Ad Code

Ticker

6/recent/ticker-posts

QUE.COM Intelligence.

Chatbot AI, Voice AI and Employee AI. IndustryStandard.com - Become your own Boss!

How to remove XP Anti-Spyware 2011

Support @ Whaddya.com 4/19/2011 06:08:00 AM
I assisted someone to remove the XP Anti-Spyware 2011 today. This is a similar category of Spyware Protect 2009, Vista Antimalware 2011, and Win 7 Antispyware 2011. The malicious codes apply similar approach of scaring user by displaying pop-up that your computer is infected, ask you to activate XP Anti-Spyware software, imitating  anti-virus or anti-spam program to buy. DO NOT BUY anything. A local computer technician can clean this for you.

If you're a system administrator or a local computer technician. Here's a simple procedure I tried and tested to clean up this mess! This manual removal is not applicable to end-users that doesn't understand computer trouble shooting, leave this to the professional. Seek for assistance right away.

End these processes in Task Manager
WavXDocMgr.exe
bhj.exe

Delete this file here:
C:\Documents and Settings\juliad\Local Settings\Application Data
WavXMapDrive.bat
iconfile

Run Regedit and delete these entries:
HKEY_CURRENT_USER\Software\Classes\.exe "(Default)" = 'exefile'
HKEY_CURRENT_USER\Software\Classes\.exe "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile "Content Type" = 'application/x-msdownload'
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)" = '%1'

HKEY_CLASSES_ROOT\.exe\DefaultIcon "(Default)" = '%1'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "(Default)" = '"%1" %*'
HKEY_CLASSES_ROOT\.exe\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile "Content Type" = 'application/x-msdownload'
HKEY_CLASSES_ROOT\exefile\shell\open\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\runas\command "IsolatedCommand" = '"%1" %*'
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = '"%UserProfile%\Local Settings\Application Data\.exe" /START "%1" %*'

I read this manual removal from this website:
http://www.spywarevoid.com/remove-xp-antispyware-2011-xpantispyware-2011-removal.html

They mentioned some registry entries but not applicable to the computer I help removed this virus.

I also shared an article on how to remove Spyware Protect 2009, that was posted here:
http://www.medialogy.com/2009/04/whaddya-know-how-to-remove-spyware_27.html

Join the discussion at www.Blocklist.com community.
Support @ Whaddya.com

Posted by Support @ Whaddya.com

Post a Comment

0 Comments

Comments

Ad Code