XP Antimalware 2010 also know as XP Antimalware is a rogue antispyware program, clone of XP Internet Security 2010, which is also a rogue antispyware. Nothing new here, as before, the rogue distributed through the use of trojans. When the trojan is initialized, it will download and install core component of XP Antimalware 2010 onto your computer without your permission. The same trojan will also configure the fake security program in such a way as to run automatically when you start any program on your computer. Using the method of running, the rogue can block any your programs, including legitimate antivirus and antispyware applications.
When XP Antimalware 2010 is started, it will perform a full scan of your PC. It It will state that your computer is infected with trojans, adware or malware and that you should purchase its “full” version to remove these infections. Important to know, XP Antimalware 2010 only imitates a system scan, the rogue is not able to perform any type of security related functions. It can`t protect your PC, detect malware files and so on.
What is more, to make a more complete illusion that your computer is infected, XP Antimalware 2010 displays numerous false alerts that the security of your computer at risk, or that a file is infected with a dangerous trojan, etc. The rogue will also hijack Internet Explorer and Firefox and display fake warnings when you opening a web site. As the scan results, all these messages and alerts – a fake, so you can safely ignore them
From the above it is obvious that XP Antimalware 2010 is an unwanted guest on your computer. This is a dangerous computer parasite, which should be removed as soon as possible. To remove XP Antimalware 2010, please follow the step by step guidelines below.
Use the following instructions to remove XP Antimalware 2010 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Antimalware 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
On the Scanner tab, make sure the “Perform quick scan” option is selected, then click on the Scan button to start scanning your computer for XP Antimalware 2010 infection. This process can take quite a while,e, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Antimalware 2010. MalwareBytes Anti-malware will now remove all of associated XP Antimalware 2010 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Antimalware 2010 creates the following files and folders
%AppData%\ave.exe
XP Antimalware 2010 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Joshua, you can remove fix.reg.
Jim, probably your PC is infected with TDSS trojan. Read the article.
Okay. THANK-YOU SO MUCH !! 😀
I can’t even begin these instructions as my computer won’t even let me hit the start button!
help!!!
I did the reg fix and downloaded and installed malware bytes. I did the update to 04/20/2010 and did a scan and it found nothing. So i went through the Documents and Settings folder and found some strange files with date/times of when i was infected (like an hour ago) :
1329389005
H2AT6812bbH
These files are in a bunch of folders under Documents and Settings (you need to search with Hidden file option on).
The VERY strange thing is i found the ave.exe file in //Local Settings/Application Data/ave.exe. So i ran malware bytes on it and it CAME UP CLEAR!! It said it WASNT malware… wtf!?
jleslie, try another way. Press CTRL + ALT + DEL, Task manager opens. Click File, New task. Type command and press Enter. Command console opens. Now follow the steps above.
Thank you so much. I was in tears when thought I couldn’t resolve the problem without paying all that money.
Grant, you have updated Malwarebytes before scanning ?
Thank you a lot for this!
I also recommend (after these steps) running the free Spyware Search & Destroy 🙂
Thanks again!!!
correction: not Spyware, Spybot! 😛
Following this tutorial now, thanks. We’ve got an infected machine at work 🙁
Method 2 finally worked for me. When I tried to reboot after scanning with MBAM, the computer freezes before the windows logo comes up. I booting up in Safe Mode but it won’t boot. I have Windows XP. I do not want to buy a new computer, but I guess I will if I have to.
This worked great — a very quick resolution to an annoying problem. Make sure you get the updates of MBAM or else it won’t work. Thank you very much. 🙂
Who can I give a donation to for such a great fix??? I am not an expert with computers and option 1 did the trick…Thank you and PLEASE let me know who to send a donation to…It is certainly worthy of some $$$!
Tangie, I glad to help you and other peoples 🙂
Now i don`t have any donation way. But will be fine, if you will make a link from your blog, a site … to this article or the main page of myantispyware.com. It will help other peoples, who needs a help.
Thanks for this. I was able to remove XP Antimalware 2010 and repair running of .exe files.
Last night I seemed to have suffered a “RAM version” of XP AntiMalware 2010. (My fault for visiting girlie xxx web site). I had all the symptoms: phony shield icon in the desk tray, bogus warning messages about infections/worms, IE navigating messed up, messages trying to make me buy the bogus product. I bitched to Symantec in Chat session about why didn’t NIS 2009 prevent it; they offered to have remote computer diagnosis for $99. But I never could find ave.exe or av.exe file in my computer or task list, and when I rebooted, my computer was fine. So I guess it was running as a VB script or something, but didn’t get installed permanently, so maybe NIS did prevent permanent infection. Whew! Just thought others may want to know of my temporary bad experience.
This is frustrating! I have been at it for over an hour….. I’m running four scanners nothing has popped up unusual yet… This darn virus keeps popping up stuff too driving me crazy!
Your a genius thank you so much! You should really ad a donation button! Paypal is a good way to do it! Thank you thank you thank you thank you!
I ran both Norton and Malwarebytes and they appeared to fix the problem with some regedit fixes. But is it necessary to do the regedit fixes you suggest? I’m a little nervous about them.
P.S. I’m also running a full system scan of Malwarebytes after the quick scan and it seems to have turned up one other suspicious file (scan is still running), though it may just be a tracking cookie.
P.P.S. Would it also help to run system restore to before when the infection occurred?
ificandream, if computer works fine, then don`t need follow the regedit fixes.
To P.P.S., if its ok.
I didn’t though it will be so easy. It’s a simple as creating a notepad file, installing a software and running a scan. This is all you have to do to fix this ANNOYING malware.
Thanks guys!
So I got this last night, I have tried everything. It blocks my internet and opens weird ass pages but I already did have maleware bites
Can I do these methods out of safemode?
Okay so I removed Xp Antimalware I think but now I am still getting false security messages, and it blocks a couple of my things, using trojan remover helps unblock them, but it tries to lock me out of my task manager, I found the process and stopped them, and am running malware again, but now that the antimalware 2010 is gone, I get these annoying popups telling me the computed is infect how do I rid them? I also disconnected my comp from the internet because I was afraid it would mess it up.
ugh, looks like your computer also infected with a trojan FakeAlert. Please start a new topic in our Spyware removal forum. I will check your PC.
This solution worked great, I plan on buying the professional version. Thank you!
We uninstalled anti-malware using Method 1, then ran the Malwarbytes scan. Now we can’t open any .exe files, including Intenet Explorer? What can we do to fix this? Thanks for any advice.
Thank you.
M Downey, repeat the first step above.