Description
Security Tool is Windows Malware, which displays a window warning of virus infections (see image), and will display the Windows Security Centre. Characteristic of this malware is the av.exe or ave.exe process, which will be running (use the Task Manager to view processes).
This malware has other names (XP Anti-Spyware, XP Guardian), but the behaviour is the same and the pop-up windows will appear similar.
Infection
Infection occurs by following links in emails and on web pages which lead to this software being downloaded and installed.
Web sites may claim that the computer is already infected with a virus, and may offer a software download to remedy the problem.
Removal Instructions
- Start the computer and log in as normal
- Create a registry settings data file: copy and paste the following into a text file:
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe] @="exefile" "Content Type"="application/x-msdownload"
Save this file as fixexe.reg for use later.
- Launch the registry editor (click Start then Run, then type regedit and press enter) (learn more)
- Use the Task Manager to remove the av.exe or ave.exe process (this process may have other similar names)
- Import the fixexe.reg file using the registry editor
- Remove rogue keys from:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
These keys will have random names and will point to an executable file in the user's profile
No comments:
Post a Comment