XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
I tried it, but the fix did not ask to reboot my PC… did i do something wrong?
Also, I had Malwarebytes on my PC, it found nothing – I’m doing it again to see if anything shows up…
hats of to you…your instructions were clear, lucid and most of all very effective…I was puzzled with this problem for the last two days..your solution was very handy..thank you very much
Look like i got the malicious av.exe thing as well from a dubious site i entered by accident. I had Malwareantibytes already on my computer but i couldnt run it any more… AVG didnt find any thing. Couldnt run IE and Firefox and get mention everytime i open an .exe file. Chrome is imune though it seems. Did step 1 and now i can at least run malware again. I updated and selected ‘full scan’ might as well let it scan everything. Now its doing that. I ll report again if things don’t work out.
update….. Looks like it worked!
I think it worked.
I executed step 1, already had malware. Updated it. I initially started with full scan but this lasted really long so i switched. Lasted 10 min or something. Found 8 infections not sure if all were related to the av.exe. I deleted them all and now it seems to be gone when i open IE or Firefox or an .exe file so thats good.
Tx!!
Sorry for the spam i forgot.
What to do with the fix.reg symbol on my desktop can i safely delete it/ relocate it or should i leave it there??
Hi Patrick , if I just buy and install webroot with Antivirus, and do a full sweep… Will this fix the fake ware/ Mal-ware?? And will Webroot also fix my registry problems?? I have that program on my desktop, just not on my Toshiba NB 205. all that I have on my netbook now, is the Norton 360, which failed to detect ANY malware. Please help me! Thank You, and I enjoyed reading other pple comment about you. ^_^
John, got to step 1, reboot your PC. If Internet is unavailable, try reboot your PC in Safe mode with networking. In this mode try download Malwarebytes. Also you can download Malwarebytes to another PC and copy it to infected computer using a flash disk or cd disk.
Joey, yes remove this file.
LoReNzO, probably yes.
Thanks Patrick! I was able to remove the malware , with Webroot Software, but now I cannot open any .exe file. Do you recommend a good web site or procedure to roll back the registry or maybe help me to do a Restore to an earlier date b/c I cannot even do a system restore now… b/c it does not open in the conrol panel when I click restore… Says Windows cannot open the dll file, … And now my webroot software won’t open b/c it’s a .exe file. This all had happened earlier tonight after I ran a complete sweep with Webroot 6.1.0 (build 145). And I re- started the computer after and it removed the mal-ware… but now all the executable file won’t work…lol… And I’ m takin a break from it tonight and watch some TV… Maybe tommorow I’ll mess with it again… Just can’t wait to get the OS back. One things for sure this Virus is a Bitch!
LoReNzO, go to Step 1. Repair “running of .exe files”.
When I load my laptop I cannot open a internet browser to download malwarebytes the tabs on the bottom of the screen ie “start button ” does not appear just the xp guardian pop ups and my virgin antivirus – I have tried to transfer files over with a pen drive but it does not recognize my flash drive –my named accound is infected but the guest account on my laptop is fine, I can access the internet and there is no xp guardian why is this? Can I complete step 1 and step2 on this? can someone help Thx in advance
Hello everyone.
quick question when it says ‘reboot your computer’ does it mean just restarting or full rebooting? please help asap
Click Start, Turn Off Computer, Restart.
Thanks Patrick.
Another question do you think the software Spyware Dotor is good?
And this software that we have downloaded is it a tiral version or 1 year?
im stuck
i’ve done until rebooting…but just when i’m about to turn off, a screen pops up saying the program can’t be ended. click end now ( but some files won’t be saved) it says something like that.
now what do i do?
i did end now, then did step 2 right tillt the end…but when i restarted after scannin, deleting all the infections….the xp guardian is still not gone
Please open a new topic in our Spyware removal forum.
how do i complete step 1 and step 2 when i cannot open command for the the notepad or internet browser thanks
I just removed virus XP guardian 2010 today by following the above steps ..Thanks it worked !
god bless this website – its been over 72 hours and i finally solved it due to not being able to access my desktop! can i just delete the fix.reg file and uninstall the antimalware now? thanks for any advice
It really does work. If you follow the instructions correctly, it will remove the virus. Thanks a million and no more new porn sites for me. My usually 2 will do. 🙂
Thank you for the help. The first step was not working for me but i rebooted my lappy anyway & continued on & it seems to have worked. I found that if I kept clicking the FireFox icon loads that eventually it opened even though it kept saying it had encountered. also I found that my Chrome browser was not affected by this spyware. Thas how i was able to find this page & fix the problem.
Thank you very much for helping.
You are the BEST :)))
thnx a lot man
Excuse me, after i’ve done all the instructions, i cannot open .exe files like firefox, cmd.exe or internet explorer and so on. What do i have to do, please i do need help.
One other thing, i gotta say that till this moment i don’t see xp guardian anymore, so that works but i must open my program files to.
Worked perfectly and in <10 minutes. Thank you very much!
I was successful at removing XP Internet Security, but now I can’t open any applications because the file associations were deleted. The system asks me to choose a program to open the file (which it does on everything I try to open) when I double click on fix.exe. What program should I use? I also can’t get into msconfig because there’s no file association with that either. Thanks for your help!
Sékou and Ken, try run fix.reg once again.