XP Internet Security 2010 also known as XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro and Antivirus XP 2010, XP Smart security 2010, XP Defender Pro, Total XP Security is a rogue antispyware program that reports false infections and shows fake security alerts as a method of scaring you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will download and install XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) onto your computer.
During installation, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will register itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Once running, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will begin to scan your computer and list a large amount of infections. All of these infections are fake, so you can safely ignore them. What is more, while the rogue is running, it will display fake security alerts and notifications with “Spyware infection has been found” or “Tracking software found” header. However, all of these alerts are fake.
Last but not least, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) will hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) from the system for free.
Use the following instructions to remove XP Internet Security 2010 (XP Guardian, XP AntiSpyware 2010, XP Antivirus Pro or Antivirus XP 2010) (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Internet Security 2010, XP Guardian, Antivirus XP 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Internet Security 2010 (XP Guardian or Antivirus XP 2010). MalwareBytes Anti-malware will now remove all of associated XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following files and folders
%AppData%\av.exe
%AppData%\WRblt8464P
XP Internet Security 2010 (XP Guardian or Antivirus XP 2010) creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\av.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
*UPDATE*
I got mbam-setup.exe to work by changing it to mbam-setup.com. The virus appears to be gone (at this point), however my programs are unable to load due to the .exe problem. I seem to have Toya’s issue. I am unable to run anything without the “open with” box opening.
I have run the fix.reg a couple times. Still working it…
A file association fix cleaned it right up. Problems solved. If your .exe still aren’t letting you run programs try this site to associate the .exe back to defaults.
dougknox.com/xp/file_assoc.htm
This site helped me greatly Patrik. Hopefully I have the fixes and the “know how” for when this virus creeps back into my life.
Firefox, Opera …
McAfee is good AV, but you need use an antispyware program like Malwarebytes, SpyBot or SuperAntispyware.
Gary,make a new reg file with following contents:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
Double click the fix to merge it with Windows registry.
Many thanks for the info Patrick it has taken a couple of attempts today but at the mo all is well
will keep you up to date with this, one again thank you
Thanks. Followed instructions and worked like a charm!!!
Thanks for all the help! This was a pain in the rear, but I’m finally cleaned up.
I have NO idea how this thing got into my computer. I think the question needs to be asked “how the heck did this thing get through so many softwares that are supposed to protect computers? Is it just a brand new virus/malware? I have AVG installed, windows firewall activated, and Spybot TeaTimer scanning my computer as I use it. It just seems very peculiar that something would be able to beat ALL THREE lines of defense … withouot me being made aware that at least something was out-of-sorts.
Anyone have any idea how this thing is being so successful??
ian, probably it infected your pc through an exploit in your browser.
Got this stupid thing last night – have NO idea how – Happy Valentine’s Day to me, huh? Anyway, this helped SOOOOOO much! I haven’t had a virus or whatever this was in years – scared the crap out of me and I was terrified I’d have to reformat! Followed your instructions (had to download the files from another computer to a USB stick, but after a few hours, I was free of this thing! I have the same question as ian above – How did we get this? I have Zone Alarm (free) firewall, and Avast A/V installed. Avast is usually pretty good about catching this stuff, but dropped the ball this time. What’s up with that? Is there something better I should be using?
Thanks again!
hi have tried the details above when i get to the double click on fix log box comes up with application cannot be executed, the file is infected please activat software it did do this on trying to open the text box but i did close the box soi was able to save to desktop, have tried the hijack log but there was no HijackThis.com and save it to your desktop.
Run HijackThis. Click “Do a system scan only” button.
Now select the following entry by placing a tick in the left hand check box, if present:
O7 – HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
no seven on mine, i have run mwb once and it did detect and removed some i am curretmly runnina full scan with 14 detected so far. do i keep runnin mwab or do i need to remove from registry to. thank you
Worked great! Thanks.
I have completed the first step as stated on to remove this however it doesnt seem to make a difference. I stiil cannot access anything through IE! I can’t even get to the malware site on my desktop! What do I do now???????
BTW I am accessing everything through my laptop because nothing works on my desktop.
My system was infected today and caused some panic.
I have Spybot-Search&Display. The process is so simple.
1.Go to safer-networking org website
2.Select language
3.Click on the download icon on top right of the page.
4. Download from any source
5. Install and run
6. Do follow up ie; clear registry as you can select the option.
7. Restart system.
It should be safe.
Alternatively you can try Smitfraudfix. I have used both of these.
Please anyone tell whether this virus results in sharing our system information automatically
My registry editor was disabled so I enabled it and rebooted. Now it is stuck in an endless reboot.
It gives me 5 options, those when computer is not properly shut down.
SafeMode
“” with Net
“” with Cmd
Last Known Good
Normally
None of those work
Halfway in the boot up it stops and comes back
Now it has opened but Registry Editing has been disabled
Looks like XP Guardian has disabled Registry Editing and I am unable to enable it
Heather, download Malwarebytes to your current PC, then move it to infected computer using a flash or cd disk. Then go to step 1.
Nikhil, you can`t merge fix.reg to Windows registry ?
thanks!!!
Yes, when I click on it, it says “Registry Editing has been disabled by your adminstrator”
I am the admin and I have also changed “Prevent Registry Editing”‘s status from “Not Configured” to “Disabled”
It won’t still work.
My system was infected and caused some panic.
I have Spybot-Search&Display. The process is so simple.
1.Go to safer-networking org website
2.Select language
3.Click on the download icon on top right of the page.
4. Download from any source
5. Install and run
6. Do follow up ie; clear registry as you can select the option.
7. Restart system.
It should be safe.
Alternatively you can try Smitfraudfix. I have used both of these.
Please anyone tell whether this virus results in sharing our system information automatically
Un grand merci à vous !
followed your instructions and have my computer back . saved me money on store repairs. your a life saver and money saver. thank you.
Thankyou very very much for providing this page of info. Followed your instructions exactly and fixed my friend’s PC within minutes. Very simple! I take my hat off to you.
Hi.
I’ve got this bug yesterday, and I did both steps and it got removed (or it looks like it’s gone, anyway). But everytime I restart, it comes back when I open IE, even if it’s just Google. I can access IE if I shut down AV.exe, but I’d like to remove this thing completely. What can I do, when this doesn’t work? Is restoring really the only solution?
Nikhil, open a new topic in our Spyware removal forum.
My PC was infected by the XP Guardian virus.
I have run the fix.reg and rebooted.
Then I downloaded mbam-setup.exe and run it and restarted. Be aware not to run this program on the Windows
desktop, for that didn’t work, but run it with the DOS-prompt C: (out of Windows) and it worked.
The virus was gone. However my programs were unable to load due to the .exe problem. I was unable to run
anything without the “open with” box opening.
Also running the fix.reg again and reboot didn’t help.
Then I read the notes of Gary and dowdloaded the xp_exe_fix.reg file from the site
dougknox.com/xp/file_assoc.htm and unzipped it.
After run this reg-file, all file associations were repaired and everything worked as before.
Many thanks to Gary and Patrik.
Sophie, please open a new topic in our Spyware removal forum.