Windows XP Fix is a malicious program from the same family of malware as Windows XP Repair which pretends to be a computer defragmenter and system analysis software. It hijacks your computer, blocks Windows legitimate applications from running, presents various fake critical errors alerts that the computer’s hard drive is corrupt in order to frighten you into purchasing this useless application. Do not pay for the bogus software! Simply ignore all that it will display you and remove Windows XP Fix from your computer as quickly as possible!
Windows XP Fix is promoted and installed itself on your computer without your permission and knowledge through the use of trojans or other malicious software as you do not even notice that. Moreover, the authors of of the fake program may also distribute this malware on social networks (Twitter, My Space, Facebook, etc) and spam emails. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your PC.
Once installed, Windows XP Fix will be configured to run automatically when Windows starts. Next, the rogue does a fake scan of your computer then tells you it has found numerous critical errors, e.g. “Drive C initialization error”, “Read time of hard drive clusters less than 500 ms”, “32% of HDD space is unreadable”, “Bad sectors on hard drive or damaged file allocation table”, etc. It will require you to pay for the fake software before it “repairs” your machine of the problems. Of course, all of these errors are a fake. So, you can safety ignore the false scan results.
In addition to the above-described, while Windows XP Fix is running, it will block legitimate Windows applications on your computer and won’t let you download anything from the Internet. Last, but not least, the rogue will display numerous fake warnings and nag screens. Some of the warnings are:
The system has detected a problem with one or more installed IDE / SATA hard disks.
It is recommended that you restart the system.
Critical error
Windows can`t find disk space. Hard drive error.
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Windows – No Disk
Exception Processing Message 0×0000013
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Of course, all of these warnings are a fake. This is an attempt to make you think your computer in danger. Like false scan results you can safely ignore them.
What is more, Windows XP Fix hides files and folders on your system drive (disk C by default).
To see all hidden files and folders you need to open Folder options (Click Tools, select Folder Options, open View tab). Select “Show hidden files and folders” option and click OK button.
As you can see, obviously, Windows XP Fix is a scam, which created with only one purpose – to steal your money. Most important, don`t purchase the program! You need as quickly as possible to remove the malicious software. Follow the removal instructions below, which will remove Windows XP Fix and any other infections you may have on your computer for free.
Automated Removal Instructions for Windows XP Fix
1. Click Start, Run and type in Open field: %allusersprofile% as shown below.
2. Press Enter. It will open the contents of All Users folder.
3. Windows XP Fix hides all files and folders, so you need to change some settings and thus be able to see your files and folders again. Open Tools menu, Folder Options, View tab. Select “Show hidden files and folders” option, uncheck “Hide extensions for known file types”, uncheck “Hide protected operating files” and click OK button.
4. Open Application Data folder and you will see Windows XP Fix associated files as shown below.
5. Basically, there will be files named with a series of numbers or letter (e.g. 2636237623.exe or JtwSgJHkjkj.exe), right click to it and select Rename (don`t rename any folders). Type any new name (123.exe) and press Enter.
You can to rename only files with .exe extension. Its enough to stop this malware from autorunning.
6. Reboot your computer.
7. Now you can unhide all files and folders that has been hidden by Windows XP Fix. Click Start, Run. Type cmd and press Enter. Command console “black window” opens. Type cd \ and press Enter. Type attrib -h /s /d and press Enter. Close Command console.
8. If your Desktop is empty, then click Start, Run, type %UserProfile%\desktop and press Enter. It will open a contents of your desktop.
9. Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
10. Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
11. If an update is found, it will download and install the latest version.
12. Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
13. Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows XP Fix infection. This procedure can take some time, so please be patient.
14. When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
15. Make sure that everything is checked, and click Remove Selected for start Windows XP Fix removal process. When disinfection is completed, a log will open in Notepad. Reboot your computer.
16. Windows XP Fix may be bundled with TDSS trojan-rootkit, so you should run TDSSKiller to detect and remove this infection.
17. Download TDSSKiller from here and unzip to your desktop. Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon. You will see a screen similar to the one below.
TDSSKiller
18. Click Start Scan button to start scanning Windows registry for TDSS trojan. If it is found, then you will see window similar to the one below.
