Total XP Security is fake security program, that also known as rogue antispyware application. The software is a new clone of XP Internet Security 2010, which is a rogue too. Nothing new here, Total XP Security is promoted and installed through the use of trojan. When the trojan is started, for some time it itself does not manifest, thus hiding the web site with which it entered on the computer. A few minutes later, the trojan will secretly download and install the rogue onto your computer without your permission and knowledge.
During installation, Total XP Security will configure itself to run automatically every time when you run any program that have “exe” extension (99% of Windows applications). The rogue also uses this method of running to block the ability to run any programs, including your antivirus and antispyware application.
When Total XP Security is started, it will imitate a system scan and report a variety of infections that will not be fixed unless you first purchase the software. Of course, this is a scam, because the rogue is unable to detect or remove any infections. Important to know, all of these infections do not actually exist on your computer, so you can safely ignore them.
While Total XP Security is running, you will be shown nag screens and fake security warnings from Windows task bar. The fake security program will also hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
Obvious, Total XP Security is the program, whose presence on the computer is not desirable. It is created with one purpose, using deception and threats to force you to open your wallet and pull out the money. If your computer is infected with this malware, then most importantly, do not purchase it! Remove the rogue from your computer as soon as possible. Please follow the removal guide in order to remove this Total XP Security and any other associated malware from your computer for free.
More screen shoots of Total XP Security
Use the following instructions to remove Total XP Security (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove Total XP Security associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Total XP Security infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Total XP Security. MalwareBytes Anti-malware will now remove all of associated Total XP Security files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Total XP Security creates the following files and folders
%AppData%\ave.exe
Total XP Security creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
hi ok ive done both 1 and 2 and run Malwarebytes Anti-malware seems to have stop pop ups but I still have probs with the internet keep getting sent to the k diretory site have reload fire fox and do not use internet explore? im running windows xp any help? on this btw ty for the help so far
Nathan, looks like your computer is infected with TDSS trojan. Try the instructions.
mark, check Internet Explorer proxy settings.
Patrik, my computer is acting as Mark’s is. What should we do when we check the proxy settings?? Sorry, I’m not very computer literate.
gg, for Internet Explorer follow the steps below:
Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK.
Would love to get my hand around the neck of the people that create these and would love to shake Yours!! Thank You for taking the time to post and help all the people that you have!!
I tried the first, but when I double-clicked on fix.reg, it would only open as a Notepad file. What am I doing wrong? I tried the second, but when I right-clicked, I did not get \Install\, just the usual list of options. I typed the contents correctly and saved as \All files\ as instructed, but have I missed out something?
Linda, try another way.
Run regedit through command console (if .exe files is blocked from running). Once Registry editor opens, click File, Import. In a dialog select fix.reg and press OK.
Thank you so far so good very good walk-through… My Firefox was disabled though so I had to use the desktop and type all the commands instead of copy and pasting but it was worth it.
I purchased Spy Doctor yesterday and couldn’t get the s..t out. I used Method 1 and it was gone. What a wonderful thing … thank you, thank you.
I have tried option 1 and 2 and after reboot I still can’t run Malwarebytes or any other program for that matter. The only thing that runs is the xp total security program. Any other ideas?
Doug, try repeat the step 1 (method 1 or 2), but when you have done it, please don`t reboot your PC, instead, go to step 2.
Patrik, thank you, that did the trick. I’m back up and running.
I have had this problem, labelled XP Total Security. I followed Method 1 and MalwareBytes, and it all ran though OK.
But now I cannot run any programs. When I launch Excel, Word, Internet Explorer, etc. I get a box “Open With” asking me to chooose a program to use to open the file. When I select Internet Explorer for that application, I get two further boxes: “File Download Security Warning” do you want to run or save – I choose Run. Then “Internet Explorer Security Warning” do you want ro run this software Windows Internet Explorer 8 from Microsoft Corporation – I choose Run, then it loops back to the “Open With” box.
Do you have any advice how to fix this please?
Method 1 worked great! Whoever wrote this is a lifesaver!!!
Ive just used this to clear XP Total Security but recently also had System Tool which I have also cleared thanks to your notes. However, since the first virus (System Tool) I sometimes get a blank desktop with no icons either at switch on or after the pc has been on a for a while. Is this still part of the same virus and if so how do I correct it?
I have had the same infection called XP Total Security. I followed Method 1 and MalwareBytes, which was completely successful. However, I can’t open any programs now from the icons on my desktop. Get messages like Program not found, or Open With – choose the program you want to use to open this file. When I go through this for iexplore.exe it just loops and keeps asking me the same questions. Any advice please?
Trev, you need to repeat the first step above.
Hannah, start a new topic in our Spyware removal forum. I will help you to check your PC.
Step 1 has fixed it. Realise now that you need to run this for each user on the PC. Many thanks for your site and your help – BRILLIANT!
Many many thanks. I was getting quite desperate after I’d been led down the path by many sites purporting to offer a removal process when they only wanted to sell their product. I’m fuming that my McAfee let this onto my pc but luckily I had a netbook handy and managed to source your solution and download the files to usb key and restore my pc. Great stuff. thanks again.
THANKYOU SO MUCH! Method 1 really helped with the pop-ups and then method 2 secured it then Malware removed the nasty infected files. Thanks a ton.
I was wondering if you possibly know how to increase computer speed because after the virus it is running a bit slow
Thanks again,
Connor
OMG that you so much – this kept coming up under my hubbys account. Method 1 worked for me perfectly.
Is it possible that removing this has also made my pc run slightly quicker?
(Picked up 6 infections)
update – 🙁 it is still showing up under hubbys account. The security center says no firewall on or virus protection.
Under mine (I am the administrator) all security center settings are fine. Ran malaware again and it is not picking up any infections or viruses. Should I just delete his account and set up a new one?
I have a residual problem – getting redirected in Windows Internet Explorer from Google search results to various advertising sites. I run McAfee. How do I stop redirection please?
Thank you!!!!!!!! I was very frustrated when Total XP Security invaded my computer. I Have Norton Antivirus, ran a scan last night, & it did not pick up the XP problem. I used method 2, and it worked right away…Again thank you for being better than the very expensive Norton and for saving my computer.
HEY…I followed evrything u said in the instructions and once I rebooted my computer, the XP Security virus was thankfully gone but on my taskbar tray an icon warning me that my automatic updates is not on is still there. I tried to turn it on but it says tht my security center cant turn it on. On top of that, my internet isnt working. My local area connection is on and the internet on all my other computers that are connected to the network are working. I m riting this message from another comp right now and I relly need the internet on my own computer cuz i have a huge assignment due wich requires internet research….if u cud plz help…thnk u!
Thank You! Thank you! Thank you!
Took all night just to just be able to access the net I had to use an earlier restore point & disconnect my external HD which would not let me download anything BUT I finally got both of the top methods & used both with each other. To cut a long story short well I’m using my computer now with no reissue problems to deal with & again a big THANK YOU!
Michelle
Thank-you so uch! You are my god.
Used Method 1, then installed MWAM.
Trev, try reset your HOSTS file and scan your PC with TDSSKiller.