Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

How to remove Windows XP Repair virus

Windows XP Repair is a malicious program that pretends to be a computer defragmenter and system analysis software. It hijacks your computer, blocks Windows legitimate applications from running, presents various fake critical errors alerts that the computer’s hard drive is corrupt in order to frighten you into purchasing this useless application. Do not pay for the bogus software! Simply ignore all that it will display you and remove Windows XP Repair from your computer as quickly as possible!

Windows XP Repair is promoted and installed itself on your computer without your permission and knowledge through the use of trojans or other malicious software as you do not even notice that. Moreover, the authors of of the fake program may also distribute this malware on social networks (Twitter, My Space, Facebook, etc) and spam emails. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your PC.

Once installed, Windows XP Repair will be configured to run automatically when Windows starts. Next, the rogue does a fake scan of your computer then tells you it has found numerous critical errors, e.g. “Drive C initialization error”, “Read time of hard drive clusters less than 500 ms”, “32% of HDD space is unreadable”, “Bad sectors on hard drive or damaged file allocation table”, etc. It will require you to pay for the fake software before it “repairs” your machine of the problems. Of course, all of these errors are a fake. So, you can safety ignore the false scan results.

In addition to the above-described, while Windows XP Repair is running, it will block legitimate Windows applications on your computer and won’t let you download anything from the Internet. Last, but not least, the rogue will display numerous fake warnings and nag screens. Some of the warnings are:

The system has detected a problem with one or more installed IDE / SATA hard disks.
It is recommended that you restart the system.

Critical error
Windows can`t find disk space. Hard drive error.

System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

Windows – No Disk
Exception Processing Message 0×0000013

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

Of course, all of these warnings are a fake. This is an attempt to make you think your computer in danger. Like false scan results you can safely ignore them.

What is more, Windows XP Repair hides files and folders on your system drive (disk C by default).
To see all hidden files and folders you need to open Folder options (Click Tools, select Folder Options, open View tab). Select “Show hidden files and folders” option and click OK button.

As you can see, obviously, Windows XP Repair is a scam, which created with only one purpose – to steal your money. Most important, don`t purchase the program! You need as quickly as possible to remove the malicious software. Follow the removal instructions below, which will remove Windows XP Repair and any other infections you may have on your computer for free.

Automated Removal Instructions for Windows XP Repair

1. Click Start, Run and type in Open field: %allusersprofile% as shown below.

2. Press Enter. It will open the contents of All Users folder.

3. Windows XP Repair hides all files and folders, so you need to change some settings and thus be able to see your files and folders again. Open Tools menu, Folder Options, View tab. Select “Show hidden files and folders” option, uncheck “Hide extensions for known file types”, uncheck “Hide protected operating files” and click OK button.

4. Open Application Data folder and you will see Windows XP Repair associated files as shown below.

5. Basically, there will be files named with a series of numbers or letter (e.g. 2636237623.exe or JtwSgJHkjkj.exe), right click to it and select Rename (don`t rename any folders). Type any new name (123.exe) and press Enter.
You can to rename only files with .exe extension. Its enough to stop this malware from autorunning.

6. Reboot your computer.

7. Now you can unhide all files and folders that has been hidden by Windows XP Repair. Click Start, Run. Type cmd and press Enter. Command console “black window” opens. Type cd \ and press Enter. Type attrib -h /s /d and press Enter. Close Command console.

8. If your Desktop is empty, then click Start, Run, type %UserProfile%\desktop and press Enter. It will open a contents of your desktop.

9. Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

10. Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

11. If an update is found, it will download and install the latest version.

12. Once the program has loaded you will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

13. Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows XP Repair infection. This procedure can take some time, so please be patient.

14. When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Windows XP Repair remover
Malwarebytes Anti-malware, list of infected items

15. Make sure that everything is checked, and click Remove Selected for start Windows XP Repair removal process. When disinfection is completed, a log will open in Notepad. Reboot your computer.

16. Windows XP Repair may be bundled with TDSS trojan-rootkit, so you should run TDSSKiller to detect and remove this infection.

17. Download TDSSKiller from here and unzip to your desktop. Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon. You will see a screen similar to the one below.


TDSSKiller

18. Click Start Scan button to start scanning Windows registry for TDSS trojan. If it is found, then you will see window similar to the one below.


TDSSKiller – Scan results

19. Click Continue button to remove TDSS trojan.

If you can`t to run TDSSKiller, then you need to use Combofix. Download Combofix. Close any open browsers. Double click on combofix.exe and follow the prompts. If ComboFix will not run, please rename it to myapp.exe and try again!

20. Your system should now be free of the Windows XP Repair virus.

Windows XP Repair removal notes

Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.

Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.

Windows XP Repair creates the following files and folders

%UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
%CommonAppData%\[RANDOM]
%CommonAppData%\~[RANDOM]
%UserProfile%\Desktop\Windows XP Repair.lnk
%CommonAppData%\[RANDOM].exe

Note: %CommonAppData% is C:\Documents and Settings\All Users\Application Data (for Windows XP/2000) or C:\ProgramData (for Windows 7/Vista)

Windows XP Repair creates the following registry keys and values

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM].exe

Windows XP Repair removal – Video guide

June 21, 2011 on 12:35 am | In Malware removal, Rogue Anti Spyware | 13 Comments |


13 Comments »

RSS feed for comments on this post.

  1. i have this windows 7 repair virus
    i tried to search %allusersprofile% but the computer wasnt able to find it

    Comment by marwa — June 25, 2011 #

  2. Thank you!!! I can hardly believe my day-and-a-half long nightmare is over! At first I tried a couple of different “virus killers” from other sites, along with the instructions they came with, but they didn’t work. It took a while, but I followed your instructions step by step and, thank goodness, now that horrible infection is gone!! I didn’t even need to download to TDSSKiller. :-)

    Comment by B. J. — June 25, 2011 #

  3. marwa, try once again.
    It should work.

    Comment by Patrik (Myantispyware admin) — June 26, 2011 #

  4. Ok this seemed to have worked, except, NOW everyfolder in my programs menu, shows as empty. How do I restore it?

    Comment by Stu — June 26, 2011 #

  5. Thanks for helping me get rid of this vindictive virus and for showing me how to display my desktop files. Thanks

    Comment by Sandy Webster — June 27, 2011 #

  6. Amazing!
    Big thanks for a thorough and effective instruction / VDO.
    :-)

    Comment by Pol — July 2, 2011 #

  7. Thank you from one happy camper. I owe you one cold drink and one internet diamond.

    Comment by jlarrym — July 6, 2011 #

  8. hey i followed all the steps and yet none of my programs show up on my start menu and all my desktop icons are showing up but they look kinda lighter, like they are hidden folders. how do i restore everything

    Comment by andrew — July 10, 2011 #

  9. I ahve the same problem as andrew. Also, all my favorites in the browser are gone and windows system restore will not work.

    Comment by phillip — July 12, 2011 #

  10. Hello! Thank you for sharing the instructions. I am experiencing the same issue as Andrew. I can see my desktop icons but they are light and there is nothing appearing in my programs menu. Did I miss a step or could I have another virus? Thanks!

    Comment by Lisa — July 13, 2011 #

  11. I’m having the same issue as everyone else. All items are missing in the programs menu. Any ideas?

    Comment by Adrian — July 25, 2011 #

  12. m a different bulletin board (Deletemalware.blogspot)
    I’ve seen this infection quite a bit over the last few weeks. The missing items from the start menu are hidden in the user application data folder. The folder that they are in is called “smtmp” and inside of this folder are 2 to 4 subfolders which have everything for you to copy and paste back into the respective start menu location.
    July 9, 2011 11:06 PM

    Comment by Adrian — July 25, 2011 #

  13. Excellent!!!!!!!!!
    I couldnt right click on the desktop, task manager was dissabled, the real system restore had been dissabled by the virus, my start menu was missing and on an on.
    I followed the steps carefully and it worked. Task manager was accessible and I could use the ms system restore to roll back before the problems occured. I then repeated all the steps again as the rollback could pottentially bring the virus back again.

    Comment by Fred — October 22, 2011 #

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.