TDSSKiller – Scan results
19. Click Continue button to remove TDSS trojan.
If you can`t to run TDSSKiller, then you need to use Combofix. Download Combofix. Close any open browsers. Double click on combofix.exe and follow the prompts. If ComboFix will not run, please rename it to myapp.exe and try again!
20. Your system should now be free of the Windows XP Fix virus.
Windows XP Fix removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Windows XP Fix creates the following files and folders
%UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
%CommonAppData%\[RANDOM]
%CommonAppData%\~[RANDOM]
%UserProfile%\Desktop\Windows XP Fix.lnk
%CommonAppData%\[RANDOM].exe
Note: %CommonAppData% is C:\Documents and Settings\All Users\Application Data (for Windows XP/2000) or C:\ProgramData (for Windows 7/Vista)
Windows XP Fix creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM].exe
It worked perfectly … thank you SO much. Very clear and easy to follow steps. I was about to reinstall windows and lose all my data … when I found your site! I noticed the “Windows XP Fix” icon is now on my desktop … is that just something I can delete … or is the file still hiding somewhere else?
Thanks,
Don
Don McLeod, manually remove this icon.
Many, many thanks. I have successfully removed windows XP fix after your excellent instructions. Nothing appeared on the TDSKiller, and the computer seems to be functioning properly. I just wondered, Windows XP Fix still appears on my list of programms from the start menu and there is an option to uninstall….does this mean I still have the problem? Also, how do I remove it from the list. Thank you so so much.
Jimmy, its only an icon. Simply right click to it and select Delete.
Well i followed all the directions above but all my software is gone. How do i fix this? Thank you.
thanks a lot for great support indeed. However I cannot bring back my desktop and task manager to work. Any comments please?
all of my folder icons are grayed out and none of my programs are showing up from the start menu, no favorites are under favorites but if I go through Start > run > %UserProfile%\Favorites I can see them in that window. How do I activate everything again.
Ran your program but half my desktop icons are still missing. Every two minutes, my computer tries to log onto the net by itself presumably to do more bad things. What else do I need to do?
Thanks for the tutorial on how to remove it. And now it seems fine but I still see “Windows XP Fix” on the Start menu and it has the option “Uninstall Windows XP Fix”. What should I do with that?
Also when I check the userprofile/application data folder, I still see the 16310052.exe (i modified it like in the video with a _ after the “2” though) there. Should I manually delete it? There are also 3 other files there with the same sort of series of numbers. Should I delete them too?
Please help!
Well, I wish my story had a happier ending. I followed all the steps, ran the MBAM, and when the computer rebooted, the desktop was there, at least some of it (the background had also been eliminated). I opened the still-hidden fils and folders but the missing documents and pictures were greyed out, in some folder, and .temp copies of stuff I’d written, saved, and deleted years ago. Plus XP-fix is still listed in the Start Menu (there’s an uninstall option, but I was afraid to touch it. So now, I’ve got a computer with some missing programs (including AOL) and all these weird, greyed out documents and pictures, which I can’t see to move to my new computer exceot bt emailing them one at a time. I thought about going to a re-set point, but that option is not in the start menu. Is there some step I’m missing, or am I just stuck?
Hi Patrik, thanks for the info, it really helped , but i am still unable to see my desktop normally, however i can see it through cmd prompt, not able to see all programs in start menu, pls help
Have unhidden all the files but still:
Will not let me do a system restore and
Still trying to log onto the website without my prompting.
Is my computer toast?
Why isn’t it illegal for people to do this?
Well, I wish my story had a happier ending. I followed all the steps, ran the MBAM, and when the computer rebooted, the desktop was there, at least some of it (the background had also been eliminated). I opened the still-hidden fils and folders but the missing documents and pictures were greyed out, in some folder, and .temp copies of stuff I’d written, saved, and deleted years ago. Plus XP-fix is still listed in the Start Menu (there’s an uninstall option, but I was afraid to touch it. So now, I’ve got a computer with some missing programs (including AOL) and all these weird, greyed out documents and pictures, which I can’t see to move to my new computer exceot bt emailing them one at a time. I thought about going to a re-set point, but that option is not in the start menu. Is there some step I’m missing, or am I just stuck?
I did all of the above but all of my programs are gone? How do I get these back?
Office and all of my programs are hiden or lost how do I get them back?
Just ran Kaspersky in safe mode. It found eight more viruses but now the computer won’t boot.
I did all of the above but my files are still hidden. How can I un hide them?
I’m afraid I’ve only had (for lack of a better term, “half a#$ed” results. While this page has been VERY helpful in getting me, a mere computer layman, to get this Windows XP Repair virus off to some extent it still appears to have a hold on my computer as my files are still hidden. Malwarebytes only found 3 files:
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
and TDSKiller found nothing. after my reboot the XP repair link was onmy desktop and I deleted it as suggested. I have Norton, Kerpersky, and Spybot on my computer and they don’t find anything either. They couldn’t even find the XP virus though. When the virus got in it shut Norton and Kerpersky off and I’m pretty sure this is all I’ve got. It’s the only virus I’ve ever had in 13 or 14 years of internet use.
Since your instructions are so easy to follow is there anything else you can offer me to help?
Thank you so much!!
To anyone. If your Start menu is empty you need to use the following steps:
Click Start, Run. Type
%temp%
Press Enter.
It will open a contents of Temp folder. Next open “smtmp” folder, next open a folder named “1” (one).
Right click to Start button. Select Open.
It will open a contents of “Start Menu” folder.
Copy all contents of “1” folder to “Start Menu” folder.
Now, I just did that BUT in my case I have the reverse. The 1 folder has no programs listed while the Start Menu Folder has 2 Corel folders and a Programs folder with SOME of the missing programs. These ones had the shortcuts appear on my desktop after the virus removal but they are still hidden and do not appear in the Start Menu at all. (the C Drive returned when I removed the virus but all the files on it still have a ghost image look to them rather than a solid one that I’m used to. The My Documents section has also vanished from the My Computer page but I can access it other ways.)
The other thing with the missing programs, they’re still installed because I went to the add/remove programs page and they’re all listed. They are also in the Programs Folder on the C Drive but still ghosted.
I’m sorry to be a pain if I am but I thank you for your help.
Patrick
I followed your instructions but still missing programs at start menu.The only programs there are the new Malware and Spybot which I just loaded. I do have my desktop Icons. I cannot find Office 2003 but if you go to control panel add and delet programs the programs are there just hidden some where. Any ideas?
Thanks
One other thing. I had to reinstall Spybot Search and Destroy after the virus was removed because it would not respond. There are several suspicious files inside the Update Folder that add up to 8.76 GB and I’m on dial up so it’s odd that such large files would be here. They have names like:
and they wont let me delete them. I had to reinstall Spybot under a new name to get it to go and I suspect these files. Could this be related o my problem and if so how do I remove them? I’ve tried making them unhidden, unread only and unarchived and they wont go.
Thanks!
Thanks! Followed all the instructions and it worked perfectly. Everything back to normal now!
I found my programs and desktop icons by going to start menu right click and going to properties and making sure it says read only box checked instead of Hide like mine was.
But I still cannot open outlook due to missing files and also my internet provider keeps tring to be changed when I click on it?
I wish there was a fix?
I’ve also completed all the instructions and all items in my Programs list say ‘Empty’ and my icons on the desktop are light in color. Any help is greatly appreciated!
Thank you!
Thanks a lot Patrick! that was the step i needed to get all the programs back!
GC and Enrique, read my previous comment (Comment by Patrik (Myantispyware admin) — July 11, 2011).
Thanks a million. Worked like a charm. Keep up the good work!
I think this virus might have destroyed the computer. When I tried to locate the folders to rename, I did not see any with the numbers or letters as indicated. I rebooted anyway and then tried the CMD and all it did was open a box that says “find program to open with”. Also, after the reboot, it disabled and AVAST software that I loaded last night. Any thoughts?
i cant even open the start section to even get anywhere…when i hover my curser over the icon i get the spinning wheel that just wont stop…should i take it to computer shop