Home Malware Programs Rogue Anti-Spyware Programs XP Malware 2010

XP Malware 2010

Posted: March 25, 2010

XP Malware 2010 (or XPMalware2010) is a rogue antispyware program and a clone of the XP Antimalware 2010 cyber scam. XPMalware2010 is distributed by trojans which disable weak anti-spyware tools and produces annoying pop-ups disguised as security notifications. XPMalware2010 mimics a computer scan and uses fabricated alerts to push victims into purchasing this malicious program. Remove XP Malware 2010 and all related threats using an updated spyware removal program immediately.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 av.exe
    2 ave.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

One Comment

  • fran kaye says:
    November 28, 2011 at 3:30 am

    On my desktop someone put a fake dialogue box that says
    "Launchanywhere properties file is missing" Is this malware and how would I get rid of it

Loading...