XP Security Tool 2010 or XP Security Tool is an updated version of earlier appeared XP Internet Security 2010, which is a rogue antispyware program. Both programs are identical except for their names and partially modified executable files, which is necessary in order to remain undetected by legitimate antispyware and antivirus applications. As before, this malware uses trojans to install itself. When the trojan is started, it will download and install XP Security Tool 2010 onto your computer with your permission and knowledge.
During installation, XP Security Tool 2010 configures itself run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Immediately after launch, XP Security Tool 2010 will start to scan your computer and reports a lot of various infections that will not be fixed unless you first purchase the software. Important to know, all of these infections are a fake and do not actually exist on your computer. What is more, the rogue will also hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Security Tool 2010 is a scam and should be removed from your computer upon detection. Do not be fooled into buying the program! Instead of doing so, follow the removal guidelines below in order to remove XP Security Tool 2010 and any associated malware from your computer for free.
Use the following instructions to remove XP Security Tool 2010 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Security Tool 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Security Tool 2010 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Security Tool 2010. MalwareBytes Anti-malware will now remove all of associated XP Security Tool 2010 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Security Tool 2010 creates the following files and folders
%AppData%\ave.exe
XP Security Tool 2010 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Thank you, method 1 worked just fine. Thank you very much 🙂
Jon, repeat first step, then run Malwarebytes (don`t reboot before malwarebytes).
Downfall, try update Malwarebytes and scan once again.
Thank you very much…Method 2 worked for me. Your advice couldn’t have come at a better time!
Can you please help? I recently had XP Security Tool 2010 and I got it off my laptop but when I get on Google or any other search engine and I type something and get the results and click on a link I want, I get redirected to another website than the one I wanted. What is this and why does this keep happening? Is it related the XP Security Tool 2010? Help please
Thanks a million, looks like method 2 worked for me so I am hoping that this will do it.
Who wrote this has too much time on their hands for sure.
MJ, looks like your computer is infected with TDSS trojan. Follow the instructions.
April 13th 2010
Comment by Pensioner
Thanks a lot so far so good Firewall is ‘happy again’! back on and no unwanted dialog boxes appearing.
Hello, I was infectd with Security Tool in my new Windows 7. It blanked my desktop screen (turned it black, icons disappeared) and it blocked any attempts to load anti spyware programmes, telling me they were infected, except for one (which is free)called “Superantispyware”. It was able to override the error messages from Security Tool, and peformed a complete scan for me. It identified lots of malware, including three rogue security programmes, one of which I presumed was Security Tool, as it didn’t name them. After the scan, Superantispyware invited me to delete all the malware it had found, and to reboot my computer. When I rebooted, Security Tool had gone and my desktop and icons were restored. So I would suggest that others try this. Just download the Superantispyware at google. Good luck, Miriam
I had this same problem a while back,unable to solve it ended up having to do a reinstallation of XP, phew! So thanks once again I used Method 2 and it only took a few minutes following the above instructions.
Started off with XP Internet Security, seemed to remove it, then popped up with Antivirus XP, did fixexe and ran Malwarebyte several times, once in safe mode. Got the website redirect today, sure enough a few minutes later up pops XP Security Tool 2010. (The others did not have 2010 in their “titles”). Malwarebyte is running, but so far has found NOTHING. So confused.
Feel like I’m up against a wall here. Harddrive could probably use a good re-formatting, but I would love to avoid it if possible. Pretty non-techie, too – is this what is called a “trojan” since it keeps re-infecting? Or am I reinfecting from the internet? I have a firewall up with McAfee. So far seems pretty harmless compared to what I’ve seen can happen, so is there hope??
Any help is greatly appreciated.
Also, used a thumb drive to load Malwarebyte and Fix.exe, should I be suspicious of this thumb drive now with other computers? I have a couple of pics I’d like to pull off to the Mac – would that be a risk? (from what I’ve heard, it shouldn’t be) After that I’d have no problem trashing the drive.
Thanks again.
Sarah, open a new topic in our Spyware removal forum. I will check your PC.
And to second question, I think, no risk here.
I want to thank you and Malwarebytes.
You have saved me a lot of headaches.
I had to use method 2 as method 1 did not take.
Who are these people and can we meet them and give them a dose of their own medicine?
Thanks again.
Don
Well, the process worked but my system got re-infected within an hour.
I am running Zone Alarm extreme security and don’t get how this junk continues to come through.
Don
I tried Method 1, and got an error:
Cannot import C:\Documents and Settings\sn313523\Desktop\fix.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor.
And when trying method two, after clicking “install” nothing happens. Should something happen when I do this? If so, what is it?
Don, looks like your computer is infected with a hidden trojan (probably Vundo trojan) that reinstalls this malware. Open a new topic in our Spyware removal forum. I will check your computer.
Nate, check twice your fix.reg. It should have “Windows Registry Editor Version 5.00” as first line, in Save dialog you should select ANSI in encoding field.
Worked perfectly (method 1), thank you
Thank you so much. Method 1 worked perfect. Again thank you so much for this info
Method 1 worked like a charm. Nice work fellas, I was bricking it a bit – this is my works computer!!!
thank you so much! i did both steps 1 & 2 & the XP security tool 2010 is gone i think. i am now trying to search on how to fix my windows update so it will install kb979683. everytime i go to a page with the steps listed to fix it, the page is completely blank. this is so odd! i am on my cousins pc right now, teh one who had the malware, & i went home to search it on my own pc & the pages loaded just fine there.
Worked like a charm (method 1), saves me reloading,thank you very much.
Hi Patrik, I have just loaded up internet explorer from start menu – rather than from the short-cut off the desktop as advised and this seems to load up google straight away without any fuss as thats what ive got set as my home page.
The only issue i still have, is that when i navigate to youtube for example of especially which requires something with Flash to run (and ive always had flash player installed + running on my comp b4 all this happened!) – it keeps coming up with the box
‘ Do you want to allow software such as ActiveX Controlls and plu-ins to turn on, -yes/no’ again ? Any ideas what i can do ??
ok its gone. i scanned twice. but i still get redirects when i search using all browsers . please help me
Thank You. Used method #2. Worked like a charm. Thank you very much.
Si, to turn off this message:
Run Internet Explorer, select Tools > Internet Options > Security > Local Intranet > Custom Level
Under the Run ActiveX controls and plug-ins select enable
charles, probably your computer is infected with TDSS trojan. Try the instructions.
How can I download malwarebytes. I’m confused
Having had a couple of attempts with method 1 fail, I tried method 2 which seems to have cracked it. I am very grateful. Excellent advice thanks.