XJR Antivirus is a rogue antispyware program which is an update to previously published rogue called AKM Antivirus 2010 Pro. Both programs are identical except for their names and partially modified files, which is necessary in order to remain undetected by legitimate antivirus and antispyware tools. Like other rogues, XJR Antivirus distributed through trojans that penetrate to a computer through a variety of vulnerabilities in already installed programs (Internet Explorer, Adobe Acrobat Reader, Adobe Flash Player, Java, etc). When the trojan is started, it will download and install the rogue without your permission and knowledge.
When XJR Antivirus is installed and started, it will simulate a system scan. The results can guess, this fake antispyware tool will find a lot of infected files, trojans, worms, and so on, that will not be fixed unless you first purchase the full version of the program. Of course this is not necessary, because the system scan is a fake, which is required in order for you to believe that your computer is infected with many viruses and trojans.
To achieve a more complete illusion that your computer is infected, all the time while XJR Antivirus is running, it will display a fake Windows Security Cenrer and a wide variety of alerts, reminders, security messages from Windows task bar that stats:
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software…
svchost.exe
svchost.exe has encountered a problem and needs to
close. We are sorry for inconvenience.
However, like the scan results, all of these alerts, screens and pop-ups are a fake. Feel free to ignore all of them.
What is more, XJR Antivirus can block the Windows Task Manager, and the work of most legitimate Windows applications, so that they will not even start. If you try to run a program (that have “exe” extension), your computer will display an alert from Windows task bar stating that the program is infected and then this program will be terminated. An example of the alert:
Warning!
Running of application is impossible.
The file C:\Windows\System32\notepad.exe is infected.Please activate your antivirus program.
From the above it is obvious, the presence XJR Antivirus not only desirable, but also dangerous because it can lead to a complete computer inoperable. Most important to know, the program is a fake, which is not fully functional, as antivirus and antispyware tool, and created with only one purpose – to reduce the amount of money in your wallet. If your computer is infected with this malware, then follow the removal instructions below, which will remove XJR Antivirus and any other infections you may have on your computer for free.
More screen shoots of XJR Antivirus
Symptoms in a HijackThis Log
O2 – BHO: ADC PlugIn – {149256D5-E103-4523-BB43-2CFB066839D6} – C:\Program Files\adc_w32.dll
O23 – Service: Adobe Update Service (AdbUpd) – Unknown owner – C:\Program Files\svchost.exe
Use the following instructions to remove XJR Antivirus (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Click Start, Run. Type command and press Enter. Command console “black window” opens. Type notepad as shown below
Command console
Press Enter. Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
You will see window similar to the one below.
Notepad
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.) Double Click fix.reg and click YES for confirm.
Reboot your computer.
If you can`t create fix.reg, then download fix.zip from here, unzip it. Double Click fix.reg and click YES for confirm. Reboot your computer.
Step 2. Remove XJR Antivirus associated malware.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for XJR Antivirus infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start XJR Antivirus removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
XJR Antivirus creates the following files and folders
C:\Program Files\XJR Antivirus
%UserProfile%\Start Menu\Programs\XJR Antivirus
C:\Program Files\XJR Antivirus\XJR Antivirus.exe
C:\Program Files\adc_w32.dll
%UserProfile%\Start Menu\Programs\XJR Antivirus\XJR Antivirus.lnk
%UserProfile%\Desktop\XJR Antivirus.lnk
C:\Program Files\alggui.exe
C:\Program Files\svchost.exe
C:\XJR Antivirus\XJR Antivirus.lnk
C:\XJR Antivirus.lnk
XJR Antivirus creates the following registry keys and values
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
HKEY_USERS\.DEFAULT\Software\XJR Antivirus
HKEY_CURRENT_USER\Software\XJR Antivirus
