Total XP Security is fake security program, that also known as rogue antispyware application. The software is a new clone of XP Internet Security 2010, which is a rogue too. Nothing new here, Total XP Security is promoted and installed through the use of trojan. When the trojan is started, for some time it itself does not manifest, thus hiding the web site with which it entered on the computer. A few minutes later, the trojan will secretly download and install the rogue onto your computer without your permission and knowledge.
During installation, Total XP Security will configure itself to run automatically every time when you run any program that have “exe” extension (99% of Windows applications). The rogue also uses this method of running to block the ability to run any programs, including your antivirus and antispyware application.
When Total XP Security is started, it will imitate a system scan and report a variety of infections that will not be fixed unless you first purchase the software. Of course, this is a scam, because the rogue is unable to detect or remove any infections. Important to know, all of these infections do not actually exist on your computer, so you can safely ignore them.
While Total XP Security is running, you will be shown nag screens and fake security warnings from Windows task bar. The fake security program will also hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
Obvious, Total XP Security is the program, whose presence on the computer is not desirable. It is created with one purpose, using deception and threats to force you to open your wallet and pull out the money. If your computer is infected with this malware, then most importantly, do not purchase it! Remove the rogue from your computer as soon as possible. Please follow the removal guide in order to remove this Total XP Security and any other associated malware from your computer for free.
More screen shoots of Total XP Security
Use the following instructions to remove Total XP Security (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove Total XP Security associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Total XP Security infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Total XP Security. MalwareBytes Anti-malware will now remove all of associated Total XP Security files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Total XP Security creates the following files and folders
%AppData%\ave.exe
Total XP Security creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Whoever figured this out…you’re a life saver! I had gotten rid of the files that sat under the “%ueraccount%\Local Settings\Application Data” but Malwarebytes (which had been installed because of an earlier virus – AntiVirus XP 2010) still wouldn’t run. I ran “Method 1” and after the reboot, my antivirus came right up and I was able to update and run Malwarebytes. Thanks a ton!!!
my laptop freezes on the welcome page. I can only boot smoothly through safe mode. Can I do thris through safe mode?
charlie, yes, you can use Safe mode too.
I am infected with the Total XP Security. I try to shutdown the computer and it stays on the computer is shutting down screen. I have to manually shut down. I tried to transfer the fix.reg and inf via a thumb drive but the usb ports will not recognize my thumb drive. I burned the fix.reg on another computer to a CD rom put it in the virus computer and ran it from there. Tried to shutdown again and no dice. I was able to run Malware and it removed the files and allowed my computer to shutdown and now the USB ports are working again. This was a bugger of a virus. Thank you. You saved me.
Hi!
I also have a problem with this virus. I followed the description but when I want to doubleclic the fix.reg I get a message that the process of the registry is deactivated through the administrator. But I am the administrator.
What can I do to solve this problem?
Sora, try method 2.
Great work, thanks for posting, its a bugger of a trojan
Hi, I ran Method #1 and seem to be okay, but assumed (correctly) that MAB is an app that is not free. I’m on a work computer and cannot pay to install anything here. I’m re-running their up-to-date copy of ‘Microsoft Security Essentials’ (which found no threats earlier, when I definitely had a problem). Do I need to do anything else, and can I now trash that fix.reg file? I can’t let the employer see it.
Thanks!
Hi, I’ve managed to run Malwarebytes, when it finishes scanning I click OK, but before I can click “Show Results” the program closes.
After a few tries of this, the computer just stops responding. Please help!
Pete, yes you can remove fix.reg. And MBAM is free to remove malware, but you need purchase the full version if you want enable the auto-protection module.
Hugh, try run Malwarebytes from Safe mode. If it does not help, then ask for help in our Spyware removal forum.
I am not IT savvy. I have this virus. What command do I type in the Start, Run field? thanks
Robert, click Start button, then select Run option.
Type
commandand press Enter. Then follow other instructions from first step above.Thanks a ton, you save everything on my computer, they are heaps of my memoried photoes in it. This is very helpful and very smart. Wish you all the best.
very nice thing dear
I got my solution and save my window to do format
Thank You!
Thank You!
Thank You!
When I try the first method it tells me that editing the registry has been deactivated. When I try the second method it tells me that the installation has failed. And Malwarebytes won’t even run now. Any ideas?
Carl, please download exeHelper from here and save it to your desktop. Double-click on exeHelper.com to run the fix. A black window should pop up. Press any key to close once the fix is completed. Once finished, try run Malwarebytes.
I used method 1 and it removed the program the only thing is it has also wiped out all my other exe files and I cannot even run my system restore or my internet.
Now I have to take my computer to a tech to get him to fix it. This is a real bummer
Christine, try method 2.
I had my user shut down his pc and restart Windows XP in safe mode [NOT safe mode with networking]
then go to start – all programs – accessories – system tools – restore point
select to restore to a previous point
select a date several days before you began having this issue
follow the prompts and once it finishes and restarts you are good! However, in our case the user was running an older version of Adobe Reader [version 7] and it was found to have security holes. They received a PDF attachment and got this issue.
Updated Adobe Reader to the newest version and all seems to be good now.
Good Luck! Maybe I just got lucky, but this process was quicker and less painful than having to do all of the above listed steps.
I never bother to leave comments but i felt i had to with this virus i was ready to kill the computer itself…THANK U soooooooo much… i tried to be smart and skip straight to the malware and i can tell u not to waste ur time… followed method 1 and then did things right and bobs ur uncle worked perfectly!!!
Thanks a ton, method 1 worked like a charm!
thanks a lot I have the same problem and it helps, but… not yet healed completely. after the thinking that I have won the game against the total xp security, I found myself facing a giant problem: a so-called smlmmh.exe(wich have no trace on the net) had appeared and it refuses to move away, it keeps replacing itself in %temp% whatever how you delete them, and it cannot be delete from the regedit, also it keeps making message box that says error:can’t write on adresse xx0011 something like that with 2 options: ok and annuler and it keeps appearing whatever your choise was. other messages box caused by the smlmmh.exe may appear from time to time (after hitting ok or cancel many times) says that it caused a fatal error and must be closed. I flew from happiness the first time I read it but…It doesn’t seem to be closed it keeps appearing again and again.I hope you can help me defeating the malchious processus. thanks alot.
Method 1 worked EXCELLENT.
Thanks a lot!!!!!!!!!!!!!!!!!!!!!!!!!
cant these files be deleted instead of moved to quarantine ?
Luka, yes, you can remove all quarantined files.
Thanks alot mate, weve had multiple versions of this virus within our company the last one was XP Internet Security 2010, and this has fixed the issue!
Thank you so much. Method 1 followed by the Malwarebytes scan worked perfectly. Your assistance is very much appreciated!
Hi, I’ve used Method 1 which has stopped the pop-ups but I still can’t get online so can’t download the Malwarebytes. I can get online using my laptop, is there any way to save it and copy to PC?