Total XP Security is fake security program, that also known as rogue antispyware application. The software is a new clone of XP Internet Security 2010, which is a rogue too. Nothing new here, Total XP Security is promoted and installed through the use of trojan. When the trojan is started, for some time it itself does not manifest, thus hiding the web site with which it entered on the computer. A few minutes later, the trojan will secretly download and install the rogue onto your computer without your permission and knowledge.
During installation, Total XP Security will configure itself to run automatically every time when you run any program that have “exe” extension (99% of Windows applications). The rogue also uses this method of running to block the ability to run any programs, including your antivirus and antispyware application.
When Total XP Security is started, it will imitate a system scan and report a variety of infections that will not be fixed unless you first purchase the software. Of course, this is a scam, because the rogue is unable to detect or remove any infections. Important to know, all of these infections do not actually exist on your computer, so you can safely ignore them.
While Total XP Security is running, you will be shown nag screens and fake security warnings from Windows task bar. The fake security program will also hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
Obvious, Total XP Security is the program, whose presence on the computer is not desirable. It is created with one purpose, using deception and threats to force you to open your wallet and pull out the money. If your computer is infected with this malware, then most importantly, do not purchase it! Remove the rogue from your computer as soon as possible. Please follow the removal guide in order to remove this Total XP Security and any other associated malware from your computer for free.
More screen shoots of Total XP Security
Use the following instructions to remove Total XP Security (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove Total XP Security associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Total XP Security infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Total XP Security. MalwareBytes Anti-malware will now remove all of associated Total XP Security files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Total XP Security creates the following files and folders
%AppData%\ave.exe
Total XP Security creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
PERFECT !!!
Thanks so much.
Thank you so much for the brilliant methods. Your tips helped me get rid of 2-hours’ anxiety n frustration in just 5 mins. Thanks a lot. Using Method-1, apparently it looks normal like before. I am not getting anymore pop-up. But my question is – if the infected files or threats still working in the background. There were 29 infections. Hope to hear. Thanks again.
Thanks again – TDSSKiller seems to have done the trick. PC is quicker than it has been for a while, I can access Windows Update again, and don’t get redirected in Google searches. You are a great help.
Pavel, i think you are clean, but you can also to check your PC with SuperAntispyware, Kaspersky virus removal tool …
Thank You sooooo much whoever put these instructions up is a wonderful being in my book!!
Method 2 worked right away,
You should accept donations as I would
happily support your efforts!
oh and i forgot to mention, I had a blonde moment as I couldn’t figure out how to “copy” the suggested code if I was unable to connect to the internet because of stupid Total XP, then I realized i could just type it out myself from my other computer,it only took a few mins, and sooo worth it,
thanks again!!
Thanks a lot.
Method no 2 worked.
THANK YOU! THANK YOU! THANK YOU! THANK YOU!
I tried both methods and one seems to have worked so far.
Really pleased with your advice,my sons netbook got this malware despite having an antivirus program & it has been a real nuisance until reading your solution.Many thanks.Mark
Hi Patrik,
Probably doesn’t matter anymore after the 100 comments above, but thank you very much indeed! Adding this few lines to the registry completely stopped the autorun processes, my system is stable now and I’m working on deleting the infected stuff manually and with my antivir, that now works again 🙂
I wonder, why is your site the only one of the 20 google top results that doesn’t advertise questionable removal tools or tells you to do stuff you can’t do (because it’s blocked by the virus), but really tells you how to handle the problem in a few easy steps?
Thank you so much!
first time I’ve been caught by a virus, I did get a warning from my virus checker but hit the wrong button and ignored it.
Followed method 1 then installed and back to normal – many many thanks
thank you
I am the type who is VERY careful with viruses. I use WOT, and never go on untrustworthy websites. But my dad clicked an ad which got this virus on the computer!
I tried so many things! Method 2 worked and I could access mbam again! Its currently scanning! GOD BLESS YOUR SOUL!!!!!!!!!!
I am into the 3rd day of fighting this “XP AntiSpyware 2011” been searching everywhere for an answer that I don’t have to download anything because I cannot. It won’t let me run any program or download anything or use any browser. It won’t even let me use a lot of innocuous internal Windows programs just because they are exe files.
I tried copying as carefully as I could the fixes you gave. I had to go into safe mode to use the “run” command because it won’t let me use that either of course it is an exe file. I got an error message when clicking on the first file – “Cannot import: Documents and Settings\Sheila\Desktop\fix.ewg. The specified file is not a registry script. You can only import binary registry files within the registry editor.”
For fix number 2 I just got a flat error message:
“Installation failed”.
So never mind getting to step 2 I am back at square one, got any more ideas anyone? I am desperate and very tired. My friend who I am borrowing a computer off of to find a solution to this would also like their puter back lol.
I didn’t make a typo saving it as fix.reg, just in typing it here. Oh and I tried to do Method 1 and 2 back to back to see if that would work, no luck. I had trouble copying the text you gave ie where there were spaces in a line etc but I tried to be meticulous in copying them exactly as shown.
Sheila, check twice that you have “Windows Registry Editor Version 5.00” as first line in fix.reg script.
Awesome! Method 1 worked for me!! Thanks!!
Thanks a bunch! I was able to “CURE” the kids’ computer and I know NADA about computers and how they work!
I’m putting your link on my facebook to let people know how to do it too!
DONT STOP what you’re doing!
threw away so many computers from viruses in the past, i was expecting to throw this computer into can until i found this site. easy steps for computer illiterate like me, method 2 worked wonders, thanks a bunch, you are greatly appreciated, bretheren.
I might just suggest to anyone who used a USB drive to copy registry files over, quarantine that USB after you fix the issue and format it. Had issues in the past with viruses copying themselves to removable media, which can become a hassle.
My problem is that I used \ad-aware\ to remove the virus because it was already on the computer. Now the majority of my programs will not run, {outlook, checkdisk, scandisk, office, etc.] basically only internet explorer and one other program will start. This is a work computer so i dont have downloading priveledges other than in safemode. can this be fixed? ps – pretty sure i got this virus through grooveshark..
Hi,
I’ve been trying to use your methods and it all seems to work for a while but it never gets it out completely as it keeps coming back. I did all versions for methods and scanning for maleware. Help!
Thank you very much! Had to manually type into notepad as computer wouldn’t connect. Wasn’t too sure about doing it but it’s worked.
Thank you!
Patrik, thank you so much for these instructions, I’m very relieved to have been referred to them, and found that they have worked.
One question – on removing the problem with MalwareBytes and restarting, Microsoft Security Center opens up. Since this was mimicked by the virus, I’m not sure if I have got rid of all it? Would you expect Microsoft Security Center to open like that? The other problems it was causing all seem to have gone though.
thanks again, Katie
Thank you so much, i thought I was pooched until I was able to find this site!
Thank you so much, I thought my computer was pooched until I found this site!
Patrik, thanks very much for these instructions, the first thing that worked for me. I’m very relieved to have been directed to your website.
Although the pop-ups etc have gone, I think I might be suffering a few after effects. On booting up, Microsoft Security Center opens (a concern because the infrection was mimicking this), and says automatic updates are off. When I try to turn them back on in this window, I’m told this can’t be done & directed to Control Panel / System / Automatic updates. But in this window it says they are on…
Also, I had an error message when pressing Ctrl Alt Delete, but that may have been a one off so won’t post here.
Thanks for the work you’ve done so far, I’d appreciate any further advice on the above.
Thanks, Katie
kiki, ask for help in our Spyware removal forum.
Thankyou very much.
My win xp Pc was troubled by win xp total security.
I tried method 1 and it worked first time up.
Then I downloaded the Malwarebytes and it too
got rid of the rmaining threats.
Thanks a million.
Bye.
Thank you, these fake antispywares are really bothersome D: