Thursday, May 5, 2011

Get rid of XP Security rogue anti-spyware

While users are forced to view virus detecting exploits  movie by XP Security (XPSecurity), a bunch of malicious processes can be observed. They are launched by the same IP as that of the adware website and several dozens of common Windows and other popular computer systems flaws are efficiently and professionally used for that purpose.
The processes are associated with  detection of computer system type and version activities, as well as collection on data on users habits. They are certainly illegal and need to be terminated instantly or else the program will successfully install it resident version into your PC, with the version adjusted to the data it obtains by spying.
Both resident and online variants of XP Security are subject to deletion at the earliest opportunity.
There is no need to pay great attention to the messages delivered by the program as thay are but a kind of a showcase. Real infections are allies for the pretended antivirus and are typically introduced bundled with it.
To get rid of XP Security fake antivirus, spyware and adware, as well as to conduct the removal of XP Security malicious allies, click here for free scan initiation.
Download XP Security remover free:


Download XP Security remover free:



XP Security manual removal guide:
Delete infected files:
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\MSASCui.exe
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
Delete infected registry entries:
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"

No comments: