XP Security Tool 2010 or XP Security Tool is an updated version of earlier appeared XP Internet Security 2010, which is a rogue antispyware program. Both programs are identical except for their names and partially modified executable files, which is necessary in order to remain undetected by legitimate antispyware and antivirus applications. As before, this malware uses trojans to install itself. When the trojan is started, it will download and install XP Security Tool 2010 onto your computer with your permission and knowledge.
During installation, XP Security Tool 2010 configures itself run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Immediately after launch, XP Security Tool 2010 will start to scan your computer and reports a lot of various infections that will not be fixed unless you first purchase the software. Important to know, all of these infections are a fake and do not actually exist on your computer. What is more, the rogue will also hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Security Tool 2010 is a scam and should be removed from your computer upon detection. Do not be fooled into buying the program! Instead of doing so, follow the removal guidelines below in order to remove XP Security Tool 2010 and any associated malware from your computer for free.
Use the following instructions to remove XP Security Tool 2010 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Security Tool 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Security Tool 2010 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Security Tool 2010. MalwareBytes Anti-malware will now remove all of associated XP Security Tool 2010 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Security Tool 2010 creates the following files and folders
%AppData%\ave.exe
XP Security Tool 2010 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Giancarlos, open the page, scroll down to Download links and click to an one.
i have done both of the above and neither of them have worked and av read all throgh this and changed the things that have told to other people by saving it and things like that. any ideas of what i can do as i have this on my and laptop and am jst about to go crazy so any help will do thanks?
Hi Patrik, i followed the method you have advised of above in relation to the active x controlls pop up box issue i keep getting, but even after selecting the options you have mentioned, this didnt seem to work as immediately the same pop up box appeared ??
Why is everybody ignoring my post? Just download Superantispyware and you will get rid of it…honest!
WHY ALL THE GEEK SPEAK. THIS FREE TOOL KILLS IT DEAD
DOWNLOAD THE FREE SCANNER TO A JUMP DRIVE ALSO.
http://www.superantispyware.com/blog/
CHEERS CHRISTOPHER
Thanks a Lott, it works very well.
Thank you very much
the people that having problems doing the above if you put your clock on your P.C forward by 8 days that will stop it working so you can do the info above, as that EXE that stopping you
Si, open a new topic in our Spyware removal forum. I will check your PC.
So I followed these instructions and it looks like the virus is gone, but now windows wont let me open any anyi-virus programs. i cant open norton, avg, or Malwarebytes Anti-malware
also, once i run that.inf for the first time, do i have to delete it?
Tony, try repeat the first step. If it does not help, then ask for help in our Spyware removal forum.
Like Katrin, when I rebooted my machine, it took control of my administrator function and won’t let me run any anti-virus programs (even if I change the name to try to throw the virus off from detecting it)–it just asks me which program do I want to open it with. I tried #2 but after clicking start/run, it won’t allow me to type “notepad”. It just closes out on me. I’m at a loss of what to do!
first reg.fix option worked for me on 2 different machines both xp pro. does this fix work on vista etc as well?
Beatrice, you need type “command” w/o quotes and press Enter. Command console opens. Now type notepad and press Enter.
Chris, yes the fix works on Vista too.
Arrgggh!!
I tried method 1, which seemed to stop those scans and alerts popping up and allowed me to browse. When I go to the malwarebytes site it takes me to Spyware Doctor which i already have on my pc, when i click on run smart update it fails and says my subscription is out of date, which I know is still ok until end of Aug. My norton still wont open, so I tried installing it again and i also installed spyware doctor…then guess what happened? The xp security tools 2010/my security engine came back! The original fix.reg wont work and when I go to run and type command it now says “command Attempt to access invalid address”. So got any more ideas please. Been sat here since 6 pm and its now 9.30 pm!!!
Patrik: Sorry, i meant to include that I typed “command” to type “notepad” but after typing command, I get an error message:
C:\WINDOWS\system32\command.com
C:\WINDOWS\SYSTEM32\AUTOEXEC.NET. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose ‘Close’ to terminate the application.
This virus has disabled all my admin functionality. I can’t open any programs/files that’s been downloaded to a CD or memory stick. I can’t boot from my CD drive (even though I already went in to system set up and changed the order so that my CD drive would run first when I boot up my system). I can’t do system restore or access the internet. I think my computer’s toast…
Mandy, you have tried method 2 ?
I can’t try method 2 on account of getting as far as typing “command” a box appears with “command Attempt to access invalid address” and won’t let me proceed any further. 🙁
Beatrice, try the following instructions:
1. Copy notepad.exe from c:\windows\system32 to your desktop
2. rename notepad.exe to notepad.com (try also notepad.scr) and then run it
3. notepad opens, follow the steps above
Mandy, ok. Try the steps from my previous comment (to Beatrice).
I have removed the rogue spyware by using my system cd and recovery discs. I have installed norton 2010. How do I stop the xp security tool 2010 and my security engine attacking my laptop again?
Thanks
Hi Patrik,
I followed your instructions and renamed the notepad.exe file (with both names) on my desktop but I got the usual “Choose the program you want to use to open this file:” It won’t allow me to run it…
I also noticed that even though I name the file with a different extension, it still attaches the exe to the new name (ex. notepad.scr.exe).
Mandy, to protect your computer, install also an antispyware program (SpyBot, AdWare, etc).
Beatrice, you need uncheck “Hide file extensions for known types” option.
Click Start.Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Uncheck the Hide file extensions for known types option.Click Yes to confirm. Click OK.
Now try rename notepad.exe once again.
I’ve had serious problems with getting rid of this. I’ve tried both methods and thought i’d been successful after it didn’t appear after a restart.
But the malwarebytes scan seemed to keep getting stuck while scanning the rundll32 file, and – after two attempts at running the scan – the xp security tool kicked back in.
Any help would be greatly appreciated.
Also, when I try to install method 2, I get a windows dialog box which says \windows cannot open this file: grpconv.exe\ it then givese the option to either use the web service to find the appropriate program or to select from a list.
Brilliant – thanks.
thanks heaps method 2 worked for us with some help from my patient wife cheers.
Paul, try use exehelper (look my comments above).