XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Just wanted to say thanks, the above instructions worked great! This virus is relentless, but all programs and my pc are back to working normally. Follow the instructions and you can’t go wrong. One note: if you can’t get on the internet after step 1, I just used my laptop and downloaded the Malwarebytes program, then transferred it to my infected PC using a flash drive. Ran it no problem (if it won’t start, just run the reg.fix file again, then Malwarebytes will install no problem) Everything worked just as the instructions said, thanks again!!
Clayton, please open a new topic in our Spyware removal forum. I will check your PC.
Lexilia, try open the fix.reg from Safe mode.
Dave, run registry editor (read my comments above), then Click File, Import and select fix.reg.
Jey, try scan you computer with an online scanner or open a new topic in our Spyware removal forum. I will check your computer.
Char, looks like you need reset permissions for any unwriteable registry keys.
Try the following steps:
Visit the following Microsoft Web site: http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B
Click Download to download the SubInACL tool (SubInACL.exe).
When the download is finished, double-click to install the downloaded file.
The SubInACL tool installs to the %programfiles%\Windows Resource Kits\Tools folder.
Click Start -> Run, type Notepad, and then press ENTER.
Copy and then paste (or type) the following text into Notepad:
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=fsubinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
Click File, and then click Save As.
Copy and paste the following path and file name into the File name box:
%programfiles%\Windows Resource Kits\Tools\sub.batClick Save.
Click Start, and then click Run.
Copy and then paste the following path and file name into the Open box, and then click OK:
%programfiles%\Windows Resource Kits\Tools\sub.batA Command Prompt window opens.
The tool runs for about 5-10 minutes or longer. Do not restart the system at this point.
When the tool has finished running, the Command Prompt window closes automatically.
Restart the computer.
Note: Good idea – make a backup before any changes. Read and follow the instructions: How to backup Windows Registry.
Bill, check your fix.reg. It should have “Windows Registry Editor Version 5.00” in first line.
Patrik,
I did step 1, rebooted my computer and downloaded malwarebytes. However, when I tried to click on the desktop icon malwarebytes, the following windows pop up, “vbAccelerator SGrid II Control: Run-time error ‘0’” and “Malewarebytes’ Anti-Maleware: Run-time error ‘440’: Automation error.” Did I do something wrong?
Thanks
when i try to run the fix.reg i get a error message saying cannot import the specified file is not a registry script. you can only import binary registry files from within the registry editor. what am i doing wrong? also i cant download the program because when i open explorer or mozilla xp guardian wont let me go to the site. how can i download?
Worked beautifully! Thanks
Fabulous solution!!! Worked like charm. I thought I was screwed when this thing popped up and your step by step worked great. Thanks for being there.
Hi Patrik I just completed the first step and XP Guardian is gone! It didn’t appear when I rebooted my computer and there are no more alerts. Should I continue with the next steps or can I leave it as is?
MASSIVE Thanks!!
Spent 5 hours pressing everything I knew in to service before I found this little techy guide and, fingers crossed it hasn’t re-appeared since following your instructions to the letter.
You might be thousands of miles away, but if you ever call over to Lancashire UK, send me a mail and I’ll buy you a pint!
Cheers mate!
Pete
I completed the second step as well and it worked like a charm! Thank you!
Thank you very much for providing a solution to XP guardian 2010.
I am trying to remove it, but need some help!
(1) “fix.reg” problem: I tried to follow the instructions above, but I find that I could not finish step 1. “fix.reg” simply won’t run.
(2) Malwarebytes character display: I tried to skip step 1 and proceed to installing Malwarebytes (Step 2). I couldn’t install when mbam_setup.exe was on the desktop, so I moved the mbam_setup.exe to C:\ and installed from command line.
During installation, the software asked me about the language to install. Because my computer is traditional Chinese, I installed traditional Chinese version. Then I realized that I cannot read the characters from Malwarebytes because it is encrypted. Desperate, I uninstalled the software and reinstalled again with English version. Still, Malwarebytes is still encrypted.
(3) Malwarebytes scanning: I thought that I could proceed with scanning anyways provided that I press the right buttons. So I tried, but the scanning ended in 3 seconds. I can’t read the log because it is also encrypted.
Please advice on how I should solve this problem.
Thank you very much for your kind help.
Frank
Thank you! worked great. Caught XP Internet Security 2010 while at whitepages.com! had no other website open. I don’t know how people get these things in the places they do.
Was infected by one of the other versions a while back but it wouldn’t even let me open notepad or turn off the computer. I ended up having to re-install Windows to get rid of it. This was much easier lol. 20 min and thank you!
Patrick,
You’ve made significant deposits in the bank of karma!
Live Long & Prosper!
Peace,
YinYangMind
So glad i could read this site – as i thought it was just me and i had done something, even though my Norton Virus checker couldnt fine anything!!!!
I dont really want to pay to get rid of this as just paid for Norton,
Please explain in simple words how i can get rid of it?
Thanks
Hi There, I tried the above steps but I still cannot access my laptop the way I used to. The Guardian boxes are still popping up and I cannot access the internet as the error and virus protection boxes keep preventing me moving further. Any ideas?
Just wanted to say that you for the fix…. Was clear concise and much appreciated.
Boss’s choice
worked for me cheers guys x
Patrik! You are the man!
For some reason Malwarebytes runs for only ten minutes or so and the stops responding. Any thoughts?
STEP 1 WAS PERFECT!!! I had been trying all night to fix it and called the computer guy we use ocaasionally for our small offce. He wanted to wipe the hardrive and reinstall everything for 200 bucks. He was nice enought to try a few things over the phone but could not help.
THANK YOU VERY myantispyware.com MUCH FOR YOUR POST!!
Hi Patrik,
We tried the fix last night and it worked great! It was gone as far as we could tell, however this evening I launched internet explorer and the stupid thing is back. I ran the fix again and it seemed to work. How can we make sure it’s really gone this time?
Can’t thank you enough – your fix worked great. After getting this once, I restored my system from a full backup and thought I was safe. Then it came back. Any idea what vector is carrying this? Is it possibly Facebook?
Thanks heaps guys. This really works well and fixes the problem straight away.
Rabia, anyway, download malwarebytes, update it and perform a scan.
Frank, right click to fix.reg and select Merge.
“No Luck!”, try repeat all steps, If it does note help, then open a new topic in our Spyware removal forum.
Britty, try reinstall Malwarebytes. If it does not help, then open a new topic in our Spyware removal forum.