XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Liz, read and follow the steps from my answer to Susan (Comment by Patrik — February 28, 2010).
Doug, its possible, also probably your computer is infected with a hidden trojan that reinstalls the malware.
Patrik: Fix ran successfully first time, and Malwarebytes found and killed the malware, I think. However, I’ve lost all the file associations like several others here. Can’t run any executable file; so can’t run regedit and can’t do a system restore. You advised others in my position to run fix.reg again; have done this but still no .exe files (including Malwarebytes) will run. Your advice to Susan on 28 Feb seems to apply, but I cannot run regedit: I get the message “Windows cannot open this file: … Windows needs to know what program created it” etc. What steps should I take next? Thanks in advance for any help.
Thanks Patrik! I have taken those steps…you are life saver!!
Patrick
I located the registry key, however there was no restriction folder in the registry, even did a search for it and no luck!!!
Mona
I don’t know how to thank you for these great instructions. I am a ameture computer person and these instructions were awsome. Straight forward, easy to understand, and with a great outcome. Everything worked and the MalWare program I actually use on a regular basis so I was comfortable using it. Some sites told me to download other programs I was unfamiliar with and reluctant to use. Since I already had MalWare I used it and had no problems. The fix.reg worked like a charm as well. I just want to thank the wirter of the conclusion to this stupid torjan and I want to tell him I appreciate the effort he put fourth in making it so user friendly.
Anyone that reads this turst me it works great. I had no problems after the hole process.
THANKS AGAIN!!! 😉
Quick question…Im getting the same error message about not being able to register fix.run and can only import from within the computer…DO you have a step by step for removing other hidden trojans, with instrustions that are easy to follow like the above? Im not technical, and I understand…Just need a little more guidance!
Thanks a lot if you can help me out.
^^^
I restarted my computer and put it into safe-mode and still noting!
kels
When I go through step one I save it as fix.reg on my Desktop and I select all files from file type. When I got to open it up, I am not asked to confirm anything, and it just opens up and doesnt do anything… what am I doing wrong?
Patrik,
I’ve gone through all the steps and removed 4 items from my desktop computer. However when it asked me to restart I did and now it is in continuous loop of rebooting. How do I fix this? Thanks.
Why does your link for malware download go right to PC doctor with ANTIVRUS 2010???? Isnt that what we’re trying to get rid of?
My parents bought Norton (which cost them 100 dollars and i told them it was a waste of money) and i was so happy i got this virus again, just to prove them wrong. (i’ve gotten the 2008, 2009 versions also) thanks for the tips on making it go away!
PATRIK!!!!! MAN THANK YOU THANK YOU!!!! THIS SITE IS THE BEST!!!!, I AM SUCH A ROOKIE WHEN IT COMES TO THE COMPUTER!!!, YOU HAVE MADE ME FEEL LIKE A WELCOMED MEMBER TO THE GEEK SQUAD!!!!!, LOL, I STILL DONT KNOW WHAT I DID BUT I FOLLOWED YOUR ONSTRUCTIONS AND BAMMM!!! IT WORKED!!!! MAY YOUR LIFE BE FILLED WITH RICHES!!!!! I ALWAYS WONDERED ABOUT WHO?? STARTS THESE VIRUSES!! AND ARE THE SAME FOLKS THAT SHOW US HOW TO FIX THEM …..ARE THEY THE ONES WHO CREATE THEM??, I HOPE NOT!!.. I DIGRESS….ANYWAY THANK YOU WHOEVER U ARE!!!! THANK YOU!!! THIS STUFF REALLY WORKS!!!!
Kelsie, please open a new topic in our Spyware removal forum. I will check your computer.
Hamp, try another way. Right click to fix.reg and select Merge.
Jonny, try boot your PC in Last good configuration.
Frank, probably you have clicked to Google ads. At the page scroll down to “Download MalwareBytes Anti-malware” and click to a link.
Patrik, I re-did step one again. I clicked on merge, and also tried double clicking it to open it, but it still did not ask me to confirm anything. IS there are way around the confirmation step… or any other suggestions?
OK. I need a little help here. I did the first step. Then I downloaded the anti spyware, but it won’t run. There’s now no XP security popping up, but my internet isn’t running properly and it keeps asking me what program I want to use to run everything. HELP?!?
Im stuck on the first thing, when I type command it opens but I cant type anything in. I think I have the newest version of the xp antivirus because it seems smarter. im going to try to get it done in safe mode? also malwarebytes wont start for me when im in normal mode in windows but works fine in safe mode with or without network..and when i scanned in safe mode in MWB it didnt detect anything, and my mcafee scan said it quarantined something but im still getting the stupid popups every 5 minutes, any help would be appreciated
Thank you so much. Caught it out of the blue and followed everything you said. Now its working fine again and the popups are nowhere to be found. It seems to have worked a treat. Thanks again, its people like you that make the internet an awesome place after sifting through the scum that makes these things.
Well, I thought I was a pretty good tech until I ran up against this devil. The .exe was new to me, and as a consequence, I did a rebuild to kill the malware. But, that was after hours of trying to fix the .exe issue. Thank you so much for this post. I, and thousands of other techs appreciate your efforts on our behalf. God Bless…..
Thanks man worked great. Good Work!
Patrik:
I wrote you a couple of times, but my posts seem to have disappeared, so will try again.
I had been infected with Internet Security 2010 several weeks ago and did all the things you suggested and got rid of it.
Then last week we got infected with smss32. Followed your instructions for that and got rid of it, but Internet Security 2010 reappeared. Again folloewed the instructions and got rid of it again. However, the machine won’t boot up. It stops at the Welcome screen and freezes up. Have to shut down . It will boot up in safe mode, but even there Internet Security seems to creep in. How can I get it to boot up normally?
ChuckB
hi, havent used my pc at all today, woke up to find this dam thing on it. It says above to do that reg thing, then install malware bytes, which i already have on my system but cus of this xp guardian, it doesnt allow u to install or open any files, it will just reopen the av.exe in the processes, so u might have to boot to safe mode before doin this.
Patrik,
I’ve tried rebooting in last good configuration, it runs a disk check then reboots and I’m back to square one. If I try to skip the disk check it reboots automatically again. The only way I can get it to power on is in safe mode. Thanks in advance.
Dear Patrik
Like some of your other XP internet security 2010 victims, I have fallen at the first hurdle. When trying to run the fix.reg I get the error message saying cannot import, the specified file is not a registry script. you can only import binary registry files from within the registry editor. Pleeeeeaaaaase help? (What the hell is a registry editor anyway?!)
Thank you! My PC got this problem. I followed your directions, I got rid of the problem and now my PC is working very well. Thanks a lot!
Patrik – PLEASE HELP? Hair falling out and am at screaming/crying point now after 5hrs trying … fix.reg OK. MBAM install process gets to finish point, but then a big fat nothing. Have tried name change to .Com etc. but still no good. What should I try next?
Alison, please open a new topic in our Spyware removal forum. I will check your computer.