XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Youse guys are de bestest ever. McAfee let this crap right on thru and locked me out totally. Fortunately, I had anutter puter n could git-er-done by cut-n-pasten the instructions to my broke puter. So THANKS … good job. rj
This worked for me, but I had to do one more thing. The Start Menu icon for IE had been changed by the virus as well. The setting for that resides at: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command. I just changed the default value back to C:\Program Files\Internet Explorer\iexplore.exe and all was good.
Hey guys! I did system restore as soon as it all started and seemed to have worked flawlessly. DLing this program to protect in the future. Haven’t used it yet, so can’t say if it’s helpful or not, so wish me luck.
So I did step one, everything seems to have worked except that my computer no longer regonizes ANY .exe file. Even when opening explorer or add/remove programs WinXP has me choose from a list of programs. This happened after the registry change, and I am 100% lost.
Chris, you need repeat first step.
Thank you so much! Your instructions were very easy to follow and the computer is back to normal.
Worked great thank you
I should also say that I’ve used Malwarebytes in the bast and it’s always been a lifesaver
Very2 useful. Thanks
thanks for the guide sorted this problem out straight away all is well for the time being i’ve gotten rid of every file that it made. hopefully this won’t happen gain bookmarked this page incase and sent the fix.reg file and mala to my usb just incase, thank you very much for this guide everyone 🙂
-Metal
I’ve done all this – but now every time i click onto any .exe file apart from installers and the internet, the whole pc crashes and then restarts!!!
HELP!
Hi thanks Patrick I keep getting it and I know how to remove it but I keep getting it can you help me to prevent it
You guys are worth your weight in gold. I spent almost 8 hours trying everything I could think of to fix the problem. I come across your website… done in minutes. A huge thank you.
You are the man…
I think I did it. The icons are gone. Pop ups seem to have stopped. I’m going to try the malwarebytes to be sure.
I sure would like to catch up with the guy that created the total xp security!
Thanks man!
Thanks. It worked for me. I installed the fix.reg program and it did not come up after I rebooted. Thanks again.
Worked brilliantly, what a great site, thanks! It’s good to know there’s someone I can trust
gallefray, start a new topic in our Spyware removal forum. I will check your PC.
Luke, if the above instructions does not help you, then ask for help in our Spyware removal forum.
I used the first one the fix.reg and it worked great! Ive been at this for 5 hours and i finally got on and looked at a few web pages and this by far was the best! Thank you so much for the advice and very very great details! The only thing i think someone should do is to be able to block that kinda stuff from happening! That is the dumbest thing ever invented lol, so if anyone ever does come up with a resolution for it plz post and i will follow them instructions to lol! Thanks again
OMG!!
I just wanna thank you for saving my laptop!!
Seriously,Anti-Virus like McCafee and others are just some bull…the best savors are people like you who know what to do!!
thank you again!!
…used the 2 Method.
Received the virus just a few days ago, though my internet knowledge-lacking mother decided to ‘buy’ it. Any tips of where to go from here? I Haven’t found any solution on the internet as of yet, any help would be greatly appreciated =]
I followed the first two portions of the step and worked great. Once I run malware it did run for 3 hours, froze the computer and now it is frozen. I unpluged and pluged the computer back up a couple of times and it is still frozen. I can’t do anything. What should I do?
George, you can`t boot your PC in all modes, including Safe mode and Last good configuration ?
i have clicked on run, typed command and enter, and thats as far as i have got. waited 10 mins but nothing else has happened. dont know how u are supposed to type nopepad when you have already typed command??
help please anyone
It worked. Thanks!
Natalie, once you have typed “command” w/o quotes and pressed Enter, your computer should run command console (black window). You need type “notepad” w/o quotes into it.
Wow this thing was nasty, your fix worked though. I had the .exe problem too but when I shut down and rebooted it went away. I had 4 different versions of this little basterd running at once. Bad. Some things I learned from this:
1) You can shut off the popups by terminating the processes AV.exe and AVE.exe and similar from the CTRL+ALT+DEL Task Manager. It doesn’t reapir your system but at least you can work without popups driving you crazy.
2) I was able to start Firefox and connect to the net by clicking program tab off the Start –> All Programs menu. It never worked from the desktop shortcut. It worked intermittently from the Start menu, usualy after several tries. Give it a try.
3) This things loads through JAVA probably as an applet. About 5 minutes before it struck a little JAVA box opened on me and flashed a couple times. I suspected I was in trouble when that happened and sure enough I was. Maybe that will mean something to somebody who knows this stuff. If you see that maybe try to disconnect from the net before it fully loads. Might work but I don’t know.
4) The thing gets worse if you shut down after you get it. Most everything still worked on my system until I shut down and rebooted. Then it was gridlock after that.
DO NOT SHUT DOWN
If you get this virus. Stay running and kill the thing while you still have some function. Do not try System Restore, it doesn’t work for this one.
Thanks for the help Patrik and good luck everybody.
Natalie-
I had a problem with that too. The virus locked that window up and wouldn’t let me enter any text there. Down in the bottom left of the screen click the green button Start –> All Programs –> Accessories –> Command Prompt.
You’ll get the same little black window except you’ll be able to use it to do the job. Follow the instructions from there. No guarantees but It worked for me. Give it a try.
I got infected with this some time ago, but I removed it the following day. What I want to know now is: How & CAN I get my money back? Sorry if this was mentioned before, I just do not have the time to read everything.
Anyway, anybody that has the answer is welcome to e-mail me. Help me, please~!
I sent my computer in ot be repaired, but if I found this, it would of helped Thanks!