Antivirus XP 2010

Antivirus XP 2010 is an extremely dangerous program disguising as a legitimate Windows security tool. Antivirus XP 2010 is known to be distributed through fraudulent social engineering, fake multimedia codecs and fake online virus scanner websites. When on the system, Antivirus XP 2010 adds its own registry values that will ensure its start-up process when Windows is run. In terms of security performance, rogue program such as Antivirus XP 2010 has no components available to perform as such. So keep in mind that having Antivirus XP 2010 activation key is a complete waste of money.

TypeRogue
Sub-TypeFakeAV
Aliases 
OS AffectedWindows
Detected ByMalwareBytes

What are the Symptoms of Antivirus XP 2010 Infection?

Antivirus XP 2010 Screen Shot Image

This rogue program will fabricate its own virus scan findings that may deceive computer users to buy the licensed version of Antivirus XP 2010.

It will modify Windows Registry and add the following entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “Antivirus XP 2010 ”
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1″ %*
  • HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1″ %*
  • HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “%1″ %*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\av.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″

The threat will drop the following malicious files:

  • %Program Files\Antivirus XP 2010\av.exe
  • %UserProfile%\Local Settings\Application Data\av.exe
  • %UserProfile%\Local Settings\Application Data\[random]
  • %UserProfile%\AppData\Local\av.exe
  • %UserProfile%\AppData\Local\[random]

How to Remove Antivirus XP 2010 Manually

1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8 - From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.

- Click Start > Run – Type in the field, regedit – Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:

- Base on the given location above, browse and delete the file – If no location is given, click Start>Search> and search for the files. – If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program

- Update antivirus program – Scan computer and delete all detected threats.

How to Easily Remove Antivirus XP 2010

1. Download and run Removal Tool to remove Antivirus XP 2010

Leave a Reply

Your email address will not be published. Required fields are marked *

(Required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>