XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
I got to the point where I could not do/open anything… until I changed “mbam-setup.exe” to “.com” That got it open! Amazing, simple “trick”. However, the quick scan was not checked and it’ll be running for a while. Thanks.
To solve the “binary” issue in step one: save the notepad file as:
File Name: fix.reg
Save type as: All files
Encoding: Unicode
I was getting the same error because my encoding was set to “ANSI”. Change that and it should work.
Bill
Got this internet security 2010 virus and all its cohorts and had to use a stick from another computer loaded with “stopzilla” in order to stop it. Now I can go online but this “stopzi–a” program wants cash to delete all the viruses. Do I need to delete this “godzilla” program before I follow steps above or do i just need to try to download mbam?? now that i can actually go online i am afraid to do anything but I am worried about this “stopzilla” thing just sitting there with a bunch of viruses lassoed in a bundle on my computer waiting for ransom to be paid. thanks!
Thank you, great website and easy instructions, will save this page for any future problems i may have. Once again A BIG THANK YOU!!!
Ever since copying the windows registry info into notepad and restarting my computer, I can no longer load up any web pages. I copied the anti-Malware program from another computer and it seemed to do the trick, no more xp guardian! It worked! However, it will still not load up any web pages for me. Just acts like I have no internet connection, even though the wireless is working fine and always has. Any ideas?
Hello Patrick. I am so greatful to have fixed the roblem with my Toshiba NB205 Virus. Thanx to you, I have a working laptop now. I would like to ask you though, “How did you come up with the text code, to fix the .exe files???” Are you a service technician?? And will this fix.reg also work for future reg problems. Thanz so much !
I made an error in the text. I typed
[-HKEY_CLASSES_ROOT\.exe} now I can not run any .exe files or regedit to fix the error. How can I correct this?
Patrick,
I have Eli’s problem re: the binary code issue when trying to run the fix.reg, when I hit the control/alt/delete command for windows and type in “explorer.exe” it sent me to “my documents.” Any other thoughts?
Thanks!
This works great, thanks! Only problem now is I can no longer access the internet. After re-setting my computer on step 1, internet will no longer work. Not sure why. Do I need to change back something to get things working again?
I fined the issue with a exefix_xp.com utility. Everything worked. Thanks.
1-2-3 Solution that works correctly. Thanks so much.
Hey, I run fix.reg, then I reboot, then I run MBAM but it doesn’t find anything. I can go on like my computer is fine but it randomly happens again and I can’t go on the Internet until I run fix.reg again and reboot. then I try mbam but it still finds nothing. Why won’t it find the problem so I can remove it!?
Thank you so much Patrik. I followed your directions for step 1, but after rebooting, had to rename the Malewarebytes .exe extension to .bat in order to get it to install. After installing and running the Quick Scan, it found and removed 4 infected files, including AV.exe. After rebooting, however, I had the same problem several others had with .exe files not working. So I downloaded the zip file from dougknox.com/xp/file_assoc.htm (recommended by Gary on Feb 13) and running the registry fix and rebooting again, everything seems to be working now. I spent about 2 hours in total trying to fix this… but it probably would have taken me days more if I hadn’t found your site. Thank you thank you thank you.
But you have merged fix.reg with Windows registry ?
Donna, you have tried to uninstall Stopzilla using AddRemove programs panel in Control panel ?
Sonny, try use WinSock XP Fix.
LoReNzO, the fix.reg only works with current trouble. If you need good protection, use an antivirus + an antispyware and an alternate browser (Firefox, Opera, …).
John, now no icons and taskbar too ?
Jolie, read above comment by Bill (February 20, 2010).
Zeke, open a new topic in our Spyware removal forum.
I picked up this little piece of malware while searching for local comedy clubs. Fortunately for me I have Google Chrome installed as well as IE and Firefox. Chrome allowed me to surf the web and find your solution, which I would like to add worked great. Instructions were clear and concise. You guys so ROCK!!!
I have Kaspersky Anti-Virus 2010 on my laptop… and XP Internet Security made it past that.
My Security Center in my Control Panel showed that both the Firewall and Internet Security were turned off… and whenever I clicked on either it brought up the XP Internet Security Icon in my taskbar (it was constantly feeding me false information, and that I had 29 threats). Thinking that this was Windows software, because my laptop hand some Windows Updates before I turned it off the night before… I bought the XP Internet Security Key to remove these threats. My computer seemed to be running fine for a few hours… and then I decided to check my email for confirmation for buying the program and never recieved any. I clicked on the taskbar icon for XP Internet Security… clicked on contact us… and then my Kaspersky Lab popped up with an alert that a trojan I believe was named Win32.FraudPack was a threat and needed to be blocked and deleted. I did so… and my laptop then froze. When I restarted, none of my taskbar icons came up… I could not do anything without and error message. I installed the fix.reg and was able to get back into everthing and I am currently running a full scan using MBAM. I hope that this completely removes this XP Internet Securty spyware. My issue now is that since I did purchase XP Internet Security (2 year Key)… and I used my debit card to do so… What should I do to block those charges and should I get a new debit card to block any other charges from the authors of this program?? My bank is a local one and my hands are tied until tomorrow morning since they don’t have 24 hour service… please answer and thank you!!
Call or go to your bank and tell them what has happened.
Thank you, Patrik…
My plan was to go to the bank first thing tomorrow morning and stopping payment ASAP…
I am also going to close that debit card and order another one…
I made the mistake of doing a full scan instead of the quick scan…
and its been going on for well past 2 and a half hours…
Will I still be able to delete everything associated with XP Internet Security by doing the full scan and will it still be free??
Thanks again for the helpful info…
This XP Guardian is a pain in my butt! I’ve downloaded malwarebytes to my desktop, but now it’s saying that Windows cannot open this file: mbam-setup.exe. What’s my next step?
Thanks
I finally got it to setup, but now I can’t run Malwarebytes…Please Help!
thank you so much for this! i would’ve been totally lost without this helpful information!
In searching for av.exe in the registry after doing the above fixes, I still find this setting referencing av.exe. What should I do with it?
Many thanks
Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Value:
“C:\Documents and Settings\Craig\Local Settings\Application Data\av.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
THANK YOU!!
This got the annoying virus away so quickly!
it had the easiest step by step and works perfectly.
It wont work xp stupid prtection blocks all internet acess so i cant get to the sight