XP Security Tool 2010 or XP Security Tool is an updated version of earlier appeared XP Internet Security 2010, which is a rogue antispyware program. Both programs are identical except for their names and partially modified executable files, which is necessary in order to remain undetected by legitimate antispyware and antivirus applications. As before, this malware uses trojans to install itself. When the trojan is started, it will download and install XP Security Tool 2010 onto your computer with your permission and knowledge.
During installation, XP Security Tool 2010 configures itself run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including security applications.
Immediately after launch, XP Security Tool 2010 will start to scan your computer and reports a lot of various infections that will not be fixed unless you first purchase the software. Important to know, all of these infections are a fake and do not actually exist on your computer. What is more, the rogue will also hijack Internet Explorer and Firefox and display fake warnings when you opening a web site.
As you can see, XP Security Tool 2010 is a scam and should be removed from your computer upon detection. Do not be fooled into buying the program! Instead of doing so, follow the removal guidelines below in order to remove XP Security Tool 2010 and any associated malware from your computer for free.
Use the following instructions to remove XP Security Tool 2010 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Security Tool 2010 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Security Tool 2010 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Security Tool 2010. MalwareBytes Anti-malware will now remove all of associated XP Security Tool 2010 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Security Tool 2010 creates the following files and folders
%AppData%\ave.exe
XP Security Tool 2010 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
I tried both methods. I got it all cleared I think, but when I open up my Security Center it says that my firewall and virus protection is not being monitored. I was wondering how it can be turned back on?
Rebecca, your antivirus is enabled ?
Yes it is enabled and I can’t do a system restore besides on the date that my computer got infected.
i got the virus protection and firewall to work. I just cant get the system restore to work right.
I have struggled with this for 2 days. I had the xp security tool popups, and ran AVG as soon as they appeared. AVG did not clean it. I tried to run antimalware and it would not open. I restarted in safe mode, and popups appeared there. I tried cntrl alt del at start up to see the processes to stop (another forum tip), and did not see a process to choose. I no longer have the popups but I was at the point where when I attempt to open any program, the “Open With” screen appears. I decided to try the option #1 above. I know nothing about registry files and was reluctant to modify them. With my desktop essentially inoperable anyway I took the chance. I was able to reinstall the Antimalware, update it, and run the scan. The infected files were successfully removed. I am so grateful to everyone that posted their experiences, and the guru that came up with this fix. My virus came from an infected email that had “Facebook” as the sender, and “New Password” in the subject. I thought it was a real email when I opened it. There should be some way to hunt down the virus programmers and make them pay us for the time and money spent removing their evil.
you guys are great and have saved my computer
hi there, I was just wondering if this is a real site or not. I have the clean up anti virus on my computer and i really need to get it off. but i am a little unsure whether this program is legit or not
Hi Patrick,
Ive signed up + registered a user name for myself so i log into the forum but how do you create a new post ? & is there something specific you would like me to call the thread/topic so you can go straight to it to do a check on my pc
Rachel, “clean up anti virus” is a fake antivirus. Follow the instructions to remove it.
Si, log into forum, the follow the steps (2-4).
I used the instructions to clean two laptops using XP, one will now not access the Internet one will. I used the same steps for both, help! over 5 hours spent on research and diagnosis so far.
Hallo patrik ich kann
editor nicht öffnen was muss ich tun ?
Brian, try the following:
Click Start, Run, type regedit and press Enter.
Registry editor opens.
Navigate in the left panel to HKEY_LOCAL_MACHINE \ SOFTWARE \ Clients \ StartMenuInternet \ IEXPLORE.EXE \ shell \ open \ command
I the right part of window click twice to “@”. You will see a screen with the contents like below: “C:\Documents and Settings\user\Local Settings\Application Data\av.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
Remove left part, leave only “C:\Program Files\Internet Explorer\iexplore.exe”.
Reboot your PC and try open any site.
Hi Patrik, Many thnaks for your help with this – the active x controll pop up appears to of now stopped (thankfully) – HOWEVER, in a total seperate issue to the active x controll & XP security tool issue i did have but is now resolved, I think recently i may have a trojan or some form of other virus that has now come onto my comp (unrelated to any of what i did have on pc) my computer is decided to occasionally and randomly load up a few blank web pages every now and again, and with this i kept getting a windows debug fix message /promt, and after looking this up on google, ive manageed to disable these debug pop-ups, however – when i load my pc up first thing i now get a (explorer.exe.error) message/pop-up saying:
0x76f2345a referenced memory of 0x76f2345a
I have ran malware system scan and within the 1st 20 mins of scanning it did find 3 Infections, however when i do perform a ‘quick’ scan like you reccommend, it seems to take for ever to scan and never actually finishes scanning, so how do i stop or pause the scan – and actually delete the threat thats on there that malware bytes has found.
Ive tried temporarily pausing the scan and tried clicking on the other tabs in malwarebytes (i.e quarantine) etc but it just doesnt do anything. My only options seem to be to perform scan (which never seems to end!), pause scan or exit ?
If you could tell me were i can go from here i would be incredibly greatfull :0)
Many Thanks again.
SI, please start a new topic in our Spyware removal forum. I will check your PC.
I cant do any of this to get rid of the cirus because after the Dell welcome in part my computer goes blank and will not even sign into safe mode! what can i do??? i need to get this sorted the laptop isnt mine im really worried any help on what i could do even if i need to wipe the computer completely im happy to do anything!
I meant virus*
Kim, you can open F8 menu (advanced menu) ? if yes, you have tried Last Good Configuration option ?
I got the Security Tool virus, and followed both methods and they work while I am in the current session, but once I restart my computer the Security Tool popups return. Any suggestions?
Scott, looks like your PC also infected a hidden trojan that reinstalls the rogue. Please start a new topic in our Spyware removal forum. I will help you.
Got seurity tool virus last week, followed the rkill and malwarebytes programmes and seemed to get rid of it. Everything worked a treat after that. However while working on computer yesterday the desktop froze and I couldn’t open any icons. Tried to restart but still won’t open properly. When it opens as far as desktop still can’t open icons. Start won’t work, right click mouse won’t work, ctrl,alt,del won’t work. Ran malwarebytes scan and removed 8 infected files, still no joy.
Where do I go from here?
Just downloaded superantispyware in safe mode and it won’t run, I get a message saying: “The system administratos has set policies to prevent this installation”
Diane, please begin a new topic in our Spyware removal forum. I will help you.
Everytime i type command this freaking security tool stops it from opening.
whyohwhy, try the instructions.
I used two method step 1 and use ANSI but this message appear “THE SPECIFIED FILE IS NOT A REGISTRY SCRIPT.YOU CAN ONLY IMPORT BINARY REGISTRY FILES FROM WITHIN THE REGISTRY EDITOR ”
what can i do?
soli, try second method of first step.
ok i did every thing still dosent work
arianna, ask for help in our Spyware removal forum.
You can’t load anything while the virus is active