XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Susan, run the fix.reg once again. The, don` rebooot your PC, click Start, Run, type regedit and press Enter.
Registry editor opens.
Navigate in the left panel to HKEY_LOCAL_MACHINE \ SOFTWARE \ Clients \ StartMenuInternet \ IEXPLORE.EXE \ shell \ open \ command
I the right part of window click twice to “@”. You will see a screen with the contents like below: “C:\Documents and Settings\user\Local Settings\Application Data\av.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
Remove left part, leave only “C:\Program Files\Internet Explorer\iexplore.exe”.
Repeat the previous steps for Firefox, HKEY_LOCAL_MACHINE \ SOFTWARE \ Clients \ StartMenuInternet \ FIREFOX.EXE
Ok so I’m able to save the fix.reg file (as All files and ANSI coding) onto my desktop, but when I try to open it, it just gives me an error message saying that it’s not a valid WIN32 application. Any clue what to do?
i tired it and its still a problem…norton is not working…can’t access the internet (loads homepage then says a syntax error when i try to go to another one), my sonic dvd player and media player won’t run…and the some of the programs are not running
I have a program called Advanced System Optimizer. I can save registry restore points, much like Windows XP System Restore, except it is not a running application. I simply save a registry restore point every week or so. I had the XP Guardian on my computer and simply stopped the av.exe process (XP Guardian executable) in the task manager and kept the task manager running. I opened ASO and reverted back to a restore point from a few days ago. Worked like a charm.
Thanks for getting back to me. I did a system restore and everything runs fine…I just have to redownload a couple of applications.
Thank you so much…it worked great…but its so wierd i got hit yesterday and today my sisters laptop got hit with vista 2010 and it seems to be the same kinda thing…now we just have to figure out how to get it off hers……..THANKS AGAIN
Steph, try merge fix.reg with Windows registry by doing: right click to the fix.reg and select Merge.
Daison, try run TDSSKiller.
Thanks a lot!
This worked perfectly
Fellow posters ( & Patrik )
Follow the instructions exactly how Patrik gives them. It’s very important to restart the computer after the first regfix, otherwise it seems that even after the mal-ware is removed you need to follow the advise of 2/28 to SUSAN from Patrik in order to get IE pointed correctly. Also- once fixed download Crome which wasnt effected by this. Patrik – you are excellent. thank you so much. Robert
I got XP Gueardian on my computer and i finished doing step 1 and now i cant use my internet and other programs what can i do? 🙁
Also I am trying to install Malwarebytes to my computer
Can anyone help me i got the XP Guardian on my computer. I did step 1 and i restared and i am trying to download Malwarebytes but my internet and some other programs are not working can someone please help me???? 🙁
Thanks Patrik. I got XP Guardian 2010 virus on Feb 27 and was able to fix it based on this site and a few others. One thing to note is that newer versions of the virus use different names than av.exe. Mine was MSASCui.exe. Nasty little bugger. I was running McAfee AV by the way.
I just got this program yesterday and the fix.reg thing didn’t work then, but it just worked just now. Scan with MBAM didn’t detect anything (got 1 file yesterday, and removing it didn’t fix the problem. I have McAfee (full version) and it didn’t come up with anything either. The version I have, instead of having the process av.exe I have a process called msascui.exe and so far this factor has made most of these tutorials completely useless to me. HELP PLEASE!!!
Will, open a new topic in our Spyware removal forum.
Yume, probably your computer is infected with an updated version of this malware. Open a new topic in our Spyware removal forum. I will check your computer.
Thank you! You are my hero!! The comments on here really helped…I also had no access to internet- thank you to whoever said to go through Google Chrome to be able to download, etc. Lifesaver!
Thank you so much- I can breathe again!!
Hi,
I (stupidly) purchased a 6 month subscription to XP internet security rogue yesterday($50.00). So now I can’t open anything on my laptop except the internet. And they don’t have a phone number or website for me to cancel it.
Pease help, what should I do???
Patrik,
Thank you again it worked like a charm however, I saw that some people were having issues getting exe files to work again and I didn’t see a response. Now I am having the same problem, for example I cannot run malawarebytes it says \open file with\ and I don’t know what to do from there., this also happens when I go to iexplorer I tried starting the process over but it will still not open anything. Do you have any advice for me. Thanks again.
Also, you are never going to believe this but I got the same virus on my laptop. I ran the fix and it worked but now explorer will not work only firefox. Sorry to keep bugging you but what should I do?
Thank you, thank you, thank you! This worked perfectly and completely removed XP Guardian 2010 from my laptop. If anyone is in the same fix and has reservations about trusting this website to help you, have no fear. This is a very easy process and works the first time.
Thanks alot! Think I picked this up on pirate bay, last time i’l be using that site. In fact im quite dubious about all torrent sites now…
This process seemed to work though thanks.
Hi Patrik- I followed the instructions and was able to use my internet explorer again. However, I cannot open many programs/applications on my comp anymore- itunes, Microsoft Word, Excel, media player, etc. Any tips?
I tried doing step one but I keep getting messages saying “cannot import C:\Documents and Settings\Regina’s\Desktop\fix.reg:Error accessing the registry
What should I do?
I got this virus and it p.o.ed me a lot!! I asked some friends at school about it and they reformatted their computers. I am glad I found this site! thank you so much.
This doesnt work for me. This XP Guardian is on my daughters laptop and has stopped me from accessing the internet or accessing add/remove programs. I follow the instructions above and when i click on fix.reg all that happens is notepad opens back up with what i just typed. Nothing happens even after the reboot. HELP!!!
If I just do a system restore, will it get removed?
because thats what i did and so far its gone
funny how this virus blocks all exe files and does not allow any antivirus to run or remove it. yet it allows pc doctor to be installed and if you pay to reg pc doctor it will remove it. Stop praising pc doctor people, they are surely the ones who created this virus to begin with. think about it, its the only program allowed to run without modifiying anything first.
Thank you SO SO much for posting this! I read so many guides for removal, and this is the one that actually worked and properly got rid of the virus! Now I can get on with my day!