XP Smart Security 2010
XP Smart Security 2010 is a must-removed unwanted application that pretends as an antivirus program for Windows platform. XP Smart Security 2010 virus will spread over the Internet by utilizing fake online virus scanner web sites where users will be redirected right after a Trojan has infected the computer. This web site will run a malicious script on visitor’s computer pretending to scan it for any danger while downloading a file onto it. Users may be unaware that installation of XP Smart Security 2010 is commencing because of its stealth mechanism. If successfully penetrated a target PC, it will begin an XP Smart Security 2010 virus scan on local drives and display exaggerated results aiming to deceive computer users. A purchase of the XP Smart Security 2010 registration key is being pushed on its entire activities while inside the computer, and this may include a continuous pop-ups and alerts.
To remove XP Smart Security 2010 virus completely, no need to obtain its licensed version. Since it belongs to rogue category, it simply means that XP Smart Security 2010 has no capabilities to protect a computer, much so to remove any computer threats.
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Characteristics (Analysis)
XP Smart Security 2010 is a fake anti-virus application. Rogue programs are different from virus and Trojan. Although rogue are utilizing Trojan and virus to gain access on target computer. Once it sets inside, fake anti-virus may over power legitimate security application. In, fact XP Smart Security 2010 will end any running processes that are connected with anti-virus programs.
Rogue anti-virus does not infect other files on the compromised computer. Unlike viruses, fake software do not reproduce neither propagate inside a network.
Added Registry Entries:HKCU\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKCU\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKCR\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKCR\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe" HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe" HKLM\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1" HKLM\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1" HKCU\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %* HKCU\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %* HKCR\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %* HKCR\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*Associated Files and Folders:
c:\Documents and Settings\All Users\Application Data\OPjas8uwTY3 %UserProfile%\Local Settings\Application Data\av.exe %UserProfile%\Local Settings\Application Data\ave.exe %UserProfile%\Local Settings\Application Data\OPjas8uwTY3 %UserProfile%\Local Settings\Application Data\WRblt8464P %UserProfile%\Local Settings\Temp\OPjas8uwTY3 %UserProfile%\Templates\OPjas8uwTY3
How to Remove XP Smart Security 2010
1. Stop XP Smart Security 2010 process by pressing Ctrl+Alt+Del. Windows Task Manager will open. Look for the following process:
[random]tssd.exe
Highlight and delete the process. Click on End Process.
2. Connect to Internet and update your installed anti-virus program. This is necessary to identify newer variants of this virus.
3. Run a full virus scan and clean/delete all detected infected file(s).
4. Edit Windows registry and delete XP Smart Security 2010 entries (Refer to Technical Details). [how to edit registry]
5. When done with removal of registry entry, exit registry editor by closing the program. It automatically saves changes made.
6. Remove XP Smart Security 2010 start-up entry by going to Start > Run, type msconfig on the "Open" dialog box. System Configuration Utility will open. Go to Startup tab and uncheck the following Start-up item(s):
[random]tssd.exe
7. Click Apply and restart Windows.
XP Smart Security 2010 Removal Tool:
In order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found on websites of legitimate anti-virus and security provider.
Nam Tran
Mar 22, 2010 @ 19:48:29
I mistook this virus to be a legitimate program. I ended up purchasing it, only to have it damage my computer. I uninstalled it, but should I be worried about my credit card. Will it take away all of the funds in my credit card. Should i get a new card?
Chris
Mar 24, 2010 @ 15:30:57
Contact whoever controls your card (Bank) and tell them the card has been compromised. They will guide you through the necessary actions.
Floyd Murdock
Jun 09, 2010 @ 23:15:58
I bought this program because it was the only way I could get my computer working again. As soon as I installed it, it uninstalled itself. I called support and had to do the registration again. I did that twice and each time it uninstalled itself. I got other programs to check to see that it was doing its job, but it had disappeared again. I lost the company name and now was going to reinstall it again, but I guess I better find out who runs this company. They do have support so I guess it’s a very poor program. Hopefully they will be prosecuted if they do anything with my credit card number.