There has been a surge in computers infected with the Windows XP Security spyware. The user is normally affected by clicking on a very convincing fake Windows XP security warning displayed on infected websites.   Once the malware is installed, it continues to display pop-ups with security warnings and installs a heap of trojans  on the computer. This malware also disables all .exe files, making it impossible for the user to run anti virus scanners and malware removers. Here is how I recently removed this pest.

1. Disconnect your computer from the internet, this malware installs trojans which will make your computer vulnerable to remote access. Use another computer to download the following programmes, then run/install them on your infected computer in the following order.
2. RKILL stops the malware process ( http://www.bleepingcomputer.com/download/anti-virus/rkill )  – Note, the malware process did come back, but this gave me enough time to execute the next  step.
3. xp_exe_fix.reg ( you can read more about it here ) – This will fix your registry and enable the running of .EXE files, so you can install a malware remover and run your virus scan.
4. Malwarebytes’ Anti-Malware – it’s a simple and easy to use anti-malware by Malwarebytes. Install and run, it will ask you to update, reconnect the internet and allow it to update, disconnect internet after update is done. Run the full scan.
5. After malware scan finishes, click on “Remove Selected” to remove all malware from your computer.  After removal, reboot as instructed and your computer should be free.

Technorati Tags: malware, RKILL, Trojan, Virus, Windows, XP Security 2011, xp_exe_fix.reg