Total XP Security is fake security program, that also known as rogue antispyware application. The software is a new clone of XP Internet Security 2010, which is a rogue too. Nothing new here, Total XP Security is promoted and installed through the use of trojan. When the trojan is started, for some time it itself does not manifest, thus hiding the web site with which it entered on the computer. A few minutes later, the trojan will secretly download and install the rogue onto your computer without your permission and knowledge.
During installation, Total XP Security will configure itself to run automatically every time when you run any program that have “exe” extension (99% of Windows applications). The rogue also uses this method of running to block the ability to run any programs, including your antivirus and antispyware application.
When Total XP Security is started, it will imitate a system scan and report a variety of infections that will not be fixed unless you first purchase the software. Of course, this is a scam, because the rogue is unable to detect or remove any infections. Important to know, all of these infections do not actually exist on your computer, so you can safely ignore them.
While Total XP Security is running, you will be shown nag screens and fake security warnings from Windows task bar. The fake security program will also hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
Obvious, Total XP Security is the program, whose presence on the computer is not desirable. It is created with one purpose, using deception and threats to force you to open your wallet and pull out the money. If your computer is infected with this malware, then most importantly, do not purchase it! Remove the rogue from your computer as soon as possible. Please follow the removal guide in order to remove this Total XP Security and any other associated malware from your computer for free.
More screen shoots of Total XP Security
Use the following instructions to remove Total XP Security (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove Total XP Security associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Total XP Security infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Total XP Security. MalwareBytes Anti-malware will now remove all of associated Total XP Security files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Total XP Security creates the following files and folders
%AppData%\ave.exe
Total XP Security creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Method 2 (not 1) followed by Malwarebytes worked. However, it had changed the firewall and virus monitor settings in the security centre – suggest that anyone with this problem checks all of the security centre settings as well, and make sure the security centre is running.
Method 1, did not work for me.
Method 2 kicked ave.exe ‘s ass.
From infection, to research, to this page, back to normal…. 4.5 hrs.
Thanks you!
Rhonda, try the following to repair your Internet Access.
Click Start, Run, type regedit and press Enter.
Registry editor opens.
Navigate in the left panel to HKEY_LOCAL_MACHINE \ SOFTWARE \ Clients \ StartMenuInternet \ IEXPLORE.EXE \ shell \ open \ command
I the right part of window click twice to “@”. You will see a screen with the contents like below: “C:\Documents and Settings\user\Local Settings\Application Data\ave.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
Remove left part, leave only “C:\Program Files\Internet Explorer\iexplore.exe”.
If it does not help, then download Malwarebytes to another PC, then move it to your infected computer using a flash or cd disk.
Gees that pi**ed me off got it sort guys!!
Dont know why my Mcafee did poo!!
10/10 for this site,
1st– i did ‘Method 1’ which stop the annoying fake warnings, feewwwwwwyyyyy
2nd– downloaded the listed ‘MalwareBytes’ software, installed/upated/ran scan, found 7 naughty files 🙁 then click ‘delete’
woooooooohoo problem gone, now i can go 2 bed!!
THANK YOU AGAIN, peace out 😀
THX! YOUR AWESOME , it worked wonderfully! TY TY TY TY
OMFG THANK YOU i thought that my pc was fucked then i thought of why it wouldnt let me search on explorer luckly i had 1 page open from before it came up and i opend a new tab looked for help then this site came up i pondoured for 10mins should i follow the instructions then i finally did and now iam saved you guys are now just one of the websites that ill recomend to my friends THANK YOU!!!
Tried both neither worked. BTW I am the stupid idiot that already paid the total xp security. In dispute with my credit card company now. But I tried method 1 and 2. Method 1 says registry error and I cannot import binding files. Method 2 says installation failed. Any ideas in this one??
Thanks guys saved me a lot of hassle. Method 2 worked great
meisha, try method 1 once again.
1. fix.reg should have “Windows Registry Editor Version 5.00” as first line (w/o quotes)
2. in Save dialog you need select ANSI in the encoding field.
