XJR Antivirus is a malicious anti-spyware application that has been cloned from Your Protection, and tries to trick users into purchasing its license. This malicious application reaches the user’s computer via Trojans that get downloaded from malicious websites. Once established on the user’s system, XJR Antivirus loads itself as a startup service at boot time. XJR Antivirus proceeds to perform a large number of fake security scans on the system, returning results that state that the computer is dangerously infected with a number of non-existent viruses. It also generates fake warning pop-ups from the Windows taskbar. Finally XJR Antivirus urges the user to purchase a license to the ‘full’ version of the software, claiming that the currently installed ‘trial’ version is incapable of cleaning the detected false ‘threats’. However, all users should be aware that this is a trick aimed at swindling their money, as no version of XJR Antivirus can scan or clean any computer.

The following chapters will show you how to remove XJR Antivirus. This requires the stopping of processes, unregistering of DLL files, deletion of files and folders and the removal of registry entries.

File Removal Procedures

The first step you need to take in order to remove XJR Antivirus is to stop the following processes:

• alggui.exe
• svchost.exe
• wpp.exe
• XJR Antivirus.exe

Next, it is necessary to unregister the following DLL which is associated with XJR Antivirus:

As the next step in XJR Antivirus removal you must delete the following files and folders:

• %UserProfile%\Desktop\XJR Antivirus.lnk
• %UserProfile%\Local Settings\Temp\win1.tmp
• %UserProfile%\Local Settings\Temp\win2.tmp
• C:\Program Files\alggui.exe
• C:\Program Files\nuar.old
• C:\Program Files\skynet.dat
• C:\Program Files\svchost.exe
• C:\Program Files\wp3.dat
• C:\Program Files\wp4.dat
• C:\Program Files\wpp.exe
• C:\Program Files\XJR Antivirus
• C:\Program Files\XJR Antivirus\XJR Antivirus.exe

Once the above steps have been completed, XJR Antivirus no longer resides on your file system. In order to make sure of this aspect as well as in order to certify that there are no additional infections present on the PC it is recommended to conduct a full system scan using genuine antivirus software such as Spyware Doctor with Antivirus.

Registry Removal Procedures

In order to completely remove XJR Antivirus, it is necessary to remove the following keys and settings from the Windows Registry:

• HKEY_CURRENT_USER\Software\XJR Antivirus
• HKEY_CLASSES_ROOT\CLSID\149256D5-E103-4523-BB43-2CFB066839D6
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\149256D5-E103-4523-BB43-2CFB066839D6