XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
If you are having problems removing this popup malware, another suggestion is to restore your registry to a point just before you got it. Say a couple of days ago.
RUN/Programs/Accessories/Systemtools/SystemRestore
OMG…you guys are awesome!!!!!! Worked perfectly. I have Mcafee installed and it did nothing to protect my computer!
patrik – after removing xp guardian thanks to this website i have been infected again (i know!!) when i double clicked exefix.reg i have an error message “Not all data was successfully written to the registry. Some keys are open by the system or other processes” please help!
ambia, try stop av.exe process (core component of the rogue) using the following steps:
Download OTM by OldTimer from here, but before saving, in the Save dialog, rename otm.exe to otm.com and save it to your desktop.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:processesav.exe
Click the red Moveit! button. Close OTM.
Now try run fix.reg once again.
When I run the fix.reg it says the admin. will not allow it how do I fix this.
hi Patrick,
i am new on that problem.
i run several times fix.reg and reboot also several times but now when i try your link to go to download thé software a pop up appears saying IE meet a problem and must close.
So i cant download it!!
do you have an idea for me pleaaaase?
thx you so much
Hi Guys, this worked a treat on my wife’s laptop that was infected with “XP Guardian 2010” I just followed your instructions and it’s all OK, touch wood!!!!! One thing though I tried running the reg file on my own PC desktop just because Ifound your site on my machine and I created it in my notepad but it does not run on my machine. So somewhere my PERMISSIONS are set to stop *.reg files from running, Any ideas what it would be, as I have tried running a .reg file before.
Many thanks Ron
my computer will no longer boot up in safe or normal in save it stops and shows what is was loading in normal it is just blank screen. Please help
fantastic! worked perfectly!
Hello my computer is infected with xp guardian I need help I want to know for step 1 when you said “copy and paste the text below” is that text from my computer ?
Worked A Treat
Instructions are clear and concise
Thank you! I have no idea how I got this persistent bug, but following your steps allowed me to get rid of it! Everything is back up and working fine. Thank you!
Sean, download HijackThis from here, but before saving, rename HijackThis.exe to HijackThis.com and save it to your desktop.
Run HijackThis. Click “Do a system scan only” button.
Now select the following entry by placing a tick in the left hand check box, if present:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1Once you have selected this entry, close all running programs then click once on the “fix checked” button.
Reboot your computer.
Try run fix.reg once again.
Greg, boot your PC in Safe mode with networking and try download Malwarebytes once again.
I am sorry about the long comment that follows. I just wanted to thank you so much for your superb advice.
I know absolutely nothing about computers, but I was able to follow your instructions and get rid of (the incredibly annoying and persistent) XP Internet Security 2010 trojan within half an hour.
I had already phoned some computer consultants (who were going to charge £50+ per hour and could not deal with my problem for several days).
The IT department at my work just told me that (1) they couldn’t connect my computer to their network, for fear of further infection; (2) they couldn’t download any antivirus programme onto a memory stick etc. due to breach of copyright; and (3) my only solution would be to buy Macafee or a similar anti-virus CD.
I was worried about following online instructions, in case I was unwittingly downloading more viruses or making things worse, but following your instructions made my computer usable almost immediately and for free. I cannot tell you how grateful I am.
Thank you so much.
Patrik,
I hope that you maybe able to help me as my laptop has been infected by the XP Guardian 2010 ALERT virus. A few weeks ago, it was infected by a similarly-named virus, which i thought i had removed by doing a system restore, only for it to return a few days later, but this time as the XP Guardian 2010 ALERT virus. It then stopped me from doing any more sytem restores and i was not able to connect to the internet either, so i went on line on another laptop and followed your advice about using Google Chrome to download the anti-malaware software and ran the san and got rid of all the infections, which seemed to have worked for a week, but now it is back again and this time i not only cannot use the internet, but it is also stopping me from running both Goggle Chrome and the downloaded anti-Malaware scan on my desktop. What can i do?
Ron, Malwarebytes should fix it. If still having this trouble, then ask for help in our Spyware removal forum.
Sean, try boot your PC in Last good configuration.
henry, this text have gray color.
Richard,
1. run fix.reg, then Malwarebytes.
2. if 1, does not work, try boot your PC in Safe mode, then run Malwarebytes.
Thank you very much for this. Worked like a charm.
thanks for that Patrick – that seems to have worked, but i did this last time and it still came back, so wont it just return again in a week’s time? Is there anything else I should be doing to prevent it coming back? I did a full scan, but it did not pick anything else up?
Hi,
I’m no expert but by following the instructions carefully I got rid of this f…@!#*!
After the purge process, I checked with Windows defender and all seems clean. Many Thanks!
Great thanks! people like yourselves who provide solutions such as these are a credit to the internet great walk through!
Richard, you should protect your PC.
1. use good antivirus and antispyware.
2. use firewall
3. use an alternate browser.
4. be careful when opening attachments and downloading files.
Patrik, thanks for your advice, but can i just clear up a couple of things with you re protecting my PC …
1/I have McAfee, but that seems to have done nothing to protect me at all re this virus?? Can you recommend some good, possibly free, antivirus and antispyware for me to download to help protect me from viruses such as these?
2/When you say “use firewall”, my McAfee tells me that I have firewall protection, which obviously has not helped me re this last virus? Anything else that I can do then re this …?
3/When you suggest using “alternate browser”, what do you mean?
4/How should i be careful when opening attachments and downlaoding files, i normally just save them to my desktop?
Exactly what I was looking for, this virus has been giving me hell for a week now. Thank you so much!
Kudos – worked perfectly…thanks!!!
MalwareBytes will simply not install. And I can’t seem to get into Safe Mode. Like the other times I’ve gotten this thing, it grows into a festering mess until no option is left but to refresh.
I’ve been getting this virus for about 6 months. It’s only changed it’s name. I’ve gotten it on 3 different computers. All three I’ve had to completely dump and refresh. My fourth computer (new laptop) has held strong (Norton Symantec). But this latest incarnation of the virus checked right past Norton on my desktop and a refresh is in my near future once again.
I followed these instructions and when I reboot all of my .exe files are disabled and I can’t run the malware.exe file.
I have run the .reg file over and over and rebooted over and over. Malwarebytes install will still not run.