This virus looks like a real antivirus program, namely Total XP Security. It blocks all or many of your antivirus and internet applications from running properly, or running at all. Before you begin, understand, I AM NOT an expert, especially when it comes to the REGISTRY KEYS. Be very careful when making any edits in the registry as this will mess up your computer. If you do not feel comfortable performing the Registry edits below, PLEASE seek an expert!

  1. To get rid of this virus, restart your computer.
  2. Hold down the F8 key
  3. Choose Safe Mode with Networking
  4. Choose your operating system
  5. When your computer loads, press Ctrl, Alt, Delete to open your Task Manager
  6. Click on the Processes Tab
    NOTE: Keep an eye on this list. If the rogue program has not launched yet, chances are, it will soon. If it has launched, and a window or windows have opened, close them. They will reopen, but when they do, watch your processes. This will help you identify the virus (.exe file). 

    Some names it could show up as:
    rqo.exe
    2gN8deTMs.exe
    a62a.exe
    i8xE577Kdj65.exe
    YqP852V.exe
    mshta.exe
    (random digits).exe

  7. Try to launch your antivirus program, like Malwarebytes…this should call up the virus program to launch instead.
  8. When you see the new .exe file show up in the Task Manager Processes, select it and write down the name.
  9. Choose END PROCESS
  10. If you have your Folder Options set to view hidden files, go to the next step. If you’re not sure…go to START > CONTROL PANEL > FOLDER OPTIONS > VIEW tab > under HIDDEN FILES AND FOLDER select SHOW HIDDEN FILES AND FOLDERS > click APPLY > close the window
  11. Open MY COMPUTER
  12. double-click drive C:/
  13. double-click DOCUMENTS AND SETTINGS
  14. double-click on your folder (whatever your username for the computer is)
  15. double-click LOCAL SETTINGS
  16. double-click APPLICATION DATA
  17. delete the rogue .exe file in this location; if it’s not in this location, chances are, you may have deleted it if you were able to run a virus scan previously. This happened to me. However, you are NOT finished. Check all other user (username) files by repeating steps 11-17. Once all of these locations have been checked, proceed.
  18. Select START
  19. Select RUN
  20. Type: regedit
  21. Select EDIT
  22. Choose FIND
  23. Type in the name of the rogue file without the .exe
  24. If you see 2 files in this area, you should only see 1. The correct file says (Default) under the Name heading. Delete the other file.
  25. If you see your rogue virus name under the Data heading for your (Default) file:
    EXAMPLES:
    rogue-virus-name.exe “%1″%*
    rogue-virus-name.exe %1
    [system information]rogue-virus-name.exe %1
    [system information]rogue-virus-name.exe “%1″%*
  26. then double-click on the (Default) file name > in the Value Date field and delete the rogue-virus-name.exe ONLY;  “%1” %* or %1 must stay!
  27. The Value Date field for the following Registry Keys should also be checked:
    HKEY_CLASSES_ROOT\batfile\shell\open\command
    HKEY_CLASSES_ROOT\piffile\shell\open\command
    HKEY_CLASSES_ROOT\htafile\shell\open\command
    HKEY_CLASSES_ROOT\htfile\shell\open\command
    HKEY_CLASSES_ROOT\exefile\shell\open\command
  28. Repeat steps 24 and 25 if the rogue virus name is present
    NOTE!!!!! If you find another .exe file, like I did, in one of these registries, open another internet browser window, type the full name into a search engine to see what comes up. If you start finding information links about removing the .exe file because it’s maleware, a virus, etc., chances are, it’s a virus. Delete it. Otherwise, leave it alone.
  29. Run a full Virus Scan using a antivirus program like Malwarebytes, STOPzilla, etc. This may take several hours.
  30. Remove any viruses the software finds.
  31. IF you have CCleaner, a freeware program, RUN CLEANER; then SCAN REGISTRY and fix any issues.
  32. RESTART under normal mode.