Fixing the annoying XP Antivirus 2009 OR 2010

>This is not a post directly related to my blog but i am sure there are few people out there that might be facing same issues. In the last one week i had friends whose windows machines have been infected the XP Antivirus 2010, which seems to be a clone of XP Antivirus 2009. The symptoms include that you are get annoyings popups asking you to pay for an antivirus, i hope you have exposed yourself already.

There are so many ways to fix this problems.

The first one is a biased solution, which is ditch your windows machine and buy a macOsx or format your machine and install ubuntu. Well i guess that wouldnt be a popular option.

So i have an alternative:

1. Install Malwarebytes, it is quite a good tool to remove malware from your machine.
You would notice that it would detect quite a number of malware, make sure after the full scan, you remove all the infections detected.

You are also gonna notice that, .exe files would not work after you have deleted the threats discovered by Malwarebytes.

2. To fix .exe files not working, follow the steps described below.

Have the following text copied into a notepad :-

——Start ——–Do not copy this line, copy starting next line —————-

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@=”{098f2470-bae0-11cd-b579-08002b30bfeb}”

[HKEY_CLASSES_ROOT\exefile]
@=”Application”
“EditFlags”=hex:38,07,00,00
“TileInfo”=”prop:FileDescription;Company;FileVersion”
“InfoTip”=”prop:FileDescription;Company;FileVersion;Create;Size”

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@=”%1″

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
“EditFlags”=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=”\”%1\” %*”

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@=”\”%1\” %*”

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@=”{86C86720-42A0-1069-A2E8-08002B30309D}”

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@=”{09A63660-16F9-11d0-B1DF-004F56001CA7}”

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@=”{86F19A00-42A0-1069-A2E9-08002B30309D}”

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@=”{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”

———–End————–Do not copy this line. Copy till the end of previous line————

Boot the computer in safe mode with networking

– Usually by tapping F8 when the computer boots up

Open My Computer, Click on tools and then folder options.

Select – “Show hidden files and folders”
– Uncheck “Hide protected operating system files”

Apply and then OK

For XP :-

5. Navigate to C:\Documents and Settings\%userprofile%\Local Settings\Application Data
Look for either of the following files :-

– av.exe
– msascui.exe

And delete these files …. Hopefully these should have been removed by the malwarebytes.

Now open the notepad file saved on your desktop earlier

Click on file-> save as

– Select file type as all files
– Name the file as fix.reg
– Encoding should be Unicode
Run that file, it will edit the registry accordingly

Now restart the computer in normal mode and everything should working fine.

Advertisements
This entry was posted in Software Testing and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s