Thursday, January 17, 2013

XP Security 2013 (XP Security Plus 2013) virus. Removal guide

XP Security 2013 and XP Security Plus 2013 are, in fact, two similar programs that are categorized as rogues. There's nothing good that they can do for your system. They are unable to protect you in times your computer requires protection so desperately. These are fake antiviruses that, upon unauthorized installation, amend your system and plan to scare you to death in order to force you to buy their so-called full version, which, in fact, is not able to assist users in virus removal or threat prevention.

XP Security 2013 comes to your system like a thief at night - unexpectedly and unpredictably. It immediately amends your system for the purpose of being started automatically together with every system startup (once you launch your computer). Plus, it is surely an outrageous fact that this scam doesn't let you launch many of important executables (such as Task Manager, your installed browser(s) and available security software. This is because the hoax is afraid you will remove it with their help.

As we've mentioned already, XP Security 2013 virus arranges all kinds of bogus scans of your system in order to make you believe your computer is in danger due to so many fake threats reported by it. Without hesitation, it is indeed a scary portion of information, especially when you don't realize that it is fake. So, please don't trust the faulty promises told by XP Security 2013. What is can do is to imitate the removal of invented threats, whereas the real infection that are potentially dangerous can't be identified or deleted by it. Hence, removal of this malware is the only logical step that you should undertake. Please find the detailed removal instructions to get rid of XP Security 2013 malware below.

Fake alerts, popups and warnings reported by XP Security 2013 scam:

Privacy alert! Rogue malware detected in your system. Data leaks and system damage are possible. Click here for a free security scan and spyware deletion.
Privacy threat! Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.
Severe system damage! Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible. Act now, click here for a free security scan.
System danger! Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.
System hijack! System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
Threat detected! Security alert! Your computer was found to be infected with privacy-threatening software. Private data may get stolen and system damage may be severe. Recover your PC from the infection right now, perform a security scan.
Virus infection! System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan.

Detailed XP Security 2013 removal guide:

http://trojan-killer.net/xp-security-2013-removal-video/

Removal video:

Recommended software for malware removal:

List of files associated with XP Security 2013:

  • %LocalAppData%\[rnd_2]
  • %Temp%\[rnd_2]
  • %UserProfile%\Templates\[rnd_2]
  • %CommonApplData%\[rnd_2]

List of registry entries associated with XP Security 2013:

  • HKEY_CURRENT_USER\Software\Classes\.exe
  • HKEY_CURRENT_USER\Software\Classes\.exe\ [rnd_0]
  • HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload
  • HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
  • HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ “[rnd_1].exe” -a “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\ Application
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\Content Type application/x-msdownload
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\DefaultIcon
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\DefaultIcon\ %1
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command\ “[rnd_1].exe” -a “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command\IsolatedCommand “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command\ “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command\IsolatedCommand “%1″ %*

File Location Remarks and Explanations:

  • %Desktop% implies that the file is located straight on your PC’s desktop. The full and detailed location is C:\DOCUMENTS AND SETTINGS\\Desktop\ for Windows 2000/XP, and C:\Users\\Desktop\ for Windows Vista and Windows 7.
  • %Temp% stands for the Windows Temp folder. By default, it has the location C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\\AppData\Local\Temp for Windows Vista and Windows 7.
  • %AppData% means the current users Application Data folder. By default, it has the location C:\Documents and Settings\\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\\AppData\Roaming.
  • %StartMenu% stands for the Windows Start Menu. For Windows 95/98/ME the location is C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it stands for C:\Documents and Settings\\Start Menu\, and for Windows Vista/7 it is C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu.
  • %CommonAppData% means the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it has the location C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)