XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
i got my sister’s laptop infected with this stupid fake av but i cant open internet explorer and mozilla firefox so how am i supposed to download the malware things ? IM SO DESPERATE AND I DONT WANT HER TO FORMAT HER LAPTOP . waste of money i tell u .
oh yea btw , i cant open regedit and any other .exe files . i tried fix.reg thing still didnt work . i tried rkill still doesnt work . AARGGHH !!!
When I try to run ANYTHING on my computer, it says \the handle is invalid\ PLEASE HELP!! I’m not sure what’s going on with my comp. I can’t even get online, I’m online through my cell phone, which doesn’t help too much!
I’m not sure if I’m doing something wrong, but when I try to run the .reg it says “cannot import the file is not a registry script. You can only import binary files from within registry editor” — is there anything I’m doing wrong?
My pc got infected with XP Internet Security 2010 yesterday (Tuesday 2nd)… I followed the instructions on another webdite and everything turned out well after 2 hours of fighting it… but today, when I turned my pc back on.. pff.. another pop up.. but this time from XP Guardian 2010… I got to this website and followed all the instructions here (similar to what I found yesterday) and now everything is apparently back to normal… I don’t know how this got infected in the first place, but I sure hope this is the last time I deal with it. I’m tired of this.
I’ll post again if I find another pop up… how does one get infected by this?
chris, check twice registry fix. It should have “Windows Registry Editor Version 5.00” header (first line)
Ok.. nothing has happened today… no more virus.. only one alert of a malicious code and NOD32 erased it.
Thank you!!! This worked great and only took abouit five minutes to do!
Oh my god, 1 word LEGEND 🙂
I’m not the brightest when comes to computers and this was easy and quick.
Thank you very much indeed 🙂
I have tried but I am stuck on step one, when I doubleclick on fix.reg I get “Windows Cannot find C:Documents and Settings\…..\Desktop\fix.reg”, I also tried to open the file via the registry editor via Run ->REGEDIT but the editor does not open, I’m stuck, please Patrick help!
Haven’t tried this yet. Went to another website and installed Spydoctor thingy. It found the infections, but wanted me to purchase the full edition to remove them.
Is this malwarebytes-anti-malware software 100% free?
very very very helpful, looked at other sites but well complicated to understand and wanted me to buy a full purchase of spyware doctor, these instructions of yours were a godsend even a dope like me could understand
Thank you, this helped me a lot.
Had to do a couple manual fixes after all was done: had to reenable firewall service and set startup to automatic (under windows services). Then had to modify security center so that it would check firewall again (it was set as to not check firewall)
It worked and I think everything is gone ….but how do I change from running of .exe files?
Alan, run regedit as notepad in above guide. Then manually remove infected keys (look contents of fix.reg) and restore default value of HKEY_CLASSES_ROOT\.exe
Chris, yes you can use Malwarebytes to remove malware for free.
Hi….My laptop got infected with XP security 2010 today. ANd then I was not able to connect to internet and started receiving various alerts and auto scan etc etc. I re-booted my laptop…post which its not starting in normal mode. I can start it only in safe mode. Can I run the above command in safe mode? Also, since Iam not able to connect to Internet how can I proceed with Step 2??
Patrik, thanks for the helpful advice it worked like a champ.
rk, yes you can run above commands in Safe mode.
thanks it worked
Performed the above instructions today, and XP Guardian is no more!
Many Thanks Patrik and co.
How do I undo Step 1 Repair “running of .exe files”?
amazing. Saved me tons of time and money. No data doctors required. Thanks alot.
How do I undo Step 1. Repair “running of .exe files”? Please help I would like my computer to run as normal
got xp internet security (no mention of 2010) and am running scan now. 1 item of note.
The link in the instructions take me to download spyhunter. realized it was wrong when it asked for payment. went straight to malwarebytes.com for the proper download.
Scanning and hopefull. at a minimum, the fix.reg portion was helpfull to get a browser open.
Thank you
Toya, why you need to make it ?
Please answer rk’s last question from yesterday. I also can’t access the internet at all thanks to XP Guardian (typing this is on a computer in a library) so how can I download anything and proceed with Step 2?
I can not run operate my computer as normal. I am unable to run anything without the “open with” box opening. I don’t want to be in the .exe mode forever!
Thanks a lot, I just do the mentioned step and remove “XP Internet Security 2010 (XP Guardian or Antivirus XP 2010” from my system.
Now i m able to work in both browser Internet explorer and Mozilla.
Toya, looks like you have not done “first step”. Try run fix.reg once again.