XP Security Tool 2010 or XP Security Tool is an updated version of earlier appeared XP Internet Security 2010, which is a rogue antispyware program. Both programs are identical except for their names and partially modified executable files, which is necessary in order to remain undetected by legitimate antispyware and antivirus applications. As before, this malware uses trojans to install itself. When the trojan is started, it will download and install XP Security Tool 2010 onto your computer with your permission and knowledge.
During installation, XP Security Tool 2010 configures itself run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Immediately after launch, XP Security Tool 2010 will start to scan your computer and reports a lot of various infections that will not be fixed unless you first purchase the software. Important to know, all of these infections are a fake and do not actually exist on your computer. What is more, the rogue will also hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Security Tool 2010 is a scam and should be removed from your computer upon detection. Do not be fooled into buying the program! Instead of doing so, follow the removal guidelines below in order to remove XP Security Tool 2010 and any associated malware from your computer for free.
Use the following instructions to remove XP Security Tool 2010 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Security Tool 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Security Tool 2010 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Security Tool 2010. MalwareBytes Anti-malware will now remove all of associated XP Security Tool 2010 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Security Tool 2010 creates the following files and folders
%AppData%\ave.exe
XP Security Tool 2010 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
johnmalone, in the Save dialog you have selected ANSI in the Encoding field ?
just tried method 1 and then my firefox begins to work. Downloaded mbam-setup.exe and installed it. Now and I waiting for the scanning results. Works excellent so far. Saw purchase and register button at the bottom of the scanning screen. Do I need to buy this software to be able to delete the infected files it found?
Thanks.
Charly, you can remove any infections for free.
Hi People (Patrik in particular as ive noticed youve answered most peoples questions on the above posts!)
First of all – many thanks for the above steps of how to remove this rogue piece of anti-spywere as this has now worked for me as it is no longer present on my system and i didnt need to download the malware bytes programme either as the 1st of 2 steps you mentioned has reolved it – the only problem i now have is (and this is because im a total idiot) – is when i created the 2 files –
1)fix.inf and 2) fix.reg, i clicked on the fix.reg and clicked the ‘merge’ file option which came up with the message ” are you sure you want to add the information to the registry?” and clicked yes then rebooted my pc – so although the spyware has now gone – i now have the issue that when i try to open for example internet explorer or even an mp3 on my desktop – it comes up with the ‘open programme with’ diaolog as if the computer doesnt recognise how to open it up ? as normally if i clicked on either of them they would just load up accordingly – so i even when i click internet explorer for example – and it comes up with the ‘open with’ dialog, then i click on the internet logo it says the file cannot be found, so it seems that since i mistakenly merged the file – files and prgrammes will not open or load up like they normally would do ?
Is there any advice or anothe rpiece of registry info any one can give me to rectify this issue as its driving me nuts (all my own fault i know) but if any has any advice on this i would really really appreciate it :0)
Thanks
Si
In relation to my above post aswell – i forgot to mention – on my start menu when i normally select microsoft internet explorer – the only one im getting on the list is
”Internet Explorer (No Add-Ons)” so its not functioning correctly ?? Any ideas aswell on the above ?
Kind Regards,
Si.
Hi Guys,
I have followed the instructions for removal however when i open Internet Explorer i still get pop-ups even when this Program is completely removed. Any help will be much appreciated.
Thanks
I did Step 1 Method 1 and rebooted my computer… now I can’t open ANYTHING and I keep getting the error message “This file does not have a program associated wit it for performing this action. Crease an association in the Folder Options control panel”…..
Help! How do I fix this? (and still remove the antispyware…)
I have tried it and it worked, but the next day it came back. How do I keep it from coming back ever. I keep on getting these constantly and get rid of them, but they keep on coming back
Si, you need download and run Malwarebytes to remove XP Security Tool 2010 associated malware.
Ekrem, you need scan your PC with Malwarebytes Anti-malware.
Katrin, try method 2.
lindsey, looks like your PC is infected with a trojan that can reinstall the rogue. Open a new topic in our Spyware removal forum, I will check your PC.
I tried step 1 and it came up with “Registery Editting has been disabled by your Administrator. I’m on the administrator account on my PC. (There’s only 1 account)
I discovered this virus 5 minutes ago. Could the virus already have blocked off editting?
I have scanned my PC numerous times with Malware Bytes. I have done several quick / Full scans still pop-ups persist. I tried turning of System restore. Still getting pop-ups any help will be much appreciated.
I have the same problem as Lindsey have.. is there any way to complete remove this?
Thanks.
method 2 worked like a charm. thanks for the detailed write-up!
John, try method 2.
Ekrem, if the instructions above does not help you, then ask for help in our Spyware removal forum.
Hi – I have tried method 1 but get a an error some keys are open by the system or other process
Tried method 2 and an error – installation failed
Help 🙁
James, download exeHelper from here and save it to your desktop.
Double-click on exeHelper.com to run the fix.
Thank you!! Method 2 worked beautifully! 🙂
I’ve scanned, quarantined and rebooted without one “security” notification. Woop!
Thanks again!
<3.melissa
Thanks! I followed your instructions and it got rid of XP security 2010.
Hey guys, thanks a lot !! I was a little shocked when this happened. I thought running avast! would keep my PC secure, but guess not. Running step 1 and reboot seems to have cleaned up the obvious symptoms. Now doing step 2
It’s alright to go ahead and delete fix.reg once I’ve gotten rid of this crap, right?
Hi Patrik, thanks for getting back to me on this -as mentioned before the security tool thing is no longer existant on my pc which is good and i have follwed your advised in downloading the alti-malware software and i ran a scan as instructed on the software and left it running for a day and a half but if found nothing, so i just ended the scan then as surely if there was anything on it it would of found it by now surely ?
My main issue i have now is that when i load up internet explorer – it takes me straight to a blank webpage that says
” Internet Explorer is currently running without add-ons ”, and majority of sites i go on its constantly coming up with the message
” Do you want to allow software such as ActiveX Controlls and plu-ins to turn on, and wether i click yes or no – the message box will always appear again 2minutes later ”
I have even tried following the microsoft internet explorer trouble shoot guide and tried turning the feature on but im still having no joy as what i have stated above keeps persistantly happening ?
Is there anything else you can suggest that can help me with this ??
Many Thanks,
Si.
Henstington, yes, manually remove fix.reg.
Si, have you tried running it from the start menu instead of the desktop short cut?
unfortunately i see this helpful guide too late,i got this bloody malware and just got to format,the funny thing is that my sister got infected few days ago and i fixed his PC with no problems,but i have been infected with the new rogue and when i saw all .exes broken i panic.
I used method 2, then I downloaded the MBAM and installed it, but the .exe to excecute it dissapears so it doesnt run.. 🙁 any ideas ?
hey I did the 1st method first step, and the thing isn’t popping up anymore, but MBAM isn’t finding the files, any help?