XP AntiSpyware 2010 also known as XP AntiSpyware, XP Antivirus Pro and XP Antivirus Pro 2010 are names of one program, which is a rogue antispyware application. It is promoted and installed with the help of trojans. When the trojan is started, it will download and install XP AntiSpyware 2010 (XP Antivirus Pro 2010) onto your computer.
During installation, XP AntiSpyware 2010 (XP Antivirus Pro 2010) will configure itself to run automatically every time when you run any program that have “exe” extension (99% of Windows applications). The rogue also uses this method of running to block the ability to run any programs, including antivirus and antispyware applications.
When XP AntiSpyware 2010 (XP Antivirus Pro 2010) is started, it will perform a system scan and detect a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display various fake security warning and notifications from Windows task bar that have “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake and like false scan results should be ignored.
Last but not least, XP AntiSpyware 2010 (XP Antivirus Pro 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP AntiSpyware 2010 (XP Antivirus Pro 2010) is created with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Remove the rogue from your computer as soon as possible. Use the removal guidelines below to remove XP AntiSpyware 2010 (XP Antivirus Pro 2010) from your PC for free.
Use the following instructions to remove XP AntiSpyware 2010 (XP Antivirus Pro 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Click Start, Run. Type command and press Enter. Command console “black window” opens. Type notepad as shown below
Command console
Press Enter. Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
You will see window similar to the one below.
Notepad
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.) Double Click fix.reg and click YES for confirm.
Reboot your computer.
Step 2. Remove XP AntiSpyware 2010, XP Antivirus Pro 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for XP AntiSpyware 2010 (XP Antivirus Pro 2010) infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start XP AntiSpyware 2010 (XP Antivirus Pro 2010) removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
XP AntiSpyware 2010 (XP Antivirus Pro 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP AntiSpyware 2010 (XP Antivirus Pro 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
It is possible that these pieces of malware may have done a stealthy Conficker installation. If any users out there even suspect that may be infectd with Conficker, I would head over to the sophos.com page and poke around for their free Conficker removal tool. It works a charm and it’s completely free.
WOW, I have been messing with this virus for 2 hole days, IT WORKS !!!! amazing, i was really starting to freak out. Great job.
wow you guys are amazing my wife just about killed me because she swore i was looking at xxx and got this malware virus on the computer lol thanks guys it worked perfect!!!
Thank you! thank you! thank you! This worked. We have the best McAfee security. McAfee recognized the trojan had tried to get through, said it had gotten rid of it. It did not.
What a nasty virus !! It wouldn’t let us access internet. Lucky for us, we had access to more than one computer system, so were able to get internet… and thusly your fix.
THANKS!!
I posted a comment to this thread yesterday but it’s (along with ~50 others) gone now… bummer!
I have this virus and I tried creating and running the fix.reg file mentioned in step 1. Even after I ran the registry import, when I rebooted I still cannot get past the virus to download anything. I cannot access my start menu, no task manager, or anything. In safe mode, it tells me that system restore has been disabled by group policies, and I can’t access my c:\ or USB drives.
I tried to find the entries listed in the registry, none are there as listed (possibly removed by the fix.reg. The only file I can find is av.exe in the c:\windows\system.
Any thoughts? I also posted this question in the forums, but my post isn’t there today either… not sure what happened..
Any help greatly appreciated!
When I double click on fix.reg I get a error that ‘Registry editing has been disabled by your administrator’.
Darla, try the following:
Please download OTM by OldTimer from here.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:reg[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=-
Click the red Moveit! button. When the tool is finished, try run fix.reg once again.
Worked like a charm. Now I can apologize to my teenager! Thank you!!!!!
You are my hero!! I have been trying to figure out what to do…great comments about using google chrome to break through the internet lockout from this virus! i think my netbook is fixed! Thank you thank you thankyou!!! Che’
Great advice thanks. Problem is the spyware somehow caused stuff like itunes to not open and my adobe files to get deleted. What do I do after I get rid of the virus?
Had this twice, once from a live cricket stream and once from a film on Tudou – major panic when nothing worked, but found a quick fix:
1.Internet off
2.Open WinPatrol – select active tasks
3.Kill task “av.exe” or similar (would probably work with taskmanager but not tried it)
4.Run Spybot Search&Destroy
5.General AV cleaning
Still bothered that AVG free not catching it and will need to check registry, but the fix did work for a good while.
Zack, you can also check you PC using an online scanner.
Absolutely speechless. This is fantastic and the best post ever made abou this spyware. God bless you and I love you to the max. It really works like magic. Stay blessed
When I tried to run fix.reg I get the following: Cannot import c:\…fix.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor.
Any thoughts or help.
Thanks – Brian
Patrick – I recreated fix.reg and it worked. AOL is still working on my computer. Can I move to Step 2 and download the MalwareBytes program before I reboot my computer? Is the reboot necessary if I am able to download and install MalwareBytes, or can I run it once I have downloaded it and installed it, without the reboot?
Thanks – Brian
when i try to run fix.reg it says the specified title is not a registry script. help!!
Brian, check the fix.reg. Looks like you have skipped first line.
Thanks for the response- I did skip the first line, edited the file and it ran successfully.
A quick follow-up – AOL is still working on my computer. Can I move to Step 2 and download the MalwareBytes program before I reboot my computer? Is the reboot necessary if I am able to download and install MalwareBytes, or can I run it once I have downloaded it and installed it, without the reboot?
As a side note, I can actually get programs to fuction on my computer by starting the program a second time and then ending the ‘MSASCui.exe’ process with Task Manager, even IE with internet access.
Thanks again! – Brian
Brian, yes you can use Malwarebytes without the reboot.
dan, fix.reg should have “Windows Registry Editor Version 5.00” in first line.
Patrik – the Malwarebytes fix worked. Very easy to complete after re-naming the (exe) to (com). Thanks for all your help. – Brian
When I Save As All Files “fix.reg” using the notebook application, the only thing that seems to happen is the Notebook application opens the “fix.reg” file. Is it supposed to be an executable program updating the registry?
Just used your fix, worked great. I had tried a couple of other fixes to no avail. Thanks for the fix.
I have done everything and I think it worked. Just one question – does it matter that the MalwareBytes software only found only 5 infected files? I know it is stated in your guide how the results may differ from your scan image, but your images shows loads more infections than mine. Just wondering.
Cheers 🙂
Rob, its ok 🙂
Thanks so much for this info. I thought my computer was done for. The virus was starting to cut off my internet. Your fix worked perfectly and was very clearly described! Thanks so much!
I have checked the site, but to be able to get rid of the xp Anti virus thing, i need to download something – but i dont have access to the internet in the first place to get rid of it,
Please tell me if there is another way round this?
Thanks
Kai, do first step, the reboot computer and try download Malwarebytes.
if you go into task manager and end the process av.exe it gives you temporary controll of programs… right click internet and select start if its there, if not then click open… do not just left click on internet… continue endtasking the av.exe while you use the internet, and you will be able to access web pages
I did the registry fix as mentioned above, restarted the computer but now do not have access to my C Drive/program files. The fake antivirus is no longer on the taskbar but now I can’t get to my C drive help!