There has been a surge in computers infected with the Windows XP Security spyware. The user is normally affected by clicking on a very convincing fake Windows XP security warning displayed on infected websites. Once the malware is installed, it continues to display pop-ups with security warnings and installs a heap of trojans on the computer. This malware also disables all .exe files, making it impossible for the user to run anti virus scanners and malware removers. Here is how I recently removed this pest.
- Disconnect your computer from the internet, this malware installs trojans which will make your computer vulnerable to remote access. Use another computer to download the following programmes, then run/install them on your infected computer in the following order.
- RKILL stops the malware process ( http://www.bleepingcomputer.com/download/anti-virus/rkill ) – Note, the malware process did come back, but this gave me enough time to execute the next step.
- xp_exe_fix.reg ( you can read more about it here ) – This will fix your registry and enable the running of .EXE files, so you can install a malware remover and run your virus scan.
- Malwarebytes’ Anti-Malware – it’s a simple and easy to use anti-malware by Malwarebytes. Install and run, it will ask you to update, reconnect the internet and allow it to update, disconnect internet after update is done. Run the full scan.
- After malware scan finishes, click on “Remove Selected” to remove all malware from your computer. After removal, reboot as instructed and your computer should be free.