One of the most prevalent forms of Malware that I see on a near daily basis is Antivirus XP 2010.
Antivirus XP is a nasty Rogue Antivirus/Malware application that is all too easily installed on a user’s computer. It digs itself nice and deep into the Microsoft Windows Operating system and takes it over.
“But I didn’t download it!” I hear you say. Well, there’s really no telling how it got onto your system, you might have clicked something that looked like a real message or it could have downloaded with something else you intentionally downloaded etc. The point is that it’s there and we have to get rid of it.
The Malware Hijacks the system browser and pops up warnings (windows and Task bar) and seemingly legitimate ‘Anti Virus’ windows that appear to scan your system and refuse to go away (see left).
The Malware is designed to force users to sign up and purchase the ‘Anti Virus’ Software in an attempt to stop the screen warnings and clean the system.
Don’t buy the software.
It’s hard to kill but not impossible with the right tools and a little knowledge.
** This is the best method I have found that works. It worked on a number of machines, varying configurations. It’s not guaranteed to work. Always back up your system before making serious changes like this. **
Firstly, 99% of the time you don’t have to spend any money on antivirus or antimalware software to clean Antivirus XP 2010 from your system.
Try to kill the running script:
Start your Task Manager (Ctrl+Alt+Del) and look for a weird .exe running in the processes. Antivirus XP 2010 uses random application.exe names making it hard to tell what should be running and what shouldn’t be.
If you’re unfamiliar with Windows Processes don’t terminate something you’re unsure of. Seek professional advice and/or move on to the next step.
Right Click on your Desktop. Point to New and click on Text Document.
Copy and paste the following text into your blank, unsaved text document:
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
It should look like this:
Click File Click Save As and type in fix.reg (doesn’t matter what you call it really as long as it ends in .reg).
Save the document to your desktop.
Close the notepad application and find the fix icon on your desktop (see left).
Double Click the icon and click yes on the message that asks you (essentially) if you’re sure that you want to make changes to the registry.
Restart your computer and move on the the next couple of steps…..
Hopefully now that you have restarted your computer there’s no sign on Antivirus XP. Hopefully it didn’t start when Windows Started up. Hopefully you’re not seeing the icon near the clock. If it didn’t start, Congrats! If it did… well, go and find a tech.
Your system may be clear of the one problem, however the chances are that there are others.
I always recommend downloading, installing and running MalwareBytes (link below) to scan your system and get rid of anything that is sitting in your system. It’s good to do from time to time anyway.
Also, as well as MalwareBytes, Spybot Search and Destroy (link below) is a good Malware Scanner scanner and remover. It’s good to run a couple of different ones, it’s rare that one picks up everything.
Download MalwareBytes here (free)
Download Spybot here (free)