Home Malware Programs Rogue Anti-Spyware Programs XP Security Tool 2010

XP Security Tool 2010

Posted: March 17, 2010

XP Security Tool 2010 is a rogue anti-spyware application. XP Security Tool 2010 uses false scan results and fake security warnings as scareware to convince unwary computer users to purchase misleading software. XP Security Tool 2010 will claim that the computer is infected with malware and that you should purchase XP Security Tool 2010 to remove these infections. Do not become another victim of cybercrime and have XP Security Tool 2010 removed as soon as it has been detected.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AppData%\ave.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exeHKEY_CURRENT_USER\Software\Classes\.exe | @ = "secfile"HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = "application/x-msdownload"HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIconHKEY_CURRENT_USER\Software\Classes\.exe\shellHKEY_CURRENT_USER\Software\Classes\.exe\shell\openHKEY_CURRENT_USER\Software\Classes\.exe\shell\open\commandHKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = ""%AppData%\ave.exe" /START "%1? %*"HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = ""%1? %*"HKEY_CURRENT_USER\Software\Classes\.exe\shell\runasHKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\commandHKEY_CURRENT_USER\Software\Classes\.exe\shell\startHKEY_CURRENT_USER\Software\Classes\.exe\shell\start\commandHKEY_CURRENT_USER\Software\Classes\secfileHKEY_CURRENT_USER\Software\Classes\secfile\DefaultIconHKEY_CURRENT_USER\Software\Classes\secfile\shellHKEY_CURRENT_USER\Software\Classes\secfile\shell\openHKEY_CURRENT_USER\Software\Classes\secfile\shell\open\commandHKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = ""%AppData%\ave.exe" /START "%1? %*"HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = ""%1? %*"HKEY_CURRENT_USER\Software\Classes\secfile\shell\runasHKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\commandHKEY_CURRENT_USER\Software\Classes\secfile\shell\startHKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
Loading...