XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Thank you. Hopefully there is a special place in heaven for folks like you, along with a place in hell for those that create these things.
I have Malwarebytes on my computer from a clean up last week, and this virus prevented it from running. The reg.fix step got it to work, and it is scanning to rid me of this pest now.
Spybot and Symantec and firewalls – blew right past them. Ran both a Spybot and a Symantic scan, showed nothing while the false warnings were popping up repeatedly.
Saw above a reference above to ThePirateBay…think that’s where I got hit, not downloading just looking over a page and WHAM
Hi Patrick
I got infected with XP Guardian yesterday and tried to follow your steps but could not do run,Command as it said it was not allowed.
I then tried the Mcafee scans and it said it had found a problem and would delete but now my computer just wont restart.
It will come on and go through the windows 2000 page then just as it is about to log in it will switch itself off and start again.
Can you help please?????
productofnoise, “full scan” is ok too 🙂
Chad, if you have done first step and still Malwarebytes won`t run, then ask for help in our Spyware removal forum.
craig, if Malwarebytes have not fixed it, then manually open HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command key, and change “@” value to C:\Program Files\Internet Explorer\iexplore.exe
Jared, download Malwarebytes to another PC, then move this file to your computer using a flash or cd disk.
Kayvan, you have tried to boot computer in Last good configuration ?
It isn’t a big help, but for some “versions” of this virus, if you rename the install file AND the actual file you run of mbam to “IEXPLORE.EXE” it will let you run it, instead of posting a false hijacked file. I had to do this to mine to get it to run.
Also, just random note, if people are manually closing processes and the Ctrl+alt+del is not working, ctrl+shit+escape should still work.
Hi Patrick
I just switch it on and it gets so far but keeps switching off and on.
How would i go about booting it in last good configuration?
Just throwing out a huge THANK YOU for this guide. It worked perfectly! That is a nasty little virus.
Was able to get rid of it with the instructions above. However, it should be noted that you’ll need to use that reg fix once for each profile on the machine… otherwise other users won’t be able to open any executables.
Does anyone know where this thing originated from or what sites it may come from?
Mate you are an absolute legend, the second time I got infected with this, first time cost me £30 to fix, because I didn’t know of this site. This has gone straight into my bookmarks just incase, and have saved the fix.reg file onto 2 USB sticks 🙂
I LOVE YOU!
our central pc contracted this virus and my son thought it was legit and went ahead and paid the money…my question is, does this thing go away…or does it pop up again in 24hrs asking for payment again?
Help! I tried the run fix.reg which I was able to get on my desk top however when I clucked on it, an admistrator window popped ip saying I have no admin rights? With my name and someone else’ s I didn’t recognize? I then tried to download the Hijack this. But it doesn’t let me do a run as? I dint even see a run as option?
I have norton my laptop and I’m not sure how I got this viroid if I’m protected? How does that happen?
Thank you Patrick.
I tried the above and had trouble downloading Malware and its updates.
The simplest procedure seems to be to restore your computer to a healthy point in time and THEN download the software necessary to clean out the cretinous crap.
If these guys aim to collect money surely they are traceable
There should be a class law suit against this bitch XP Guardian 2010 and get them into jail.
Kayvan, follow the instruction: How to reboot computer in Safe mode with one different, you need select “Last good configuration” in boot menu.
Ritchie, if you have purchased the rogue, then:
1. contact your credit card company and tell them what has happened, ask for chargeback
2. Use above steps to remove the fake antispyware from your PC
Luz, ask for help in our Spyware removal forum.
Patrik do you know of any of the “legit” sites that have passed on the Trojans that cause this mess?
Hi, just wanted to say thank you so much for these instructions. This worked perfectly and saved my work computer from being eaten up by rogue monsters which would have disastrous. Crisis averted! Thanks again. 🙂
Patrik do you know of any of the “legit” sites that have passed on the Trojans that cause this mess?
I was hit with this severely a few days ago. I installed/ran the fix.reg and the Maleware application, which seemed to remove it.
It came back.. There is an icon for it in the control panel that wasn’t caught or removed.
I set the system restore to a month ago. The control panel icon is still there. Should I just keep restoring back to earlier dates?
Suggestions?
Thank you
Followed each instruction carefully, and got rid of this nasty little sucka! something seemed really fishy with the whole thing right from the ‘beware people stealing your credit card details’ stuff – yeah there is…..you!!
Thank you!!!
Hi, every time I try step 1, and I try to reopen the saved fix.reg, it just opens it up displayed in notepad… no yes button to click or anything. What am I doing wrong? I saved as,
File name: fix.reg
File type: All Files
And the last part I tried all of them… please help!
managed to get rid of the virus by following instructions, (spent the whole day trying to remove it earlier but failed as McAfee wouldn’t remove it!) but this worked. thanks a bunch! 🙂
Wow! Thank you! Quick and easy to understand! My popups stopped immediately after I rebooted! Now running malware! Thank you thank you thank you!!!!!
Patrik, I ran step one, but when i tried to reboot I cannot get explorer to start. any program I try to start, it asks what program to use to open it. Tried running fix several times to no avail. Last configuration also failed. cannot open regedit in run box. Please help.
I completed the first step, rebooted my computer, and am now able to open of firefox. I downloaded the MBAM spyware, and I have mbam-setup on my desktop. However, when I try and double click to open it, nothing happens. Anything I can do?