We have seen a few machines get hit by this virus. The symptom of an infection is that you see an unknown AntiMalware or AntiVirus window pop up and scan your hard drive automatically. After the “scanning” session is done, it informs you that the machine is infected by virus and asks you to upgrade to the full version to remove the virus. The real virus is actually the AntiMalware itself.
The virus has a lot of variations. It’s also known as the following:
XP Internet Security 2010
XP AntiSpyware 2010
XP Antivirus Pro
Antivirus XP 2010
XP Smart Security 2010
XP Defender Pro
Total XP Security
The removal of the virus is tricky. That is because it modifies the registry for an *.exe association. Every time you want to execute an executable file it will execute the virus first. If you remove just the virus without changing the registry back to normal, you will not be able to run any program under the affected account.
The first time I encountered this problem, I couldn’t find a way to restore the registry properly. I ended up creating a new profile for the user and moving the files over. This approach is far from ideal. Luckily, I found this post about how to restore the registry so that the user can run programs again.