Posts Comments

XP Anti-Virus 2011

By admin on February 26, 2011 Leave a Comment

XP Anti-Virus 2011 is a fake antivirus application that uses scare tactics to goad the user into purchasing a “registered” version of the product. XP Anti-Virus 2011 will display several warnings, popups and messages claiming that your system is at risk. Naturally, all of these red flags that XP Anti-Virus 2011 throws up are false, and are nothing more than a scare tactic.

How did I get in Infected with XP Anti-Virus 2011?

XP Anti-Virus 2011 is typically installed as a drive-by download, which usually means that it’s installed without your permission.

What is XP Anti-Virus 2011 doing to My Computer Right Now?

Once installed on a user’s computer XP Anti-Virus 2011 does not appear to disable task manager or any other processes, but its presence is often stubborn and highly annoying. It also performs fake scans with intentionally vague or fallacious results in an attempt to get you to purchase it.

XP Anti-Virus 2011

XP Anti-Virus 2011

ยป Download XP Anti-Virus Removal Software

As soon as you find yourself infected with XP Anti-Virus 2011 you need to take immediate action to remove it. XP Anti-Virus 2011 removal can be very challenging for non savvy computer users.

You will have to kill the following process first as the initial step to remove XP Anti-Virus 2011:

  • [RANDOM].exe

The main executable of this threat is random. This makes removing such threats that much harder. The threat is normally found in %AppData%\Local\[RANDOM].exe and %UserProfile%\Local Settings\Application Data\[RANDOM].exe

The following files and folders will also need to be deleted:

%UserProfile%\Templates\t3e0ilfioi3684m2nt3ps2b6lru  %UserProfile%\Local Settings\Application Data\[RANDOM].exe  %AllUsersProfile%\t3e0ilfioi3684m2nt3ps2b6lru  %AppData%\Roaming\Microsoft\Windows\Templates\t3e0ilfioi3684m2nt3ps2b6lru  %AppData%\Local\t3e0ilfioi3684m2nt3ps2b6lru  %AppData%\Local\[RANDOM].exe  %AppData%\t3e0ilfioi3684m2nt3ps2b6lru    %Temp%\t3e0ilfioi3684m2nt3ps2b6lru

Remove XP Anti-Virus 2011: Cleaning the Registry

Once you are done with deleting the files listed above, don’t forget to clean your registry. You will have to get rid of the following registry keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM].exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM].exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”‘
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM].exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”‘
  • HKEY_CLASSES_ROOT\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
  • HKEY_CLASSES_ROOT\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
  • HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM].exe” /START “%1” %*’
  • HKEY_CLASSES_ROOT\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
  • HKEY_CLASSES_ROOT\.exe\DefaultIcon “(Default)” = ‘%1’
  • HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM].exe” /START “%1” %*’
  • HKEY_CLASSES_ROOT\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
  • HKEY_CLASSES_ROOT\exefile\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
  • HKEY_CLASSES_ROOT\exefile “Content Type” = ‘application/x-msdownload’
  • HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1’ = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM].exe” /START “%1” %*’
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1″ %*’
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1″ %*’
  • HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1’
  • HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
  • HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
  • HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM].exe” /START “%1” %*’
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
  • HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
  • HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’

Outside Resources:

http://www.2-spyware.com/remove-xp-anti-virus-2011.html

http://www.symantec.com/connect/forums/how-remove-xp-anti-virus-2011

Filed Under: Virus Removal Tagged With: , , , ,

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.