XP Guardian 2010 description
XP Guardian 2010 is a fake security tool. This malware is also a clone of XP Internet Security 2010 fake application. It often comes along with trojan horse which enters a system through its vulnerable places. The main goal of the parasite is to trick user into believing their computer is infected. At this point malware scans user’s PC and fabricates scan results.
This is all fraud. Do not fall for this blatant scam. If you noticed your computer works a little bit lower, or your desktop is flooded all kinds of warnings and etc., please be vigilant and do not purchase supposedly legal XP Guardian 2010 “full” version. It may cause you serious problems if you’ll do it. You’ve better choose reputable anti-spyware program and delete this parasite as soon as possible.
Manual XP Guardian 2010 Removal
XP Guardian 2010 processes:
av.exe
Help: A Guideline of Killing Malicious Processes
XP Guardian 2010 registry values:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*"
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "av.exe" /START "%1? %*"
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*"
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "av.exe" /START "%1? %*"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "av.exe" /START "firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "av.exe" /START "firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "av.exe" /START "iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
Help: How to edit windows registry entries
Other malicious XP Guardian 2010 files:
av.exe
WRblt8464P