Windows XP Fix

10 July 2011 Rogue 1 Comment

Windows XP Fix is yet another fake security application that was developed primarily to generate fake scan results in order to mislead its victims. Windows XP Fix virus can be acquired by visiting maliciously-designed web sites or pages that are contracted with a Trojan. These sites will employ a drive-by-download method and execute a script to automatically infect visitors computer. Once Windows XP Fix is dropped and installed, a bunch of fake alerts and security messages will show up on the scree stating that the system is heavily infected. An attempt to sell the fake AV is push through by means of a fake removal tool.

Any attempt to get rid of fabricated threats will direct users to payment processing web site. Credit card information will be asked and if given, information will be used for other online fraudulent transactions. The only way to eliminate threats on the PC including Windows XP Fix virus is to scan thoroughly with an effective and legitimate anti-malwareapplication. It is also best to scan all files while Windows is in Safe Mode. Follow carefully the removal procedures below to successfully take out Windows XP Fix.

Screen Shot Image:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Widows XP Fix Removal Procedures

Widows XP Fix Removal Tool:
In order to completely remove the threat from a computer, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected computer.

Manual Procedure:
1. Start the computer in Safe Mode.
- Turn on the computer and press and hold F8 on the keyboard
- Windows Advanced Options menu is displayed. Scroll to Safe Mode using arrow keys and hit Enter to select.

2. Once inside Windows Safe Mode, click the Start button and then Run.
3. Type cmd to run a DOS command window.
4. Locate malicious files and directories associated to Widows XP Fix
a. Windows XP:
- Type cd c:\Documents and Settings\All Users\Application Data\
and press Enter.
- Type dir and press Enter to list all the files, if so many were listed, type dir /p to pause on each lists.
- Scroll down and find random file name. Ex: 1wt3wxp.exe – Take note of the exact file names.
- Type rd /s /q (random file names)Ex: rd /s /q 1wt3wxp.exe then press Enter.
- Repeat the process for each file names found.

b. Windows Vista and Windows 7:
- Type cd c:\ProgramData\ and press Enter key.
- Type dir and press Enter to list all the files, if so many were listed, type dir /p to pause on each lists.
- Scroll down and find random file name. Ex: 1wt3wxp.exe
- Take note of the exact file names.
- Type rd /s /q (random file names) Ex: rd /s /q 1wt3wxp.exe then press Enter.
- Repeat the process for each file names found.
- Go to other infected directory, type cd c:\Users\All Users\ and find and remove again the random file names using the same procedures.

5. While still on Windows DOS command, type reg delete
hkcu\software\microsoft\windows\currentversion\runonce /v (random file name) /f
Then press Enter to delete registries related to “Widows XP Fix.” Repeat the process for each random files found.

6. Finally, reboot the computer.

Other Useful Programs:

Microsoft Safety Scanner:
The Microsoft Safety Scanner is a program that will scan and remove malicious software and computer virus including Widows XP Fix. Download MS Safety Scanner here. Follow the instruction and install with the default settings. Once installed, open the program and run to start scanning the computer.

Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Click here to download and run SAS Portable Scanner.

Technical Details and Additional Information:

Malicious Files Added by Widows XP Fix:
%AllUsersProfile%\Application Data\~(random)
%AllUsersProfile%\Application Data\~(random)r
%AllUsersProfile%\Application Data\(random).dll
%AllUsersProfile%\Application Data\(random).exe
%AllUsersProfile%\Application Data\(random)
%AllUsersProfile%\Application Data\(random).exe
%UserProfile%\Desktop\Windows XP Fix.lnk
%UserProfile%\Start Menu\Programs\Windows XP Fix\
%UserProfile%\Start Menu\Programs\Windows XP Fix\Uninstall Windows XP Fix.lnk
%UserProfile%\Start Menu\Programs\Windows XP Fix\Windows XP Fix.lnk

Widows XP Fix Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]“

What to do next...

Comments and Suggestions

On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to Windows XP Fix payment refund or lost serial key, kindly check the FAQ for rogue program first.

One Comment

malware download
Jul 19, 2011 @ 20:19:14
This information really helped me, I am sharing with a few friends.