Posts Tagged ‘XJRAntivirus’

May 26

XJR Antivirus Adware Removal Instructions

The Emsisoft malware research team has discoverd a new outbreak of the XJR Antivirus adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.XJRAntivirus.

XJR Antivirus is a rogue security program, this is a new variant of AKM Antivirus 2010 Pro and RTS Antivirus 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

  • %ProgramFiles%\wp4.dat
  • %ProgramFiles%\adc_w32.dll
  • %ProgramFiles%\alggui.exe
  • %ProgramFiles%\skynet.dat
  • %ProgramFiles%\svchost.exe
  • %ProgramFiles%\wp3.dat
  • %ProgramFiles%\XJR Antivirus\XJR Antivirus.exe
  • %UserProfile%\Desktop\XJR Antivirus.lnk
  • %UserProfile%\Start Menu\Programs\XJR Antivirus\XJR Antivirus.lnk

Create new registry entries:

  • HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
  • HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}\InprocServer32
  • HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
  • HKEY_CURRENT_USER\software\XJR Antivirus
  • HKEY_CURRENT_USER\software\XJR Antivirus\wpp
  • HKEY_CURRENT_USER\software\XJR Antivirus\wpp\Registration
  • HKEY_CURRENT_USER\software\XJR Antivirus\wpp\setdata
  • HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus
  • HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus\Registration
  • HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus\setdata

Modify registry entry:

  • HKEY_LOCAL_MACHINE\software\Classes\exefile\shell\open\command
    Old: = “%1″ %*
    New:  = C:\Program Files\alggui.exe “%1″ %*

Screenshots:

How to remove the infection of XJR Antivirus (Adware.Win32.XJRAntivirus)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: ,
Posted in Malware Alerts, Removal Help | Comments Off