XP Antivirus 2012 malware

Posted on by ltblog
XP Antivirus 2012

XP Antivirus 2012

This article contains the good portion of information below which explains how to remove the virus called XP Antivirus 2012. Do not forget that this is the scam application which should be immediately removed from your system. The definition of scam program is fully suitable to call it in such a manner, since it falsely alarms users and causes quite a turmoil about the state of the Operating System of their computers. So, be careful with it. Remember that this tool can be rightfully called as hoax, trojan and rogue security tool worth immediate elimination. By the way, this is another sample of name-changing rogue or MultiRogue 2012 of Braviax virus family. So, do not let it trick you.

This malware basically repeats the entire set of the well-known brainwashing practices of its other representatives. XP Antivirus 2012 tries to make you think that your PC is not working at the required level of performance. What’s more, it bravely indicates that your computer is terribly attacked, poorly optimized and has plenty of internal software and hardware breakdowns. Moreover, this pest annoys you with its fake virus concerns, stating to detect signs of malicious software present inside of it. We would like once again to emphasize your attention to the fact that you should not believe in any of the ads if they originate from XP Antivirus 2012, nor should you believe into its fabricated scan reports. Keep in mind that the actual purpose of this shameless forgery is to scare you into buying it. Thus, it is quite obvious that all the system problems it detects are there just for fulfillment of the intimidation part of its plan. In order to remove this virus please carefully read the rest of this article stipulated below.

First of all, like we already mentioned, make sure to entirely disregard the fake warnings represented by this virus. Secondly, make sure to ignore any window (scan, pop-up etc.) originated by XP Antivirus 2012 scam. Thirdly, be sure to never go as far as buying this virus tool because this may lead to the total waste of money and also to the potential risk of your payment data falling into the hands of the frauds. And, finally, remove XP Antivirus 2012 virus to set your PC from the malware persistency. The removal guide is described here – http://www.2-viruses.com/remove-xp-antivirus-2012


XP Antivirus 2012 system amendments:

XP Antivirus 2012 files added:

  • %UserProfile%\Local Settings\Application Data\opRSK
  • %UserProfile%\Local Settings\Application Data\pw.exe
  • %UserProfile%\Local Settings\Application Data\vz.exe
  • %UserProfile%\Local Settings\Application Data\MSASCui.exe
  • %UserProfile%\AppData\Local\opRSK
  • %UserProfile%\AppData\Local\pw.exe
  • %UserProfile%\AppData\Local\vz.exe
  • %UserProfile%\AppData\Local\MSASCui.exe

XP Antivirus 2012 registry entries added:

  • HKCU\Software\Classes\pezfile
  • HKCR\pezfile
  • HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCU\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKCU\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1” %*
  • HKCR\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKCR\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “%1” %*
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
  • HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”
  • HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
  • HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\vz.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
  • HKLM\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1”
  • HKLM\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1”

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *