XP Antimalware 2010 also know as XP Antimalware is a rogue antispyware program, clone of XP Internet Security 2010, which is also a rogue antispyware. Nothing new here, as before, the rogue distributed through the use of trojans. When the trojan is initialized, it will download and install core component of XP Antimalware 2010 onto your computer without your permission. The same trojan will also configure the fake security program in such a way as to run automatically when you start any program on your computer. Using the method of running, the rogue can block any your programs, including legitimate antivirus and antispyware applications.
When XP Antimalware 2010 is started, it will perform a full scan of your PC. It It will state that your computer is infected with trojans, adware or malware and that you should purchase its “full” version to remove these infections. Important to know, XP Antimalware 2010 only imitates a system scan, the rogue is not able to perform any type of security related functions. It can`t protect your PC, detect malware files and so on.
What is more, to make a more complete illusion that your computer is infected, XP Antimalware 2010 displays numerous false alerts that the security of your computer at risk, or that a file is infected with a dangerous trojan, etc. The rogue will also hijack Internet Explorer and Firefox and display fake warnings when you opening a web site. As the scan results, all these messages and alerts – a fake, so you can safely ignore them
From the above it is obvious that XP Antimalware 2010 is an unwanted guest on your computer. This is a dangerous computer parasite, which should be removed as soon as possible. To remove XP Antimalware 2010, please follow the step by step guidelines below.
Use the following instructions to remove XP Antimalware 2010 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Antimalware 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
On the Scanner tab, make sure the “Perform quick scan” option is selected, then click on the Scan button to start scanning your computer for XP Antimalware 2010 infection. This process can take quite a while,e, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Antimalware 2010. MalwareBytes Anti-malware will now remove all of associated XP Antimalware 2010 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Antimalware 2010 creates the following files and folders
%AppData%\ave.exe
XP Antimalware 2010 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
omg,i had tried that too but its not working,i think something is wrong help?!!
I cannot close all other windows while running step 2 because the rogue keeps opening new windows.
I am still running with infections so far. I am waiting for it to finish and reboot.
Any idea as to when and where is came from?
yes
method 2 and malwarebytes update = fix
thx
dylan, then open a new topic in our Spyware removal forum.
You guys are the Hero Nerds, fighting the dark forces of the Evil Hacker Nerds! Thank you so much! I was able to run my Malwarebytes Anti-Malware in “Safe Mode with Networking”, update it, and successfully stop the malware from running, BUT – it had totally screwed all my .exe files. Thanks to your Method 1, they have now been fixed. You chaps have earned yourselves a lightsaber apiece.
wow,i think i found the reason why,it had installed XP Defender Pro >.>,ima go follow the steps to try and get rid of it.
thanks.
I used Step 1, Method 1 then d/l and ran MalwareBytes and it found 51 infections. However, it couldn’t remove a few. Any suggestion will be appreciated as to what to do to get rid of the leftovers? Thanks.
thank you.
omg from antimalware,to defender pro to xp internet sercurity and non of these things are helping!! is there anything else i can do? T_T
Thanks heaps guys….work and i’m now free from that BS!!!!
Penbob, open a new topic in our Spyware removal forum and post your Malwarebytes log.
dylan, ask for help in our Spyware removal forum.
THANK YOU!!!!
WOW THAT WAS REALLY CLEAN REMOVE THANX A TON. THE FIRST OPTION WORKED FOR ME
Pratik,
This worked like magic. I tried step-1 and the mb download steps, and it solved. Ufff.. I was soo tensed before finding this solutions…
Thanks for all the help!
An issue I encountered was not being able to run notepad. As I was assisting a novice over the phone I needed a way to edit the registry entries without being able to use any editors on the target computer.
A really useful too is http://www.etherpad.com which allowed me to copy in the registry changes into it and the target computer user to export the etherpad contents into the requisite file without involving any software on the target computer.
I add this just in case someone else encounters this difficulty.
Well did step one from method one and it seemed to remove the problems that were visible. I tried the MBAM and ran it, it didn’t find any problems but at the same time my norton (free trial) had stopped something. I updated MBAM and ran it again, still nothing found. Is this ok? does that mean it is gone?
Yes, looks like you are clean. You also can scan your PC with an online scanner.
thanks so muck, i was abosolutly s***ing myself wen i saw this on my computer, method 2 worked for my, thank you so much you guys
*much
Nice fix and simple to follow instructions. Saved two of our clients so far. Thanks. If you had a donations button I would be donating right now.
Thanks a million, twice i’ve been attacked by this now, METHOD 2 WORKS PERFECTLY thanks 🙂
I was dead in the water with XP Malware fighting everything. Was able to copy MalwareBytes onto a removeable USB storage key from my wifes computer, and then renamed it to copy via explorer onto my computer in safe mode. Since I wasn’t “allowed” to open note pad, I executed the Malwarebytes first with XP Malware fighting it every step of the way with false alerts and screens. Over 700 infections were wiped out. I rebooted and ran both method 1 and method 2 to be safe and ran MWB again. It found and removed 6 infected areas. At the same time NAV finally kicked in and quarantined 2 viruses. I’m operating again but the pest is still present. First it hijacked the IE7 default search and redirected to Gala search. I was able to reload Google to repair. Now Webroot Spysweeper keeps telling me that 15 sites are being added to my HOSTS file every time I start the computer. I tell SS to delete them but they return every startup. But the most serious lingering effect of this infection is that any website I try to navigate to is hijacked and redirected to a site I could care less about. I haven’t been able to fix the website hijacking nor the HOSTS file loading issues. Any suggestions?
The infection is certain entries in the root directory that invoke VMA.EXE. Nothing seems to work and the registry keys will not allow themselves to be deleted or edited. HELP!
I used the first method and it worked perfectly! But should I leave the fix.reg file, or whatever it is, (not a computer wizz I’m afraid), on there now or delete it?
Cool, used opition 1 and worked well for me. Many thanks. I am novice with this and instructions esay to follow.
Here’s the morning update: The virus remains but it’s in the background. 15 spurious links get published to the HOSTS file but SS blocks them and I delete them. MWB then runs and quaratines the vma.exe registry item. I can put websites directly into my browser and it will go there, but I cannot hit links on a G search because I’ll always be redirected somewhere else. I’d like to KILL this sucker once and for all, but can use my PC for now.
Jim
Jim, open a new topic in our Spyware removal forum. I will check your computer.
Jim, you have tried both method of the first step above ?