How to manually delete the XP Antispyware 2010 For Dummies

new topic     » topic index » view thread      » older message » newer message
  • Posted by dcole Mar 05, 2010
  • 1179 views

Hello Again,

I am posting the instrution for manually deleting the XP Antispyware 2010 virus. You might want to print out a hard copy of the post because if you do get the virus Your browser and any .exe files will not work.

-----temp close virus so you can work---------
conrol-alt-delete\end process AV.EXE

Do not try to open browser or any .exe file at this time.

Open any window START\My Computer\C: will do.

Tools\Folder Options\view

If you have not done so, select Show hidden files and folders.

DELETE: "c:\Documents and Settings\(user name)\Local Settings\Application Data\av.exe"

Do not try to open browser or any .exe file at this time. ---------------------to Open regedit-----
START\run TYPE: cmd
TYPE: cd\
TYPE: cd windows
TYPE: copy regedit.exe regedit.com
TYPE: regedit.com
-------this should open regedit--------------- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? % HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? % HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? % HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %

For all the above:
CLICK (Default) in the right hand panel.
Select Edit\delete

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
CHANGE TO: (location of firefox\)\ HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe”
CHANGE TO: (location of Firefox)
------------------------------------------------------- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
CHANGE TO: "C:\windows\program files\internet explorer\explore.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1?
DELETE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1?
DELETE

HKEY_CLASSES_ROOT\exefile\shell\open\comand
DELETE then CHANGE TO: "%1" %*
That is: (quote-percent-one-quote-space-percent-asterisk).

At this point should run Spybot or any antivirus software you have to clean up anything you missed,

Don Cole

new topic     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu