XP Anti-Virus 2011 is a rogue antispyware program from the same family of malware as XP Antimalwate, XP Antimalwate 2010, etc. The program is installed via trojans without your permission and knowledge and uses misleading methods such false scan results and fake security warnings in order to trick you into purchasing its paid version. Thus, do not trust anything that this malware will display you and remove XP Anti-Virus 2011 from your system as soon as possible. Read below what you’ll want to know though is what does this malware do and how to remove it from your PC for free.
During installation, XP Anti-Virus 2011 registers its main file in the Windows registry so, it will run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including legitimate antivirus and antispyware tools.
Once installed, XP Anti-Virus 2011 will imitate a system scan and report a large amount of infections. It hopes that you will then purchase its full version to cure the PC. Important to know, all of these infections found are fake, so you can safely ignore them!
While the rogue is running, it will display various nag screens and fake security warnings. Some of the alerts are:
Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
XP Anti-Virus 2011 detected 29 critical system objects.
Security breach!
Beware! Spyware infection was found. Your system security is
at risk. Private information may get stolen, and your PC
activity may get monitored. Click for an anti-spyware scan.
System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.
Moreover, XP Anti-Virus 2011 will hijack your browser, so it will show a fake warning page instead a site that you want to visit. The fake warning state:
XP Anti-Virus 2011 ALERT
Internet Explorer alert. Visiting this site may pose a security threat to your system
Of course, all of these messages, warnings and alerts are a fake and supposed to scare you into thinking your computer in danger! Just like false scan results, ignore all of them!
As you can see, XP Anti-Virus 2011 is a scam which created with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Anti-Virus 2011 and any associated malware from your computer for free.
Use the following instructions to remove XP Anti-Virus 2011 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Anti-Virus 2011 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Anti-Virus 2011 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Anti-Virus 2011. MalwareBytes Anti-malware will now remove all of associated XP Anti-Virus 2011 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Anti-Virus 2011 creates the following files and folders
%AppData%\yun.exe
XP Anti-Virus 2011 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\yun.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\yun.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Thanks very much. Worked a treat.
magic! thank you so much! it’s crippling when this happens to people like me (not so computer literate). i appreciate your help so much!!
Thanks a lot……
I used method 2 it really works..
I am so happy i was even unable to use skype..
Thanks a lot………..
Amazing! Thank You!!
Tried method 1, it wouldn’t execute. Method 2 wouldn’t install (it triggered the malware). What seemed to work for me was a reboot via F8 to Safe Mode with Networking & then log in as administrator. The browser (Firefox in my case) opened without any evident malware activity & I was able to download, install & run Malwarebytes successfully.
Hi guys, My buddy had this XP anti-spyware 2011 and I have instigated method 1 on his PC. This effectively stopped the Trojan program from working but now the PC will not open any exe files. Should I now do Method 2 to get the PC back to normal? Hope you can help my Reps on the line? cheers guy’s.
Forgot to mention that now all antivirus and windows defender will not work either. Hope someone can help. Many thanks
My sister’s laptop became infected. I used method 1 plus the Malwarebytes program. Excellent and comparatively simple fix.
Thanks so much for this! I used method 2, back up and running!
Du är bäst så jävla bra fix nu funkar allt igen. mvh
Used Method 1. It is by far the best, simplest and easiest solution. Thanks for taking the time and helping the others.
Your work is very much appreciated!!!
Yea i just finished the steps using method 1 and it wont allow me to turn automatic security updates on, how do I get them to turn back on?
i ran method 1 and it worked great, but now my add/remove will not open…any thoughts? u rule btw!
holy cow…tried method 1 and can use all my links/shortcuts etc and run exe again! not sure I really got rid of everything and considering I no longer have admin rights to my work laptop and did not want to have to contact the helpdesk again (sigh…grrr). just love that our antivirus/malware program(s) work soooo lovely..
what cracks me up is with my personal lappy I hardly to never have issues. or at least when I do they are easily fixed.
Best help ever!! Thank you so much for posting this–it worked perfect!
Option #1 worked… be very careful to type exactly as shown!!
Thank you…worked perfectly. I wish we could track down the people who do this. On the other hand, there are angels like you who help us out for free. THANK YOU!
Thank you for all the help you provide.
My machine got infected and although AdAware scanned and ‘caught’ the problem, it was unable to clean it.
Used your solution and it worked like a charm, however, my Windows Updates got corrupted and I had to fix it.
I searched Microsoft and found a ‘Microsoft Fix it 50202’ tool, which realy worked (http://support.microsoft.com/kb/971058).
Now all is well again.
Thank you.
This program had even removed any system restore points.
I can’t thank you enough for the simple guide. Method two worked perfectly!
So what am I missing here? I ran system restore and restored my laptop to yesterday morning and voila the virus was gone. There was a temporary issue with opening exe files but that was fixed with a exefix_xp. Was it really that simple or should I expect a return of the virus?
I did method 1 and it stopped popping up. do I still need to do step 2?
Great!!! After I used method 2 I had some control again to run programs then got the antimalware to run.
Thank you so much for putting the enormous effort into publishing such simple to follow steps to remove that virus!!!
Hi there,
I had this virus tried different things mentioned in other webpages and got rid of it. The virus seems to have come back and finally used pcexplore to delete the exe file. Now I think its gone. Wondering if there is any harm in running the above code to make sure it won’t come again. Please advice.
Cheers, Subash
thanks!!!!!
Thank you so much.great guide works exceptionally well Www
It worked a charm. However, I have an issue. I followed all the above steps, did everything as I was supposed to, but now my windows automatic updates will not turn back on. I tried doing it automatically I tried going advanced. Nothing I try works. Someone told me to try installing au.inf (after clicking run then typing inf to get to it.) But when I try this a window pops up saying ‘The file ‘wuapi.dll’ on windows xp home edition service pack 3 cd is needed. Type the path where the file is located and then click ok.
Do I need to roll back the system? Any help greatly appreciated.
Simple and elegant solution. Well done!
It worked! you are awesome! my mom had this problem and this fixed it! thanks!
Thanks used method 2 to fix daughters laptop cheers
😉
HELP!
I did method 1 which worked great, I’m able to d/l or at least try to d/l the Malware software now, but my anti-virus is blocking, what should I do? I need to know I’m d/l the right thing. I need to get this fake XP ANTIVIRUS off my laptop. It’s driving me nuts. It’s just running in the background. I entered the fake code so I’m able to do whatever I want on here but the dam thing is running and I need it removed. What do I do?