XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Thanks, this worked great. I tried step one and it worked great no virus. However I tried to play a game on my computer later and nothing worked. It said something about my .exe files not working. I tried to go to control panels to reinstall but it said the same thing. Any ideas? I tried step one again and rebooted but nothing changed.
Sorry to bother you again the warning that came up said the file does not have a program associated with it
I followed your instructions, after i ran Malwarebytes Anti-malware i rebooted now i get error on startup “error loading lgu.rlo” Can someone please help me ?????????
nali, try method 2.
Niall, repeat first step, then update Malwarebytes and perform a fresh scan. If it does not help, then ask for help in our Spyware removal forum.
Anna, your computer is infected with a trojan. Please open a new topic in our Spyware removal forum. I will check your PC.
hi
tried method 1 rebooted and worked perfectly. thanks for a great easy fix; the internet IS useful sometimes 🙂 woohoo
@anna
hi
even though you get the error do you still manage to access your computer after clicking ok to the error message? if so, this is most likely down to a remnant of the trojan still lurking on your machine. the good thing is the fact that it cant be found! try running msconfig from start->run going to startup tab and looking for anything relating to the name of the file. if you find anything just untick the box to disable it and then restart your computer. once it restarts just ignore the ms config utility message and tick the box to turn it off permanently.
hope this helps but im sure you will appreciate its hard to know when i have no idea about your computer 🙂
there…paid it forward (hopefully) lol
it is getting more sophisticated. your *.reg file is blocked. no *.exe files can be run. regedit cannot be run, even from a command prompt. no task manager. any executable file leads to a prompt, “what do you want to use to open this file?”
thoughts?
Thanks so much guys! Used option #1 and then ran MWB. Had to save both Notepad txt and MWB on a flash drive in order to run it! Tokk about 20 min.
“Caught” the malware through a fake Flash update on Firefox. Avira Antivir did not catch it.
Again, thanks for the help!
Doug, try method 2.
thnx workes brill
saved my computer
advised to use this
Great stuff. Thanks for being one of the good guys, Patrik. Nice to have you on our side! Of note for those who have disable .exe files after running the reg file, I had re-typed Notepad registry program and it disabled my .exe files. Not sure where my typing error was. I ended up copying and pasting and creating the reg file on a separate computer and using a swap drive to move it to my infected laptop. It worked after doing that. Currently running Malwarebytes and it has sensed 6 infected objects. If Malwarebytes fixes the problem, I may purchase it out of gratitude. Is it one of the better programs out there?
Bob, Malwarebytes is really good malware remover. Read comments in the Internet. But anyway, you should also have an antivirus.
I currently have officescan and ad-aware, both of which missed the XP Internet Security bug. I was thinking of removing ad-aware (currently free version with limited capabilities) and adding the Malwarebytes. Do you have a recommended antivirus program?
FANTASTIC. MANY THANKS.it took about five minutes to fix bit i had to use a second pc and download the fix then transfer to infected pc as xp defender pro blocked access to the net.a note of caution. i was running avg internet security version 9.008 and it got through.
Kudos! Thank you – it seems to have worked!
How on earth did I get this awful virus?
At your choice 🙂 If you want free AV, then try AVG, Avira, Avast. If want purchase, then try Kaspersky, Symantec…
I had a run-in with this malware earlier today, I got rid of it by using Spyware Doctor (I didn’t pay anything, it apparently just deleted it after I rebooted), and now that threat is gone. Unfortunately, now as I try to open processes such as Internet Explorer and Microsoft word, it says that the application can not be found. Is this what it means by using step one: \Repair ‘running of .exe files’\?
Emily, probably through an exploit in Internet Explorer or Adobe Flash Player or Adobe Acrobat reader. Update all of them now.
Chris, try repeat step 1.
Thankyou for your easy to follow instructions.
Wow! This worked really well! Thanks! 🙂
you guys are rock!!!
thank you so much!!!
This has been the second time that your website has saved my butt. You are a godsend. The internet can feel like a giant deathtrap sometimes; it’s comforting to know that someone is on our side. 🙂
I did everything this guide says to the very end But for some reason, whenever I search something in and click on it in Google or Yahoo, I get redirected to an ad website. Why didn’t Malware bytes get rid of ALL the viruses? And also, many of my programs cannot be found and/or need a program to run. Any suggestions? Help me please!
Chris, probably your PC also infected with TDSS trojan. Follow the instructions.
At first, I wasn’t able to open Firefox to reach your instructions – but by clicking on one of the no longer functioning programs, and accepting the instruction to look for the appropriate program on the web, I tricked the terrible XP Antivirus into letting me open the internet.
Apparently McAfee won’t fix this virus if you bought the individual version or the small corporate version of their software. You seem to need the big corporate version (mega-sized corporation) version! Since my 12-year-old son isn’t the size of a mega-corporation, your solution involving “fix.inf” was a very welcome rescue! However, the following day a routine Google search led to Colgate Ads, ads for antivirus software, and an apparent new download of the XP Antivirus monster! This second time I used the MalwareBytes program followed by going to Firefox’s Tools, then Options section, to tighten up popups, security, etc.
Thanks and XOXOXO to you!!!
Okay, I followed the instructions you gave me Patrik (thank you). And I have two more questions:
Do I try to delete the registry keys and values that the spyware creates, or does the Malware bytes get rid of it? And also, why are some of my icons on my screen not available when I click them and some require a program to open them (as if the programs were unknown to my computer). Did the spyware screw up my programs or what? Please answer both questions, thank you!