XP Anti-Virus 2011 is a rogue antispyware program from the same family of malware as XP Antimalwate, XP Antimalwate 2010, etc. The program is installed via trojans without your permission and knowledge and uses misleading methods such false scan results and fake security warnings in order to trick you into purchasing its paid version. Thus, do not trust anything that this malware will display you and remove XP Anti-Virus 2011 from your system as soon as possible. Read below what you’ll want to know though is what does this malware do and how to remove it from your PC for free.
During installation, XP Anti-Virus 2011 registers its main file in the Windows registry so, it will run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including legitimate antivirus and antispyware tools.
Once installed, XP Anti-Virus 2011 will imitate a system scan and report a large amount of infections. It hopes that you will then purchase its full version to cure the PC. Important to know, all of these infections found are fake, so you can safely ignore them!
While the rogue is running, it will display various nag screens and fake security warnings. Some of the alerts are:
Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete.
XP Anti-Virus 2011 detected 29 critical system objects.
Security breach!
Beware! Spyware infection was found. Your system security is
at risk. Private information may get stolen, and your PC
activity may get monitored. Click for an anti-spyware scan.
System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.
Moreover, XP Anti-Virus 2011 will hijack your browser, so it will show a fake warning page instead a site that you want to visit. The fake warning state:
XP Anti-Virus 2011 ALERT
Internet Explorer alert. Visiting this site may pose a security threat to your system
Of course, all of these messages, warnings and alerts are a fake and supposed to scare you into thinking your computer in danger! Just like false scan results, ignore all of them!
As you can see, XP Anti-Virus 2011 is a scam which created with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Anti-Virus 2011 and any associated malware from your computer for free.
Use the following instructions to remove XP Anti-Virus 2011 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Anti-Virus 2011 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Anti-Virus 2011 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Anti-Virus 2011. MalwareBytes Anti-malware will now remove all of associated XP Anti-Virus 2011 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Anti-Virus 2011 creates the following files and folders
%AppData%\yun.exe
XP Anti-Virus 2011 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\yun.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\yun.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”
I finally d/l the malware and I now have the mbam setup on my desktop but when I run it, it ask me what program I want to open it in!!! HELP!!!
Nevermind, I repeated method 1 and then followed the rest of the directions and it’s finally gone!!! My normal free AVAST anti-virus scan is now back in my security system HOOORAY!!!!!
GOODBYE FAKE XP ANTIVIRUS BE GONE!!!!
THANK YOU GUYS!!!!!!
Thank you so much!!! Malwarebytes didn’t work (I had it already installed and the virus blocked it) but I tried method 1 and it’s scanning right now!!!! God, thank you!!!
Thanks, used method 1, worked just fine. Wonderful.
Steve, try method 2 or repeat the method 1.
Method 1 worked. A few days later, I got another infection from the same virus. Method 1 worked again. Still though, any ideas what the best free anti-virus program would be to catch viruses like this? AVG? Something else?
AVG is really good and free antivirus software. Make sure that you have all the Critical Updates recommended for your operating system and IE. Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found.
Update all antivirus/antispyware programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
thank you so much for this! ! ! a very very! thank you! so helpful and really works!
Thanks a lllllllllooooooooootttttttttttttttttt. Its really helped me. I tried the second method. and
it was successfull first time itself. Once anain thank you so much
Will either step one or two remove McAfee Anti virus from my system?…? My computer is staying locked-up, thus not allowing me to access the internet. I’ve tried removing it through the control pantal/system add/remove applications but even after this it’s still there on my computer.
Testing, to see if comments are monitored (want to see if the site is legit or not before messing around with my system).
Carolyn, check browser`s proxy settings.
Thanks a lot sir i have remove this virus with the help of you and your website.I keep tried for hours and hours but it could not solve the problem.
I again thanks to you and seriously i follow these written instructions of yours.
Thank You
Please can you help – I have used both Methods and still cannot rid the computer of the virus – I can’t access the internet……….*sob* *sniff*
HOLY SHIT THIS SHIT ACTUALLY WORKS
THANK YOU! THANK YOU! THANK YOU!
Hint: If you are unable to get on the internet through your normal browser you can go through your IM account. This allows you to use the infected computer to do the fix.
Option 2 worked for me, running mbam as of right now to clean up the rest of the mess. Thanks for this wonderful fix!
Had this hit 2 comps. Was able to remove with maleware bytes. Now on both comps desktop is blank as well as all programs list. How can I bring back these two items? thanks
Method 1 didn’t work but Method 2 did, thank you very much!!!!
I just followed your instructions completely and it worked perfectly! Thank you so much for this. Dont know what I would have done without your help as I have a mini dell with know cdrom drive!!! Great service. Thanks again!!!
Also if anyone is having trouble with starting internet explorer even after all of these steps I found this very useful and has now fixed my problem:
Get rid of XP Anti-Virus 2012 start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe
Then…
Open windows explorer and select Tools > Internet Options > Connections > LAN Settings > and untick ‘use a proxy server’ click okay and close browser then reopen.
Should be fixed!
Thank you. After struggling for two painful days to remove the \XP anti virus 2012\ virus, finally I successfully did it using this simple steps (step 1 method 2, and step 2). Than you once more.
Thank you. After struggling for two painful days to remove the XP anti virus 2012 virus, finally I successfully did it using this simple steps (step 1 method 2, and step 2). Than you once more
method two worked for me, the virus is still there, but i can open programs. thanks!
i have tried method 1 and 2, but method 2 wont install when i right click on it and method 1 when i click on my desk top says i can only support binary registery files whatever that means!
I can’t thank you enough for posting this…
The damn XP Antivirus virus destroyed two previous home computers, I was determined to not let my current computer fall for the same fate!
I used “Method 2” and once I got control of my programs I opened and downloaded MalwareBytes Anti-malware through “Safe Mode w/ Network Support”. It erased the XP Antivirus virus and a few others I was unaware of… Thanks again!!!
It is really a good method to follow. I really appreciate your post.
Thank you very much!
Thanks guys! This saved me lots of time!
You are great
This is such fantastic advice thanks so much! I’m finding Malware is getting alot worse recently and up to now I was taking my computer to my local techy guy to sort out. I didn’t realise I could remove it myself until today. Thanks so much Patrik, you’ve saved me lots of money and headaches, I can’t thank you enough! Anyone who’s reading this… it works yay!