AAAJIM.COM

GOOSE · Posted: Fri Apr 16, 2010 6:18 pm Post subject: Virus Fix for XP Security 2010

"XP Security 2010" is a very malicious virus.

I have racked my brain for 6 hours now, and finally figured it out.

It's much simpler than you might think.

This is how i did it.
First of all, dont worry about safe mode. The virus installs a set of registries to block any and all .exe files.

Step 1 = Change malwarebytes from MBAM.EXE to MBAM.JPG
Step 2 = Run MBAM.JPG and it will find the 3 nasty registries.

If you do this in safe mode, it will not find the problem.

Here is the registries you manually delete to fix the problem:
Delete registry values:
HKEY_CURRENT_USER\Software\opps\.exe
HKEY_CURRENT_USER\Software\opps\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\opps\.exe\shell
HKEY_CURRENT_USER\Software\opps\.exe\shell\open
HKEY_CURRENT_USER\Software\opps\.exe\shell\open\command
HKEY_CURRENT_USER\Software\opps\.exe\shell\runas
HKEY_CURRENT_USER\Software\opps\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\opps\.exe\shell\start
HKEY_CURRENT_USER\Software\opps\.exe\shell\start\command
HKEY_CURRENT_USER\Software\opps\secfile
HKEY_CURRENT_USER\Software\opps\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\opps\secfile\shell
HKEY_CURRENT_USER\Software\opps\secfile\shell\open
HKEY_CURRENT_USER\Software\opps\secfile\shell\open\command
HKEY_CURRENT_USER\Software\opps\secfile\shell\runas
HKEY_CURRENT_USER\Software\opps\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\opps\secfile\shell\start
HKEY_CURRENT_USER\Software\opps\secfile\shell\start\command
HKEY_CURRENT_USER\Software\opps\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\opps\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\opps\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\opps\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\opps\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\opps\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”

Hope this helps.
_________________
the dumber people think i am, the more surprised they are when i kill them....

GOOSE · Posted: Fri Apr 16, 2010 6:20 pm Post subject:

where it says opps above, it means "Clas ses"

finf · Blind Sniper Joined: Jun 17, 2010 Posts: 1

well...I racked my brain too and for many times with the viruses. Then somebody gave me a link and now my computer is clean. I am telling you about this kaspersky. I suppose it'll help you

GOOSE · Posted: Thu Jun 24, 2010 10:16 pm Post subject:

by now all of the anti virus programs are updated enough to block this virus.

I use AVG, Superantispyware Professional, and Malware Bytes.

I had tried Kapersky in the past, but it seemed to put my machine on lockdown. I wasn't very impressed with it. Somewhere in the threads we have a computer tech talkin about the different anti-virus softwares, ill see if i can find it.