Thursday, November 18, 2010

Remove XP Antimalware (XPAntimalware) as just another misleading software

According to one of the alerts produced by the adware, it is dangerous to continue surfing without any security measures. It is true, at least  until the  family of fake Windows Update is a booming infection with XP Antimalware being just one of its faces. Get rid of  XP Antimalware  (XPAntimalware) and a get your system protected from other members of its family and any other IT parasites. Relevant remedy for XP Antimalware removal  is available here as Spyware Doctor scanner tool. It is a valid for any member of fake Windows protetion upfdtes family, both XP, Vista and Win 7 groups. The family is actually rather a family of names, for main executable files remain the same regradless of the program name that makes it possible to say that different names are assigned to one and same program.

XP Antimalware screenshot:

XP Antimalware removal tool:

XP Antimalware manual removal guide:
Delete XP Antimalware files:
%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
Delete XP Antimalware registry entries:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"

No comments: