XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Pete, post here a full message that computer shows you.
Hi all, I went through all the steps and it worked – but when I go to shut down, it’s saying I’ve got updates. Is that the virus’s fake updates, or do I actually have updates? Does the virus pigback on real updates? Thanks!
Hey sorry but I’m not really good computer. On step #1 what does it mean “Double Click fix.reg and click YES for confirm.” I saved the notebook file but I’M confused what the double click thing means.
Never mind I got it figured out. Thank you so much for doing all this.
I’ve been infected with XP Internet Security 2010.
I’ve done this:
-done fix.reg which stopped XP IS from continually popping up
-found av.exe and deleted it
-downloaded Malwarebytes and installed
-I also downloaded Spyware Dr and installed
-looked for secfile in registry and it’s not there under USER or ROOT.
Results
-the malware will not let me update Malwarebytes
-I cannot boot into Safe mode, the screen keeps freezing at the driver load
-system will not let me access Malwarebytes website (had to get download through cnet website)
-system wil not let me update Spyware Dr
-when doing a normal boot, internet connection in Network Connections takes about 2 minutes to connect
-still redirects me from Google search to various sales websites and difficult to get out of them
Patrik,
Thank you for response. I checked the contents of fix.reg. This is no “Windows Registry Editor Version 5.00″. All I can see are what I pasted in:
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=”\”%1\” %*”
[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”
My daughter got this virus on her computer and I used these instructions and it seems to be gone. Thank you for making me a hero =)
One thing though. Now when I go to get online by clicking internet explorer, it brings me to the open with screen. I click internet explorer there and it brings me to C:\Documents and Settings\home
I am not ssure yet is the same thing will happen with other programs as well, but I assume so.
What can I do to get this back to normal where I just click on explorer and it comes right up.
Thanks,
Dot
hi all, for some reason i cant complete step 1. When I hit the yes button on the fix icon on my desktop it says it cannot import the file because not all of the data was successfully written to the registry, and that some keys are open by the system or other processes. Help would be appreciated greatly, thanks.
none of the files or resistry are present on my computer, but the virus is still present. malwarebytes will not download correctly at all. is there any way to fix this?
i tried doing this and step one went well but step 2 killed my computer after it was completed and the computer reseted…I can’t log on to my computer pass the welcome menu
none of my icons will show up now…just the background picture
you hear the welcome music…then an noice like an error then this dialogue box pops up:
————————————————–Microsoct Visual C++ Runtime Library
————————————————–Runtime Error!
Program: …es\common files\roxio shared\etc,etc
This request the runtime to terminate in an unusual way. Please contact the application support team for more information.
after this i can just see my background picture and no icons, nothing else, please help!!!
Patrik: It worked like a charm!!! Thank you so much. You’re terrific!!
ChuckB
Keep getting Registry Error
“Cannot import C:/documents…../fix.reg: Error accessing the registry”.
I looked at previous comments. Have checked first line of fix.reg. Everything seems to be in order. Just keep getting “error accessing the registry”.
Thanks in advance for your help.
Thanks for the help!
my malware says nothings wrong,
and cant update.
yet the virus is still there.
WHAAAT DOO I DOOO!
Wyatt, use another way. Click right mouse button to fix.reg ans select Merge.
Rob, looks like your computer also infected with TDSS trojan. Download TDSSKiller from here and unzip to your desktop.
Open tdsskiller folder and run TDSSKiller. Follow the prompts.
Once finished, run Malwarebytes Anti-malware once again.
Drew, please make a new fix.reg. It SHOULD HAVE “Windows Registry Editor Version 5.00″ in first line.
Dot, open a new topic in our Spyware removal forum. I will check your PC.
Dak, try make first step in Safe mode.
and ive repeated the process many times.
everything works.
up untill i do the quick scan with the malware program..
it just says nothings wrong…
Patrick,
I tried running the fix.reg in step 1, but when I reboot the antivirus 2010 virus still will not allow me to get past it to download malwarebytes. I posted on the spyware removal forum, but any other help would be greatly appreciated!
Thank you!
now the toolbar is gone and everything!!!!!!!! WHAT DO I DO!
Charles and Emmaaaa, please ask for help in our Spyware removal forum.
Daison, once windows loaded, press CTRl + ALT + DEL. Task manager opens. CLick File, new task.
Type explorer.exe and press Enter.
I should back your icons and Start button.
Brian, try the following:
CLick Start, Run, type command and press Enter.
Command console opens.
Type regedit and press Enter.
Registry editor opens.
Click File, Import. Select fix.reg and click Open.
I noticed comments from Dot and others that after running the fix.reg file, when they try to open explorer or even control panel what they get is my documents. In typing the file they have missed a blank space between 2 characters. I tried the file with and without the space and discovered the issue. This line MUST have a space and it’s hard to tell it’s there:
@=”\”%1\”space is here%*” and it will look like this @=”\”%1\” %*” Patrick I will try TDSSkiller.
phydous…I couldn’t run my internet also..I had to save the file instead of running it on a usb drive from my labtop then run it off of my usb drive onto my infected desktop pc to get to step 2..thanks Patrik I will go and try this
Patrick – I was infected with XP Internet Security and this is what I did:
-read everything in this site 15 pages, then
-created and ran fix.reg as you advise
-searched and eliminated av.exe
-installed Malwarebyte from the cnet website because I was barred from the Malwarebyte site
Result:
-XP Int Sec stopped popping up
-still could not update Malwarebytes
-searches from google were still re-directed to sales sites – shopzilla
-while using explorer, could not backup using lefthand arrow on top of screen from websites
-explorer would not open right away after doing a boot, took almost 2 minutes
-could not run Safe Mode
Further action:
-downloaded and ran TDSSKiller as per Patrick and it found 4 infected files
-on another computer, installed Malwarebytes, updated and loaded rules.ref to a USB stick as per your `malwarebytes won`t ìnstall or run` forum
-ran Malwarebytes and it cleaned up everything-9 infected files
-using log from Malbytes, modifed XP security centre and any registry values with (1) to (0)
-modified registry for startmenuinternet to remove ave.exe modifed references and quotation marks in command
Everything appears to be perfect but I`ve not run Safe Mode yet.
Users should beware when looking for malwarebytes on google search, the first offering is AntiMalware2010.org which looks suspicously like it might be tied to XP Internet Security.
Last – this stuff doesn`t install itself. I admit I got infected from Pirate Bay by downloading a file sitting right above the torrent I actually wanted for PowerISO. I recall thinking – that file was very small. To make things worse, I did not pay attention and simply clicked the exe file sitting on my desktop which then loaded XP Internet Security.
Patrick, would you recommend buying the full Malwarebytes program