XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Okay, I followed the instructions you gave me Patrik (thank you). And I have two more questions:
Do I try to delete the registry keys and values that the spyware creates, or does the Malware bytes get rid of it? And also, why are some of my icons on my screen not available when I click them and some require a program to open them (as if the programs were unknown to my computer), and when I try to use “Set Program Access and Default” my computer says “application not found”. Did the spyware screw up my programs or what? Please answer both questions, thank you!
Chris,
First step above should fix the trouble.
Anyway you need scan your PC with Malwarebytes to remove any associated malware.
Thank you for helping me get rid of pesky virus. I was a little confused by typing “command” in the Run box, but figured it out to be “notepad”. After that, it was all uphill.
I have tried all the recommended steps but when I reboot my pc I still have the XP program blocking my every move. Now when I go to my control panle it also blocks everything with the following prompt: C:\WINDOWS\system32\rundll32.exe Application not found. I need help PLEASE am so frustrated
Hi,
I’m still on step one. Notepad will not even let me save as for either option one or two. I just got the virus yesterday. Is it possible there’s something else is wrong?
Thank you so much! The second method worked. The thing is there were two rouge multipliers also installed, but Malwarebytes got rid of it(:
Hey, but I did what you told me to do with the first step above, but my files still need a program to open them, and when I try to open my “Set Program Access and Default”, I get a message saying “application not found”. Can you help me? (I’ve already run a lot of scans so don’t tell me to keep scanning.)
Kofi, open a new topic in our Spyware removal forum. I will help you.
Brian, you need use another computer to make fix.reg or fix.inf, then move it to your infected PC using a flash or cd disk.
Chris, the first step above should fix the troblem, it it does not help, then ask for help in our Spyware removal forum.
HELP, Been fighting this thing for a while now. Was XPSmart Security2010 then it was Antivirus XP I followed dir above MBAM and Spysweeper gave clean bill but the Phishing on off box keeps popping up and going away, can’t open any apps, webpages are still being hijacked,can not run command to open notepad now.
forgot to tell you that when I try to open Notepad now it comes up full of stuff I can’t read
I ran method 1 and it appears to have worked, however it somehow disabled my wifi on my HP laptop. Any suggestions?
Patrik, I will show you a video of my problems. Watch it please and tell me what I can do.
youtube.com/watch?v=B3rnnZp8LOM
Jenny, what shows your computer when you trying run “command” or another program ?
Chris, you can run command prompt by doing: Click Start, Run, type command and press Enter ?
I can do command prompt, but my “Install or Remove Programs” is gone. And entering the name of a program isn’t very helpful because most of the time my computer tells me that the name of a program isn’t a recognizable command.
Thanks a lot for your help! It was easy to use and removed the malware!
Folks, I am sure this worked well for some and not for others.
I am running Windows XP Professional and I’ve always manually been able to beat this virus… but not this time.
These instructions are very helpful, but it has taken me hours to complete.
I took the liberty to take a USB drive and downloaded MBAM, Avast (for a sanity check), and the REG fix to a USB drive.
Before my safe-mode methods were tried as per this site’s instructions; I installed Avast and it looked like it got rid of the virus, but that did not happen.
As I started with this site’s instructions, my system did go into safe mode, but then after the reboot… the infection got worse. I did it again and it happened again.
On my third attempt, I went a bit radical with the instructions. Here is the play-by-play…
1. Booted the machine in safe-mode and logged in as Administrator (not the auto-loaded admin-like ID I use all the time).
2. Ran the REG file and rebooted.
3. Booted back to Safe Mode with Networking as Administrator (not the auto-loaded admin-like ID I use all the time).
3B… Installed MBAM from the USB Drive; it updated automatically.
4. Ran the Quick Scan, cleaned the files (it indicated that not all files COULD be cleaned) and rebooted.
5. Same as step 3.
6. Same as step 4 – but now all files were cleaned.
7. Same as step 3.
8. Ran a Full scan; more viruses found, So I cleaned them and rebooted. (At this step, most of the infections were in the System Restore folder).
9. Same as step 3.
10. Same as step 6… everything was clean.
11. Rebooted normally; but somehow there was a “Open With” dialog box on the screen and some apps didn’t open in the Taskbar (a problem found with this virus).
12. Open Explorer (which was currently not harmed by this virus) and ran the REG fix again.
13. Rebooted and started Windows normally.
14. Ran MBAM in Quick Scan mode… more viruses found, all were removed and rebooted again.
15. Same as step 13.
16. Ran MBAM in Full scan mode… one final virus found (again, in the system recovery data).
17. Rebooted normally, ran an AVAST Quick Scan… no viruses found.
18. Turned on Windows Firewall (some reason, it was off).
Now all is well… and I’ve ages 9 hours in this process… but it was a good 9 hours.
Cheers… MikeA
Thank-you so much for the advice Patrick. I just wanted to share what worked for me with the other people who are experiencing problems even accessing the internet let alone this website on their infected pc.
I was actually looking at this website from my itouch while trying to deal with a computer that would not let me open any page whatsoever. After reading through the comments I noticed a user had mentioned that they actually tricked their comp onto going onto a website.
So first I did the run-command and opened up Notepad. Then what weorked for me to actually access the internet was going into my computer and accessing a web page from the address bar at the top of the page. This would let me access one website before going into crazy XP not let me open anything mode. So I had to close everything down, reopen “my computer” and type the address of this page exactly in the address bar.
From there I was able to copy and paste the code for fix.reg and continue on with the steps recommended.
I hope this helps all you non tech savy people out there like me. This website and detailed instrucions were very much appreciated. Thank-you Patrik!
chris, then you need follow the first step above, After that run Malwarebytes.
Cheers guys,
Lot’s of poking around and I had a wonky version of this virus that I didn’t see screen shots of anywhere… close though and I imagine there’s tons of different skins/versions.
WHAT WORKED FOR ME:
http://www.myantispyware.com/2010/01/28/how-to-remove-xp-internet-security-2010-xp-guardian-antivirus-xp-2010/
This file was download onto my HP desktop, and I am unable to do anything because whenever I try to log on, it immediately logs me off. I can’t do anything even in safe mode. What should I do?
Sarah, you have tried boot your PC in:
1. Safe mode with command prompt ?
2. Last good configuration ?
Method 1 worked right away (and it was easy). Thanks very much!
Hi! I was so happy to try this out, but I tried running method 2 and had no problems running MWB but when I run a quick scan it says nothing was found.
Furthermore, my McAfee says Real Time scanning is off and when I try to turn it on it shuts back off after a few seconds. I am afraid to do anything else, please help me! (I will try method one in the meantimetime)
I downloaded TDSSKiller and it messed with my .exe file extension. It won’t run my wireless internet anymore! It seems to have some problems with my .exe files.
Restore doesn’t do anything help! TDSSKiller was a bad move!
TDSS is bad bad news. Stay away from!
It is probably worth the $75 to let the guys at Geek Squad take care of it, other than wasting 2-3 days on something
Jai, update Malwarebytes and scan once again.