Total XP Security Description

Total XP Security is a rogue anti-spyware program from the same family as Total Vista Security. Rogueware from this family is able to change their names according to the Operating system they find on a compromised computer. After displaying fake scans, security alerts and pop-up warnings Total XP Security advises users to purchase its full version in order to remove all the detected malware infections. Do not fall for this trick and have Total XP Security removed from your PC upon detection.

Type: Rogue AntiSpyware Programs

How Can You Detect Total XP Security?

Total XP Security has typically the following processes in memory:

• %Documents and Settings%\[UserName]\Application Data\av.exe

Total XP Security creates the following registry entries:

• HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″
• HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
• HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
• HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe /START “iexplore.exe”

Important Article Disclaimer