XP Antivirus Pro 2011 / XP Antivirus Pro 2012 / XP Antivirus Pro 2013 is a rogue security software. It will send popups saying “malware has been detected on your computer” in an attempt to scare you into buying this malicious software.
It will show you a list of problems on your computer, none of the reported issues are real, and are only used to scare you into buying XP Antivirus Pro 2011 / XP Antivirus Pro 2012 / XP Antivirus Pro 2013 and stealing your personal financial information.
These spy wares send pop ups to purchase their products. If we enter the credit card details for purchasing these spy wares, they will hack our credit card information.
STEP 1 : Start your computer in Directory Services Restore Mode
- 1.Restart your computer
- 2.While the computer is getting restarted keep on tapping on the F8 key on top row of your keyboard.
- 3.Keep on tapping on that F8 key as soon as you are seeing your computer manufacturer screen.
- 4.Then you will get a menu from which you need to select “Directory Services Restore Mode” by using your arrow keys .
- 5.And then click on enter
STEP 2 : Disable the Infection from the Registry
XP Antivirus Pro 2011 / XP Antivirus Pro 2012 / XP Antivirus Pro 2013 has changed your Windows registry settings so that when you try to run a executable file (ending with .exe ) , it will automatically start the infection rather than the desired programs like Internet Explorer, Your Antivirus Program, Task Manager Etc.
- Download the RegistryFix.reg file to fix the malicious registry changes from XP Antivirus Pro 2011 / XP Antivirus Pro 2012 / XP Antivirus Pro 2013.
- REGISTRYFIX.REG DOWNLOAD LINK (This link will automatically download the registry fix called RregistryFix.reg)
- Double-click on registryfix.reg file to run it. Click “Yes” for Registry Editor prompt window,then click OK.
STEP 3 : Enable Hidden Files and Folders
- Open My Computer / Computer
- Select the Tools menu and click Folder Options.
- After the new window appears select the View Tab.
- Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
- Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
- Remove the checkmark from the checkbox labeled Hide protected operating system files.
- After this please press the Apply button and then the OK
STEP 4 : Find and Delete the Infected Files
The infected files will be located in
C:\Documents and Settings\YourUserName\Local Settings\Application Data\
C:\Documents and Settings\YourUserName\Application Data\
In this folder you can see one three character .exe file… Like jeg.exe , lit.exe , gir.exe etc
Try to Delete this XXX.EXE file. If you are not able to delete this .EXE file rename it with a name INFECTION.EXE.OLD and restart the computer. After the restart go to the same location and delete the file…
Some of the Infected files and its locations
- CODE: SELECT ALL
C:\Documents and Settings\YourUserName\Local Settings\Application Data\27184f0f8bc24e
C:\Documents and Settings\YourUserName\Local Settings\Application Data\Temp\4e0ab29f01a4763
C:\Documents and Settings\YourUserName\Application Data\27184f0f8bc24e
C:\Documents and Settings\YourUserName\Application Data\elv.exe
C:\Documents and Settings\YourUserName\Application Data\hix.exe
C:\Documents and Settings\YourUserName\Local Settings\Application Data\itk.exe
C:\Documents and Settings\YourUserName\Local Settings\Application Data\fai.exe
C:\Documents and Settings\YourUserName\Local Settings\Application Data\vvt.exe
STEP 5 : Scan Your Computer using Some Good Antivirus Programs.
If you need any more assistance replay back here…..
How to remove XP Antivirus Pro 2011Virus