XP Antimalware

November 16th, 2010
Home » Rogue Antispyware » XP Antimalware
Repair and protect your computer easily. Download XP Antimalware removal tool  

XP Antimalware description

XP Antimalware is a bogus system that disguises as an anti-spyware application to mislead computer users. This parasite installs itself automatically without user’s knowledge or consent. Once XP Antimalware is onto PC it’ll start to scan it automatically and will show fake warning messages that state about your computer’s infections.

What is more, the parasite will not allow you to remove fake infections till you download supposedly legal version of XP Antimalware program. We have to warn you to avoid buying this “full” version of the program because all security alerts provided by the malware is fabricated and you should ignore it. Just choose decent anti-spyware program and remove malicious program lying within your computer.

Manual XP Antimalware Removal

XP Antimalware processes:

Help: A Guideline of Killing Malicious Processes

XP Antimalware registry values:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
Help: How to edit windows registry entries

Other malicious XP Antimalware files:

%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe

The manual removal of files and registries should be performed by experienced users. A system can be badly affected if any error is done during the manual removal. We recommend using automatic removal tools to delete XP Antimalware, if you are not familiar with deleting malware manually.

Leave a Reply