XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Hi
Had this virus on my wife’s laptop (XP cyrillic language version). Followed Patrik’s instructions exactly, and worked fine.
Updated Malwarebytes’ Anti-malware to latest version, and a quick scan found av.exe (ROGUE.Win7Antispyware2010) in [user]\Local Settings\Application Data\ and also found a.exe (Trojan.Hegeny) on the desktop. It also rectified three registry data items AntivirusDisableNotify, FirewallDisableNotify and UpdatesDisableNotify.
Whole clear-up took less than an hour. Now performing full-scans with Malwarebytes then Avast.
Her laptop uses IE7. Should I download Firefox and suggest she uses this instead?
Many thanks! Lamp
I went to TVShack.net & got Guardian XP 2010 Virus. Disabled my entire computer. I had to trick my way onto the interent b/c it disabled Internet Explorer. I called my Anti-virus/Anti-Spyware provider, Norton, & they wanted between $100 & $160 to fix. The information on this website is invaluble. Thanks so much.
Edward
-Staten Island, NY
I’ve followed the steps and now my pc work fine thanks for everything
seriously, this site has just saved me so much frustration it is unbelievable. thanks for all the priceless info you guys provide bc i am not computer savvy at all.
Thanks, it worked, 16-02-2010 I was infected by XP Guardian 2010. With your instructions is everything repared.
Ran MBM before I found your site. It removed XP Guardian but I couldn’t open any programs (.exe). Found your site and ran the registry fix but I get a message…”not all data was successfully written to the registry. Some keys are open by the system or other processes”. I clicked ok, rebooted and can open programs but not sure if I’m totally fixed now. Reran the fix and same result.
sorry. meant “ran Malewarebytes…”
Jeff, try disable you antivirus and antispyware and run the fix once again.
like so many before me, thank you VERY (x 100000) MUCH, Patrik!!
i was nervous about ‘doing’ my own reg file, but your instructions were clear and concise, exactly what a novice like me needed!
I’ve been updating my computer everytime, very careful, using firefox 3.5.7, however i got hit today when i visited pirate bay, i just was randomly searching for stuff, wasnt downloading, seeing if it was available. I searched vista basic and next thing i know i got the virus, it even disabled my antivirus (avira) ..
Seesh.. damn holes.. i thought this computer was updated to 3.6 evidently it wasnt.. now i got to back up and restore.. ugh! its a new varient, wont let malwarebytes run, even after taking out the registry
now to issue a bug report to mozilla.
Patrik, thank you so very much. You are not only a computer and tech genius, you have a heart of gold and give unconditionally.
Thank you not only for the fix – which worked beautifully but for you! 🙂
BTW.. I must have gotten to this quickly There were only 4 bad files found by Malwarebytes. It’s a horrible trojan malware but thankfully I knew it was lying malware from the start, so didn’t move around to much and closed all open windows and closed Firefox, reopened it with only enough tabs to search for how to remove it!
So very grateful I found your site.
Thank you again!
~Amy~
Changing mbam-setup.exe to mbam-setup.com – HOTTTTTTTTTTT.
Patrik – thanks that worked! Appreciate all the help – your fix got me totally back up and running.
Help! I do step # 1 but malwarebytes comes up with errors and file corruption and won’t load! I need help Pleaseeeeee
It says my file source is corrupted. I followed the directions and its not working…Please help me.
AJ, if Malwarebytes won`t run, follow these instructions.
Hey I can get my laptop in safe mode, but cannot connect to the internet, I also cannot do system restore or factory restore, any ideas?
Reeshimah, you have done first step ?
And you tried to use Safe mode with networking to download Malwarebytes ?
I appreciate the help offered on this website, but it won’t work for me, and have not located help for my issue elsewhere.
For some reason when I try to edit the registry I get a warning/error dialogue box that pops up and tells me that Registry Editing has been Disabled by the Administrator.
The problem is I am the administrator and I have configured the system profiles to not enable prevention of registry editing.
Talk about frustrating. Any help is appreciated. XP Guardian is a major pain – I feel like I’m being extorted here.
Wow! very easy to folow, thanks for making this so simple!
I followed the steps and Malwarebytes don’t find anything anymore, but my browsers are still crashing, I run the fix.reg one more time and nothing… am I doing something wrong?
I did everything mentioned here, finally got MBAM to work, got the log, the message that everything is fine now, and I restart my of and it’s there again. I have been trying to solve this for 3 hours now… Please help if you have any other way to get rid if this thing, I’ve tried everything here..
My pc, my iPod touch turned the word into ‘of’ , sorry.
Btw
I also tried the safe mode and everything,I am now running the full scan by MBAM and it found 1 infected item so far. Meanwhile paladin has installed itself again pretending to be avg antivirus performing a scan.then turning into paladin I now have some adult stuff icon links on my desktop and two paladin links.
Ok so I did step 1 and it says something about not being binary or something like that. Then I go and restart the computer it dosen’t show anything other than my desktop (with no icons or anything) and that annoying fucking virus. Someone please help me if you can.
got to say a big huge thankyou to u guys, it sure works, where would people be like me be without u guys… thanks
Andy, you have tried enable it back ?
Jorge and Juliette, open a new topic in our Spyware removal forum.
Eli, Once windows loaded, press CTRL + ALT + DEL. Task manager opens. Click File->new task. Type explorer.exe and press Enter.
Now try run Malwarebytes.
Thank You Very Much!!!
Any tips for to ensure this does not happen again?
Yes, Patrik. As far as going into gpedit.msc and disabling “prevent editing of registry” per instructions elsewhere on the internet. But still no luck. Once I actually got the reg fix file to run but as soon as I rebooted it was all still there. Looks like I’m gonna back up my computer and format now… Tired of dealing with this. If I could I’d probably kill the mofos who write this stuff…