XP Antispyware

November 16th, 2010
Home » Rogue Antispyware » XP Antispyware
Repair and protect your computer easily. Download XP Antispyware removal tool  

XP Antispyware description

XP Antispyware is a misleading program. Trojan based software starts its activities as soon as it is installed on your computer. Malware installs itself automatically.

Once installed it will display false system security warnings and then will prompt program to buy a “full” version of this program to remove threats that don’t even exist. For example:

XP Antispyware Firewall Alert
XP Antispyware has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
Name: Windows Internet Explorer
Location: C:\Program Files\Internet Explorer\explorer.exe
Company: Microsoft Corporation
Version: 7.0.5730.13
Windows recommend Activate XP Antispyware
Click “Yes, Activate…” to register your copy of XP Antispyware and perform threat removal on your system.

Bogus system neither has the ability to detect nor remove computer threats therefore it is not being trusted. Do not fall for this blatant scam.

XP Antispyware may hijack your browser to deceptive web pages that advertise bogus program. Do not fall for this blatant scam. XP Antispyware is not the program you can count on. It is not worth spending your money because it will be stolen. Avoid buying anything this program offers but use reputable anti-spyware application and terminate malware immediately.

Manual XP Antispyware Removal


XP Antispyware processes:

MSASCui.exe
pw.exe
Help: A Guideline of Killing Malicious Processes


XP Antispyware registry values:

HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
Help: How to edit windows registry entries


Other malicious XP Antispyware files:

%UserProfile%\Local Settings\Application Data\opRSK
%UserProfile%\Local Settings\Application Data\pw.exe
%UserProfile%\Local Settings\Application Data\MSASCui.exe
%UserProfile%\AppData\Local\opRSK
%UserProfile%\AppData\Local\pw.exe
%UserProfile%\AppData\Local\MSASCui.exe

The manual removal of files and registries should be performed by experienced users. A system can be badly affected if any error is done during the manual removal. We recommend using automatic removal tools to delete XP Antispyware, if you are not familiar with deleting malware manually.

Leave a Reply