Description: Virus Name: XP Internet Security 2010 is an Operating System-specific rogue program that changes its name to either Vista Internet Security 2010 or Win 7 Internet Security 2010 according to the Operating System it is installed on. It uses the well-known tactics of trying to scare the user into buying a license for the software. XP Internet Security 2010 gets installed on user systems via Trojans that get downloaded along with fake video codecs and along with other malware. Once installed, XP Internet Security 2010 proceeds to perform numerous fake system scans, returning fake results that claim that the user’s system is under serious threat from a myriad of viruses. It also aggressively blocks removal by disabling Windows utilities such as the Task Manager and Registry Editor. XP Internet Security then claims that the user should purchase a license to its ‘full’ version, as apparently the ‘trial’ version which is currently installed, is incapable of removing the detected false ‘threats’. It is important to remember that no version of XP Internet Security 2010 can clean any system.
XP Internet Security 2010
» Download Personal Security Removal Software
As XP Internet Security 2010 aggressively tries to block users from removing it, you will have to restart your computer in Safe Mode before you attempt manual removal.
File Removal Procedures
The first step needed to remove XP Internet Security 2010 is to stop the following process: ( Learn how to terminate a running process )
- av.exe
Please note that if you are in safe mode this program is most likely not running. Now you are ready to delete the following files and folders:
- %Documents and Settings%\[UserName]\Application Data\av.exe
- %Documents and Settings%\[UserName]\Application Data\WRblt8464P
Once these steps have been completed, XP Internet Security 2010 no longer resides on your hard disk.
Registry Removal Procedures
Removing files and folders is not sufficient to completely get rid of XP Internet Security 2010. The following registry entries should also be removed: (How to Edit Registry Here)
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
- HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
- HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*
- HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?
Once these keys and settings have been removed, your computer is completely safe from XP Internet Security 2010. It would be prudent to perform a full system scan using a genuine antivirus software such as Spyware Doctor with Antivirus in order to make sure that no other malicious software are left on the system.
Outside Sources:
http://www.2-spyware.com/remove-xp-internet-security-2010.html
http://www.symantec.com/connect/blogs/xp-internet-security-2010-rogue
Speak Your Mind