XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
I followed these steps exactly.
So far, so good …the virus is gone.
Another website had a slightly different set of registry edits, which didn’t work.
This one worked fine.
Followed the instructions last night, except I didn’t update Malware Bytes (I already have it, and had just updated a few days ago). Last night I had seemingly gotten rid of it, but it returned this morning. Managed to use the fix.reg again, and chose to update Malware Bytes this time–it’s currently scanning once more for it. Do you suppose it came right back because I didn’t update? The list of bad files it found last night seemed awfully small. Would you think this current scan after updating it would work?
now it’s saying it’s not finding anything malicious! and the faulty program is still there! help!
Nick, open a new topic in our Spyware removal forum. I will check your PC.
A lot of my programs on my computer wont work (ex. itune, mic. word and excel), becuase if antivirus 2010. When I click on these programs, it says application not found? Will step 1 repair or find these programs? or will I have to reinstall windows again.
Also I click on merge and also tried double clicking it to open fix.reg, but it does not ask me to confirm anything. IS there are way around the confirmation step… or any other suggestions?
Thanks
Brilliant!! Thank you so much
everything seemed to work perfect…..BUT then it all came back! Do I start from step 1 again?
Do I do it all over, again?
I’m in the result of this problem right now, but I’m really confused and frustrated. I’m still on the first step! My notebook shit’s being annoying. =.=” Thank you though, I’ll inform my friends to stay clear of XP Guardian and etc!
Hamp, open a new topic in our Spyware removal forum. I will help you.
I consider myself an IT-expert but this new version (av.exe) was really hard to hunt down. I have to admit im very happy with your instructions.
I can’t run the fix.reg cause it’s saying
“currently used by ano ther program”
Did anyone got the same problem – can I proceed somehow without copleting step 1?
Thanks.
I used the Trojan Remover from —> .simplysup.com . It removed the “xp internet security” problem I had on the first run. It has been 5 days with no reaccurances.
if you are having a hard time savign teh fix.reg the way i was. its because under teh name area you need to change it to “all files” i have jusr gotten rid on my virus thanx so much for your help this worked perfectly for me
Thank you very much. Helped me a BUNCH… I had Mlwarebytes for a year now and went to it for a help when I so that stupid XP thing, and that BITCH blocked my Malwarebytes and wouldn’t let me open it… So thanks a lot for showing how to get rid of it in the first place, now Malwarebytes are scanning for all the leftovers)))))
To Patrick… Do you think it would be a good idea to additionally turn the “System restore” off before following your directions or it doesn’t matter for this case?
First of all, thanks for this info site and easy instructions.
It seems to be working. But
1.)My desktop went to the original xp theme like it is a fresh install. I managed to find my previous desktop icons in a new folder created on c:\Documents and Settings\user-computerID as it used to be = c:\Documents and Settings\user
2.) My programs are not executing – like everything is a fresh install.
My question is… what is this folder it created from #1? Would it be safer to start a new user account? This happened after using Malwarebytes.
Please advise. Thank you…
Is it possible to retrieve my old desktop with icons & folders and to have my programs working again w/out having to redo passwords and settings (like Filezilla – all accounts are gone)? Using Windows XP Pro SP3
Thanks Patrick!
Gino, once yo have done the above instructions, turn off System restore, reboot PC and turn On it back. Make a new Restore point.
merci pour les blondes qui se trouvent bien dépourvues (voulant absolument voir l’episode 12 de la saison 6 de grey anatomy) en chopant ce virus sur allostreaming….
Explications très claires et très efficace
Un très grand merci !
I wish someone suggested a way seems to Antivirus XP 2010-proof the computer once it was removed. I successfully removed this particular malware but got it back again – despite installing Lavasoft Ad-Aware (I also run Avast Personal ed-n). If you already have an answer it would be much appreciated. My first observation was, java icon got kicked off in the tray bar at approximately the time I got the infection again.
just wanted to let you knwo that it has been a day and i have had no other issues with my computer. thanx so much for your system patrik.
Patrik,
Nice job on this post. Thank you so much for all the help. I have my .exe files all up and running again, and malwarebytes is doing its search. Already found a couple infected files! Thank you again,
Alex
yo Pat, my man, you need 2 help me out! I see u got yo PC game down pat (PUN!! haha luv em!) so I was wondering WHAT SOULD A BROTHA DO??? I got this PC infected 2 days ago, and luckily I can use all my programs, the stupid av.exe thing just keeps popping up. I already tried the “.reg” method but it doesn’t work. Can I do a “search” for any of the files related to this god-damn virus?
I have been using Malwarebytes on all my computers for several years now, after my daughter’s computer was infected two ago with a Browser highjacker. This software is simply amazing as it has saved me (and my daughter) countless times.
This malware was particularly nasty in it would not allow me to start Malwarebytes. I also run Spybot Search and Destroy (freeware). I ran Spybot first, although it did not completely clean this malware, it allowed me to start and run Malwarebytes, which completely cleaned my daughter’s computer. Defense in depth is a good strategy.
I got this nasty SOB today. felt that I should point out that for some oddity, i was never redirected to another page, it just inconspicuously downloaded itself. I was just perusin’ DA, when my internet closes and I get a message sayinf my comp was hijacked and I need to download “Guardian” so I was like “pfft, right, windows actually making something for XP now.” So I turned off my internet connection, Avasted my computer, got rid of the main file labeled “Fake,” then came here. Good thing I have 2 PCs, otherwise I’d be lost. My point is, this thing downloaded without a page redirection, sript prompt, opened file, or anything of the sort. Thanxx a bunch!
It isn’t dead yet! I installed software, had no problem with the notepad, the files are deleted, BUT THE GUARDIAN IS STILL THERE! I rebhooted my internet, the guardian warning still popped up! It’s alive still. What do I do now?
Thank you so much!!! it works!!! just follow the instructions carefully..thanks again!
drakkie, please open a new topic in our Spyware removal forum. I will check your PC.
hi patrick.
when i try opening the fix.reg file (saved under all files and ansi coding), i get a message that it is not a valid WIN32 application. i tried the other options you’ve previously suggested, right clicking and merge, doing it in multiple steps, importing through registry editor, but none seem to work. any ideas on what could be wrong?
Ugh I’m so frustrated. I’m trying to help my neighbor fix this on HER laptop. I found these instructions so though piece of cake. I know nothing about computers but figured I’d try. I typed EXACTLY what you have on step 1. And it registered..though i have no clue what that means or does. But I still can’t access the interent on her computer. I have re registered the fix file 500 times and rebooted. I’m sitting now in safe mode with networking and it’s still popping up. I put the Malware on a flash drive and tried installing on her comp but it keeps shutting down and stops mid scan with soem error message. What do I do..cause I’m about to just give her back her computer and say call Geek Squad..I’ve been at this damn thing all day..errrr Help!
Saved my life. Thankyou.