XJR Antivirus is a rogue security program, this is a new variant of AKM Antivirus 2010 Pro and RTS Antivirus 2010. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

• %ProgramFiles%\wp4.dat
• %ProgramFiles%\adc_w32.dll
• %ProgramFiles%\alggui.exe
• %ProgramFiles%\skynet.dat
• %ProgramFiles%\svchost.exe
• %ProgramFiles%\wp3.dat
• %ProgramFiles%\XJR Antivirus\XJR Antivirus.exe
• %UserProfile%\Desktop\XJR Antivirus.lnk
• %UserProfile%\Start Menu\Programs\XJR Antivirus\XJR Antivirus.lnk

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}\InprocServer32
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
• HKEY_CURRENT_USER\software\XJR Antivirus
• HKEY_CURRENT_USER\software\XJR Antivirus\wpp
• HKEY_CURRENT_USER\software\XJR Antivirus\wpp\Registration
• HKEY_CURRENT_USER\software\XJR Antivirus\wpp\setdata
• HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus
• HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus\Registration
• HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus\setdata

Modify registry entry:

• HKEY_LOCAL_MACHINE\software\Classes\exefile\shell\open\command
  Old: = “%1″ %*
  New:  = C:\Program Files\alggui.exe “%1″ %*

Screenshots:

How to remove the infection of XJR Antivirus (Adware.Win32.XJRAntivirus)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.