I have to say Thank GOD for this website and for you all I thought I was going to have to get a new computer it took me a while but I used method 1 and then I ran the MalwareBytes Anti-malware (MBAM). At first my computer would not let it download but I kept trying different sites and the anit-malware got all of the virusus off of the computer thank you sooo much!!!!
This is distressing. I click Start, Run. Type command and press Enter. Then get a message: ‘Attempt to access invalid address’. It will not bring up the command prompt window.
I also launch the Malwarebytes program and went through the install process. When the program tries to launch i get a message that it is unable to execute file mbam.exe.
Is it possible that the Total Xp is blocking both of these things??
Help! the mbam.exe file is not even in the program file for the Malwarebytes files I stalled. Did the damn Total XP block it?
Kirk, looks like your computer is infected with Vundo trojan. Open the instructions and follow the “Malwarebytes Anti-malware won`t install or run, it displays a code 2 error box” steps.
Thank you so much im not sure how on earth this total xp security got onto my computer i use the the default windows firewall and AVG is there any thing you can recommend me getting to keep my computer safe for gaming and web browsing, thanks a lot i was really destroit when this thing just keep taking over 😀
I’m attempting to follow Method 1 and having issues. when i double click the fix.reg file i receive a note that states “cannot import c:\documents and settings\dell\deskstop\fix.reg: the specified file is not a registry file. You can only import registry files.”
i’m running xp version 2002 sp 3. registry is 5.1
Please help. thank you.
Dave, check twice your fix.reg. It should have “Windows Registry Editor Version 5.00” as first line and saved with ANSI encoding (look encoding field in the Save dialog).
Before I found this website, I had already installed Malwarebytes and scanned and removed the Total XP Security virus. However, the only thing that it removed was the constant popups. My laptop still can’t perform a system restore- it says it has been turned off by group policy and to contact domain admin, etc and my start menu bar freezes on startup. So I came here and tried both methods on safe mode and then restarted my laptop normally and the same problems are still there. I’m running XP Pro by the way. Any ideas?
Well I turned system restore back on but there are no restore points… oh well. I just went back to Malwarebytes to delete the infected files after they were quarantined and deleted the registry keys and values you listed above to be created by the Total XP Security virus… but my laptop still loads extremely slow with the start menu and task bar completely frozen. (I can still access and run most-all desktop icons and shortcuts). After about 15 minutes being frozen it regains normal functionality… I don’t know what’s wrong anymore…
Hi! i’m infected with total XP security, i use method 2, then i scan my PC and in theory, MAMB detects the trojan and, in theory is deleted after the reboot but when i start again in my session, Total XP security is still f*cking my PC 🙁
I followed your instructions intensively and it worked!!!!! The viruses are gone and I’m amazed. THANK YOU!!!!
Andrew, open a new topic in our Spyware removal forum. I will check your PC.
Nath, repeat the first step above, then run Malwarebytes and update it. Then perform a new scan.
Thank you so much.
Method 1 for the win!
thankyou, I used method two.
Method one did it for me – I love guys like you.
Don’t ever quit, it dosen’t go unappreciated.
Thank you very much.
Method 1 works for me!
Thanks a heap dude this thing helped so much that friggin total xp thing was gone straight away. I think i though it was fake because the pop-ups were constant and both words didnt have capital letters. Anyway thanks a heap man.
Thank you so much for the instructions. I had Malwarebytes but only the free version. The infection stopped it from running and I have spent the whole day yesterday trying to get rid of this until I came onto this website. Method 1 worked. I unlintalled the existing copy of Malwarebytes and re-installed it after the registry fix. The research was done on a different laptop as the internet browser was affected. This malware also stops your antivirus to come on. After the reboot unfortunately Fsecure still doesnt fire up.
Many Thanks once again.
Method 1 worked for me. Thank you!
I followed both methods and everything seems “ok” but one problem I’m still having is when I click on many of the Google search results I get redirected to a site called searching4all.com. Is this a sign that this particular malware is still present in my system?