Home Malware Programs Rogue Anti-Spyware Programs XP Smart Security 2010

XP Smart Security 2010

Posted: March 18, 2010

XP Smart Security 2010 is a fake security program that uses a very convincing interface that may trick computer users into purchasing a licensed version of the bogus XP Smart Security 2010 application. XP Smart Security 2010, once installed, may drop malicious files into certain directories in addition to adding unwanted registry entries that can cause XP Smart Security 2010 to load at startup.

XP Smart Security 2010 may display various popup notifications and initiate system scans that display misleading information about a detected threat. XPSmartSecurity2010 does not have the capability of detecting or removing any computer threats. It is wise to safely detect and remove XP Smart Security 2010 with a spyware detection tool.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\Local Settings\Application Data\ave.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files\Internet Explorer\iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*

3 Comments

  • Kathleen says:

    I'd like to get my hands around this dingleberry's neck and squeeze the life out of its head. Even though I am almost 100 years old, I would find the strength to do this. BTW if I should die before I get this opportunity will someone else do it for me?

  • Travis says:

    Simple and thorough walk-through. Thanks for the help!

  • Rob says:

    The page was successful in removing the 'Spyware' without costing a single penny. The author did a fantastic job here by providing a good service through clear instructions. Make a back up (Restore point) on you computer before anything else. Then follow the three steps listed to delete the virus/malware program. THANK YOU FOR YOUR EXPERT DIRECTION!

Loading...