Saturday, December 15, 2012

XP Antivirus Pro 2013. Removal tool

Some malware programs claim to be some excellent anti-virus applications. They would promise many great things to you. In particular, they would detect many fake threats in your PC and would tell that they would get rid of such viruses on the condition that you first pay for it. This is the exact description of the behavior of XP Antivirus Pro 2013 malware. The application we’re talking about right now isn’t powerful at all. It does not possess with the ability to identify real security threats. Neither is it powerful to delete them all. By the way, the fake anti-virus program we’re describing now does not ask for your consent on infiltration into your computer. Normally, as far as legit anti-virus tools are concerned, user has to take certain action in order to install them. As for XP Antivirus Pro 2013 the user doesn’t participate in the installation process at all. The hoax makes its dwelling in the computer when the users doesn’t even realize this. Then the malware, by the way, initiates the amendments into the system registry, so that it would be started together with Windows operating system (whatever version of it you have).

Once the rogue is launched and running automatically it initiates the scan of your computer, saying then that it is terribly infected and compromised with various sorts of viruses. It says that it can remove them after you pay for its license. Well, the license would not save your PC, believe us. As we have said already, this program knows nothing about virus elimination, and its license is just the source of making its developers richer. Once users pay for the activation code of the fake AV bearing the name of XP Antivirus Pro 2013 the crooks have actually accomplished their evil plot.

Seeing the permanent popups, ads and other warnings of XP Antivirus Pro 2013 is really annoying indeed. The good thing about this malware is that at least it does not block your Internet browser and thus allows you to download legitimate anti-virus programs. It would also allow you to execute the malware removers once they have been installed successfully. So, go ahead and choose one of them to delete XP Antivirus Pro 2013 virus. Remember that it is strongly recommended that you’d rather obtain real-time (full) protection available with GridinSoft Trojan Killer described at this site.

Fake alerts, popups and warnings reported by XP Antivirus Pro 2013 scam:

Privacy alert! Rogue malware detected in your system. Data leaks and system damage are possible. Click here for a free security scan and spyware deletion.
Privacy threat! Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Severe system damage! Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible. Act now, click here for a free security scan.
System danger! Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.
System hijack! System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
Threat detected! Security alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and system damage may be severe. Recover your PC from the infection right now, perform a security scan.
Virus infection! System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.

Detailed XP Antivirus Pro 2013 removal guide:

http://trojan-killer.net/xp-antivirus-pro-2013-removal-instructions/

Removal video:

Recommended software for malware removal:

List of files associated with XP Antivirus Pro 2013:

  • %LocalAppData%\[rnd_2]
  • %Temp%\[rnd_2]
  • %UserProfile%\Templates\[rnd_2]
  • %CommonApplData%\[rnd_2]

List of registry entries associated with XP Antivirus Pro 2013:

  • HKEY_CURRENT_USER\Software\Classes\.exe
  • HKEY_CURRENT_USER\Software\Classes\.exe\ [rnd_0]
  • HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload
  • HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
  • HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ “[rnd_1].exe” -a “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\ Application
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\Content Type application/x-msdownload
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\DefaultIcon
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\DefaultIcon\ %1
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command\ “[rnd_1].exe” -a “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command\IsolatedCommand “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command\ “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command\IsolatedCommand “%1″ %*

File Location Remarks and Explanations:

  • %Desktop% implies that the file is located straight on your PC’s desktop. The full and detailed location is C:\DOCUMENTS AND SETTINGS\\Desktop\ for Windows 2000/XP, and C:\Users\\Desktop\ for Windows Vista and Windows 7.
  • %Temp% stands for the Windows Temp folder. By default, it has the location C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\\AppData\Local\Temp for Windows Vista and Windows 7.
  • %AppData% means the current users Application Data folder. By default, it has the location C:\Documents and Settings\\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\\AppData\Roaming.
  • %StartMenu% stands for the Windows Start Menu. For Windows 95/98/ME the location is C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it stands for C:\Documents and Settings\\Start Menu\, and for Windows Vista/7 it is C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu.
  • %CommonAppData% means the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it has the location C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)