XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Whilst these instructions did work, and I am most greatful for that, it appears that this problem is rampant. My brother got the computer infected a couple of weeks ago using IE, and I have recently being infected using Firefox. Are there any reliable methods of prevention? I really do not want to have to go through all this a third time.
so fast, easy and usefull! thanks!!!!
The fix worked, thanks so much!
Patrick- a further update:
I forgot to mention that I ran the exe.download fix from dougknox.com as per comments from other users. Don’t know if it did any good but ?
Other results:
-ran EasyCleaner and it found 25 files low priority, 1 high priority, deleted them all
-Safe Mode opens perfectly
-ran Malwarebytes in Safe Mode, no infections
I’ve been dealing with this malware for 4 days and maybe I’m relieved but I’m also convinced my computer is more responsive that it was previously. Without the assistance of yourself and this website, what would I have done?
How can I make a $money$ contribution
Cheers Rob W
Glad to help you Rob 🙂
A few information for you about the MalwareBytes Anti-malware Full version. It features scheduled scanning, scheduled updating and highly advanced Real-Time Protection to ensure protection from installation or re-installation of potential threats as you surf the Internet.
If you want purchase it, the use the following link FULL version of MalwareBytes Anti-malware.
Stuart, to protect your computer, you should have:
1. good antivirus and antispyware.
2. firewall
3. an alternate browser.
And also be careful when opening attachments and downloading files (from torrents too!!!).
thank you a lot pretty simple explanation
my icons popped up using your advice but i think some things didnt get properly removed in step 2… i have two runtime error dialog boxes..(’40’) and (‘440″) and in my start menu there is a black box where my most used applications would be…and when i click on the applications button it is disabled i cant view all my applications through my start menu…my dvd player is disabled and so is windows media player
Ok. I’m getting a little frustrated. I cannot get my fix.reg to run after double clicking. I read the previous posts and believe I tried everything. I’m still getting the “Cannot import “…”, The specified file is not a registry script…
1. I checked to make sure that “Windows Registry Editor Version 5.00″ was on the first line.
2. I tried right-clicking and selecting Merge on the fix.reg file.
3. I tried “Importing the registry file” into the Registry Editor.
Nothing seems to work. Any suggestions would be greatly appreciated.
Do I have to run the update before running the quick scan to remove the Antivirus XP 2010?
When I try to update the Malwarebytes’ Anti-Malware prior to performing the quick scan, it pops up a message saying ‘An error occurred. Please report the following error code to the Malwarebytes’ Anti-Malware support team. Error code 732 (2, 0) The system cannot find the file specified.’ Please help me on this. Thanks a lot!
I follow the first step, then when I try to execute a .exe file it does nothing, it tells me “Choose the program you want to use to open this file:
I just wanted to say thanks. The reg entry was worth it alone. The link for malwarebytes was for spywaredoctor. All the same thanks again! I just reinstalled and was using kaspersky internet security.
my icons came back up but now my computer has a runtime error ’40 and runtime ‘440 message and the C++ Runtime Error message and when i click start my most used icons are not there..just a black box and i can’t select all applications to view all my applications…what do I do now? i think step 2 uninstalled some of my programs incorrectly and now its not running correct
do i delete the fix.reg file from my desktop?
im sory the first runtime error is ‘0’ not ’40’
Worked for me… excellent. Very confused though, wondering why nobody’s anti-virus, anti-spyware software seems to intercept this. Found this searching google, executed the instructions… followed them step by step, and 100% fine now. Thank you,
Casey from Nebraska
You guys also posted what the XP AntiSpyware 2010 does to your computer (creats files, regestry files) I was just wondering why you posted it. Do I have to now go and find those files and delete them?
Thanks for turning a bad day into a good one. Instructions worked a treat. My McAfee 2009 didn’t prevent it.
Thank you so much! Glad I was just able to get on your site with that stinkin xp 2010 blockin me up. thanx again
Now no exe. files run and I can’t download because it says my security settings will not allow this action. guess i’m not out of the woods yet…….
I have the same issue as Dot from Feb. 25…after successfully removing the XP Guardian, the Internet Explorer will not launch from the Start Menu, and none of the similar situations’ fixes above have repaired it. (Curiously, I *can* launch IE from the desktop?!?) I will try to enter an issue on the Spyware Removal forum (but I admit that at this point, I have no idea what that means….)
But, this issue aside, and hoping that there aren’t 1,000,000 other undiscovered problems lurking on my PC since I followed your directions here, I am SO SO SO grateful to you, Patrik, for being the one source that helped me out of that awful XP Guardian infinite loop. I thought I would go nuts or just throw this computer away and start over, seriously.
Here’s hoping I can get the IE on the Start menu to work again, and then all will be back to normal, I think…
twice this has gotten me. It suddenly appeared after I went onto a website I have been on before. I didn’t even click anything, it just downloaded to my laptop. Why do people created such things? Is this a proper Microsoft product? Can’t they do anything to stop it?
Hi, I’ve done all the steps, but I still have antivirus xp 2010 on my computer. The program detected four problems only and I still cannot access my internet explorer. the virus stays inactive until I start up internet explorer.
I also tried going into safemode, but I can’t. I think it’s because I am using bootcamp on my mac.
The only internet program that the malware doesn’t seem to block is google chrome. Will uninstalling IE do anything?
Kim, open the fix.reg in the notepad. Click File, Save as. In the dialog, set Encoding to ANSI and click Save and rewrite old file. Run it.
Eric, probably your computer also infected with TDSS trojan. Download TDSSKiller from here and unzip to your desktop.
Open tdsskiller folder and run TDSSKiller. Follow the prompts.
Once finished, run Malwarebytes Anti-malware once again.
Mart, check twice fix.reg and try run once again.
Daison, yes remove the fix.reg. If you need a help, then open a new topic in our Spyware removal forum. I will check your PC.
Vlad, no. malwarebytes will remove them automatically.
Tim, try run fix.reg once again.
How says ?