XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Thanks, Patrik. I already had Malwarebytes but the virus was blocking my ability to use it. Your instructions are simple and direct and now I’m running a scan with an updated Malwarebytes. Hope your day is a good one. You’ve helped make mine one.
Ashley, call or go to your bank and tell them what has happened. Ask for chargeback.
Dix, read my comment above (Comment by Patrik — February 28, 2010 to Susan).
Nikki, try repeat first step.
Judy and Scott, try the following:
CLick Start, Run, type command and press Enter.
Command console opens.
Type regedit and press Enter.
Registry editor opens.
Click File, Import. Select fix.reg and click Open.
Mike, yes, its pssible. But anyway, once you have done the System restore process, please scan your computer with Malwarebytes Anti-malware.
Everyone! Stay off Pirate Bay That’s where I picked up 2010 xp!!!!I cured my problem with the Reg.fix but It killed all my exe. relations to my programs. I backed up all my music and pics,documenrs etc. on an external drive. I then did a system restore (f10) before your computer boots up. I had to redownload all my programs like bearshare, tunebite etc. and redo all my settings. Now day three of clicking on updates and rebooting my computer for security settings of xp, internet explorer etc. The movies are better on blu-ray anyway, some things aren’t worth downloads! 6 bucks to rent or 1 week of wasted time….Thanks again Patrick for the reg.fix.
The executable has definitely changed it’s name, no more av.exe and I believe the location may have changed too.
However, Spybot-Search&Destroy still works. Not sure if the executable is still lying around.
Any suggestions appreciated.
Thanks
Ranadeep
Works a treat !!! GREAT GUYS….THANKS
Our PC had XP Internet Security 2010 and wouldn’t let us do anything. I couldn’t even get to start run CMD so I copied the text on my laptop and put on a flash drive. After running fix.reg it was gone. After scan nothing was found; but it’s fixed.
I won’t have to miss American Idol tonight!!!
Hey Patrik,
Thanks for the site! This saved my butt. I had a similar prob to a few people out there – I could not open .exe files even after Step 1. I changed the mbam-setup.exe to mbam-setup.com and that worked to complete step two. Afterwards, I still could not open .exe files and so I used Gary’s found site (from 2-13-10):
dougknox.com/xp/file_assoc.htm
And I ran the .EXE default reg thing. It seems to have worked thus far.
I did try your additional reg fix (from 2-14-10)but it did not work:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=”\”%1\” %*”
I was wondering if you can update your original posting of the fix to reflect these problems since it seems a decent percentage have them.
A few tips on what to do if steps 1 and 2 don’t seem to work could really save some people time and hassel looking through all these thank you posts to try and find a couple of specific answers.
Just trying to help those a little less patient and savvy as me… I REALLY do thank you for this site and your dedication and help! We all owe you! ~Joe
First of all – Thanks.
I followed your directions and got malwarebytes to run, ran the update and ran the quick scan – it found four items – none explicitly labeled XP – but the popups have stopped and the icon is no longer in my taskbar – have I successfully removed the problem? Thanks again.
PS = This is from my MB Log
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\user\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Quarantined and deleted successfully.
Hello, I’m still having trouble with step one. When I click ok I get message ending with “error accessing the registry”. I tried to go through command and then regedit and import it, made sure it was encoded ANSI, still got the same message when I tried. Sorry, I’m not very good with computers, anything I can do?
Ranadeep, if the guide above does ne help you, then ask for help in our Spyware removal forum.
crispien, looks like you`re clean. Wait a few days, then update Malwarebytes and perform a new scan.
Tom, try split fix.reg to three parts (split at blank line). Then try run first part, second part, …
Patrik – your efforts are very much appreciated
got xp guardian tue..found you wed…steps worked perfectly…no more xp guardian….keep up the good work…thanks a million
Tom, thanks.
Process was simple. Links were accurate/current.
I’ve been paid in beers for your useful info.
Can I just say:
Thank You, Thank You, Thank You, Thank You, Thank You, Thank You, Thank You, Thank You, Thank You, Thank You, Thank You, Thank You, Thank You, Thank You.
The first computer that got infected with this crap took me a full day to clean up. I followed your procedure, and it was 1-2-3-DONE.
Again…THANK YOU!
trying step 1 and i am getting
“Cannot import C:\Documents and Settings\Justin\Desktop\fix.reg: Error accessing the registry.”
I copy and pasted everything verbatim from above.
This was by far the easiest instructions I’ve found. Had 2 pc’s that were infected. First one was easy since the user just stopped using it on the first pop up. The other tryed to fix it himself and it just got worse. You have saved the day! Thanks!!!
WOW! Perfect advice from start to finish! I have my PC back! Thank you soooo much.
hey this is a really late reply, but I did what you said and it worked perfectly. thank you!
patrik, this worked perfectly — thanks. but is there a way to prevent this from happening in the future?
My PC was infected by the XP Guardian virus.
I have run the fix.reg and rebooted.
Then I downloaded mbam-setup.exe and run it and restarted. When I open up IE it says add-ons are disabled,unable to open up videos. Also when you try to fix ,select manage add-ons is greyed out in IE.Please help!!!
Mona
Ok – I did the step1 — and now when I rebooted the computer I can do nothing! Everything I try to do I get this message:
This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel.
Now what? This is at work & if I cannot get it fixed I am in big trouble.
i had this come on my comp today and it would not let me go into anything,i have now found you on our other comp so i shall give it ago,first of all i have gone back into system restore set back to a date that you it was working ok. i’m trying that first then if no good i shall try yours great thanks for your help..
I had this shit on my computer – needed to access it immediately.
Used the solution provided by this website.
IT WORKS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
THANK YOU!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!