Remove XP Internet Security Virus
From Nocrashwiki
1. Ctrl-Alt-Del, kill {av.exe}
2. Run RegEdit and correct the following:
[BAD] HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* [Good] HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command (Default) REG_SZ exefile Content Type REG_SZ application/x-msdownload [BAD] HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* [Good] *Delete Key* [BAD] HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* [Good] HKEY_CLASSES_ROOT\.exe\shell\open\command (Default) REG_SZ exefile Content Type REG_SZ application/x-msdownload + Folder = HKEY_CLASSES_ROOT\.exe\PersistentHandler [correct key entry should be unaffected] HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* [Good] *Delete Key* [BAD] HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" [Good] HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command (Default) REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe [BAD] HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [Good] HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command (Default) REG_SZ "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [BAD] HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe" [Good] HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command (Default) REG_SZ C:\Program Files\Internet Explorer\iexplore.exe [BAD] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1" [Good] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "0"
3. Restart, and IF possible RUN System Restore and choose a day or two from the past to restore. If you installed an application AFTER the restore date then reinstall that application.
You may have to delete the affected user's account and create a new one.
