Re: Antivirus XP 2010

« Reply #2 on: February 23, 2010, 10:17:23 AM »



--------------------------------------------------------------------------------



How to remove XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010





Most importantly, don't purchase AntivirusXP2010. It's nothing more but a scam. If you have already purchased it, contact your credit card company and dispute the charges. Unfortunately, Antivirus XP 2010 removal is not as easy as you would expect it to be. As we know it blocks all .exe files, so obviously you won't be able to install or run any anti-malware program. Probably the virus won't even let you to download it. You can try to remove it manually, AntivirusXP 2010 associated files are listed below.



Antivirus XP 2010 removal instructions:



1. Click Start->Run (or WinKey+R). Input: "command". Press Enter or click OK.





2. Type "notepad" as shown in the image below and press Enter. Notepad will open.





3. Copy and past the following text into Notepad:



Windows Registry Editor Version 5.00



[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]

[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]

[-HKEY_CLASSES_ROOT\.exe\shell\open\command]



[HKEY_CLASSES_ROOT\.exe]

@="exefile"

"Content Type"="application/x-msdownload"



[-HKEY_CLASSES_ROOT\secfile]



4. Save file as "exefix.reg" (without quotation-marks) to your Desktop.

NOTE: choose Save as type: All files



5. Double-click to open exefix.reg. Click "Yes" for Registry Editor prompt window.



6. Download Spyware Doctor or an automatic removal tool below. Update Spyware Doctor and run a full system scan.



If you can't complete the above steps then please use another PC to download an automatic removal tool and exefix.reg (Right Click (Save Target As)) to download file. Copy these files to USB flash drive or any other external media and transfer them to infected computer. Launch exefix.reg file first and then install Spyware Doctor.



Related files: WRblt8464P, av.exe



Antivirus XP 2010 properties:

• Changes browser settings

• Shows commercial adverts

• Connects itself to the internet

• Stays resident in background





Automatic Antivirus XP 2010 removal:

remover for Antivirus XP 2010Antivirus XP 2010 manual removal:

Kill processes:

av.exe



HELP:

how to kill malicious processes



Delete registry values:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"

HELP:

how to remove registry entries



Delete files:

%UserProfile%\\Local Settings\\Application Data\\av.exe %UserProfile%\\Local Settings\\Application Data\\WRblt8464P

HELP:

how to remove harmful filesOther programs to remove Antivirus XP 2010:

• Malwarebytes Anti Malware - Review - Download

• Malwarebytes Anti Malware - Review - Download

• Windows Defender - Review - Download



Information added: 28/01/10

Information updated: 07/03/10



Additional resources related to Antivirus XP 2010:

Attention: If you know or you have a website or page about Antivirus XP 2010 removal, feel free to add a link to this list: add url

I had this problem today, it was tiring. Malwarebytes is indeed the way to go.



I had the same problem not being able to install Malwarebytes (I double-clicked the desktop icon, pressed the run button - rogue process kicked in - nothing happened on the install). I got around it by right clicking it and selecting 'start' - and then it installed fine.



I did find different ways of intiating programs helped - particularly from the desktop icons. I also identified the dodgy process (in my case, it was a genuine process - hijacked - called MSASCui.exe - but I think it manifests itself different in various instances). I kept zapping that every time it tried to take over and that seemed to help me win the battle when I needed to search for something or launch it.



As you can tell I'm not a techy but I did have some help and perseverance.

You have the latest version of this virus going around. This particular version adds a Shell command to the Context Menu for .exe files. It overrides the default handling of executable files, forcing Windows to call the virus before attempting to run the program. If you right-click on the executable file though, you'll see three options : Run, Run As..., and start. If you select "start", you can run any program normally.



This should allow you to run Malware-Bytes to remove the virus. There is one side effect of the virus which can be irksome. Because it overrides the default handling of executable files in the registry, you will need to correct it. There is a quick registry fix which you can download here.



http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip



You will need to extract the .reg file to a USB Flash Drive or a SDcard because you won't be able to open Windows Explorer once the virus has been removed. At least, that has been my experiencing in removing the virus from two different customers. You're experience may be different and you may be able to simply open Windows Explorer and navigate to the .reg file and allow it to add itself to your registry.



Once you have insertd the Flash Drive or SDcard into your computer, you can run Task Manager by right-clicking on the Taskbar and selecting "Task Manager". Go to



File >> New Task (Run)



A window should open that will allow you to browse to the directory with the registry fix. Select it and allow it to add itself to the registry. After that, restart your computer. Everything should be fixed after that.



On a side note, I used Super Anti-Spyware to remove the virus; not MalwareBytes Anti-Malware. You're results may be different.

You may need to download something called "Vundofix". You can get it here:



http://vundofix.atribune.org/



I'm not 100% sure what time of virus that is, but typically those are vundo. If that doesn't fix it, then your best bet is probably getting a linux livecd and running something like ClamAV on your infected Windows install.



EDIT: It's probably best to do the latter. I'm not sure it's a vundo. Best bet is to either download Avira AntiVir and scan, or do the linux livecd (which is more effective).

ok this virus is a bit tricky. you need to reboot windows into safe mode with networking, go to start-->run and type msconfig, here go to start up and look for any random name or number file and uncheck it. also in there look for where it says processes and look for some random name or number and remove. reinstall malwarebytes and give it a try. u can manually delete it in the registry but it's more trickier and i don't want to get u confused.

THIS enterprise must be TAKEN TO courtroom heavily IT HAS broken so a ways tens of millions OF computers LIKE THAT the only way IS by potential of FORMATTING YOUR stressful force REINSTALLING domicile windows AND set up CA ANTIVIRUS THIS VIRUS HAS MADE ME LOT A funds ON maintenance yet it is NO stable!

There's some work that has to be done before you download and run Malwarebytes. Check out these two sites for the details. (Warning: they're rather techie):



http://www.myantispyware.com/2010/01/28/how-to-remove-vista-antispyware-2010-vista-antivirus-2010-vista-guardian/



http://deletemalware.blogspot.com/2010/01/how-to-remove-vista-antispyware-2010.html



Good luck.

Rename Malwarebytes, right click it name it to zep.exe see if it will run.

ANTIVIRUS XP REMOVAL



Antivirus XP 2010 manual removal:

Kill processes:

av.exe





Delete registry values:



HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"





Delete files:

%UserProfile%\\Local Settings\\Application Data\\av.exe %UserProfile%\\Local Settings\\Application Data\\WRblt8464P



Virus Removal Team

www.greenpcsupport.com