XP Anti-virus and consequences of its residing on your PC

XP Anti-virus is yet another headache for Windows users. It is a partial substitution for released roughly less than a day before it virtually the same  by appearance programs under different names, XP Total Security 2011 and XP Security.
Exactly like its forerunners, the adware  comes through the set of popups  generated by trojan. They refer to random trojan name, e.g. Trojan.Horse.Win32.PAV.64.a, and are dressed up as Windows alerts.
Other propagation schemes are detected for this adware as it has been found to be introduced through several flaws of Windows XP and Windows Vista and then installed without user’s participation.
In order to remove XP Anti-virus and other rogue programs, click here to launch free scan as an inevitable initial stage for any malware extermination.

XP Anti-virus Technical Details:

  • Full name: XP Anti-virus, XPAnti-virus, XP-Anti-virus
  • Version: 2011
  • Type: Rogue anti-spyware
  • Origin: Russian Federation

Signs of being infected with XP Anti-virus

As stated above, XP Anti-virus is very similar by appearance to  Windows Background Protection and Windows Lowlevel Solution. The two latter apps, in their turn, bear even more striking resemblance to yet older fake antispyware pushed through the set of fake Windows (Microsoft Security Essentials) alerts.
Therefore detection signs for the adware in question are very similar  and even practically the same as for its forerunners.
All of its alerts, if not the same, deliver the same misleading messages as those of earlier counterfeits of this group. For instance, there are alerts explaining why system reboot is to happen and alert saying that firefox (in actuality, a legitimate web-navigator) is a keylogger.
Click here to start free system inspection in order to detect the adware and get rid of its core and supplementary components, as well as of other threats detected.

XP Anti-virus automatical removal:

Automatic  way to get rid of  XP Anti-virus takes into account that the adware is related to the trojan already known to facilitate propagation of dozens of counterfeits, but also treat the adware as a unique infection as it is actually a new threat in spite  of the striking similarity of its GUI to dozens of other fake AV tools.

XP Anti-virus Removal Tool

Manual Removal of XP Anti-virus:

There is no way to uninstall XP Anti-virus  but its removal. Manual removal of  XP Anti-virus  is a complete extermination of its constituents and registry entries.

Remove XP Anti-virus files and dll’s:

%UserProfile%\Local Settings\Application Data\opRSK

%UserProfile%\Local Settings\Application Data\pw.exe

%UserProfile%\Local Settings\Application Data\MSASCui.exe

%UserProfile%\AppData\Local\opRSK

%UserProfile%\AppData\Local\pw.exe

%UserProfile%\AppData\Local\MSASCui.exe

Unregister XP Anti-virus registry values:

HKEY_CURRENT_USER\Software\Classes\pezfile

HKEY_CLASSES_ROOT\pezfile

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*

HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*

HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*

HKEY_CLASSES_ROOT\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1”

XP Anti-virus Remover with free scan