XP Antispyware 2011 is a rogue antispyware program from the same family of malware as XP AntiSpyware 2010, XP AntiSpyware, etc. It reports false infections and shows fake security alerts in order to trick you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will install XP Antispyware 2011 onto your computer without your permission and knowledge.
During installation, XP Antispyware 2011 registers itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including legitimate antivirus and antispyware tools.
Once running, XP Antispyware 2011 will begin to scan your computer and list a large amount of infections. It hopes that you will then purchase its full version. Important to know, all of these infections found are fake, so you can safely ignore them!
While the rogue is running, it will flood your computer with fake security alerts and notifications. Some of the alerts are:
Security breach!
Beware! Spyware infection was found. Your system security is
at risk. Private information may get stolen, and your PC
activity may get monitored. Click for an anti-spyware scan.
System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.
Last but not least, XP Antispyware 2011 will hijack Internet Explorer and Firefox and display fake warning when you opening a web site. The fake warning state:
XP Antispyware 2011 ALERT
Internet Explorer alert. Visiting this site may pose a security threat to your system
As you can see, XP Antispyware 2011 is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Antispyware 2011 and any associated malware from your computer for free.
Use the following instructions to remove XP Antispyware 2011 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Antispyware 2011 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Antispyware 2011 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Antispyware 2011. MalwareBytes Anti-malware will now remove all of associated XP Antispyware 2011 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Antispyware 2011 creates the following files and folders
%AppData%\pw.exe
XP Antispyware 2011 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Tried method 1 and 2 then running malwarebytes. Still cannot open firefox. All popups have stopped however.
thanks guys! method 1 worked for me. you guys rule 🙂
Thanks a lot for your help mate, I’m lucky I found this website.
Thanks a lot !!! I spent hours looking for a way to remove the annoying virus. Cheers from Canada 😀
Thank you so much! Method 1 worked perfectly.
so i did the method, am in the midst of running malwarebytes, but now i have the issue of everytime i run a program it says”this file does not have a program assosciated with it…fix?
Hola… muchas gracias, logramos reparar nuestro computador, EXCELENTE. Nos funciono con el metodo II; solo ustedes nos brindaron la segunda opcion. Nuevamente gracias!! … Merci beaucoup..!!
I need help. I did excatly as method one said and it all seemed to work, but when I logged back on and went onto my user it seemed to still be there, however on other users it isn’t.
What should I do, if there is anything I can do?
Method 1 worked. Phew ! thanks.
Thank you so much!!!!
Alastair, ask for help in our Spyware removal forum.
Having been hit by this rogue programme myself, I was amazed by the number of possible solutions I found on the internet, none of which seemed to be working well unless one bought Malwarebytes or similar anti-spyware product. Made me wonder who put XP Anti-spyware 2009-2010-2011 on the net.
Anyway, and please believe me this is TRUE, I finally found the right solution. It worked. It did not require a lot of manual fizzling with registry keys. It didn’t require the use of 2 or 3 seperate programmes. It’s FREE. And best of all: it’s made by Microsoft which makes it, in my opinion, a lot more trustworthy than any other source of remedies.
Now, you may dislike Microsoft for whatever reason, but, if you want to get rid of this bugger, use Windows Life OneCare.
In order to open a browser window in spite of XP Anti-spywarre’s highjacking attempts of all executables, open any local program which has an online Help menu item (I used Microsoft Excel). Internet excplorer will open without being highjacked and you can enter (copy-paste) the following URL in order to get to the PC safety Scan page: onecare.live.com/site/en-us/default.htm
Just press the “Full Service Scan” button, allow the ActiveX components to be loaded and be very patient: the process takes several hours. But I assure you all: it works and I never saw XP Anti-piracy 2011 again.
I hope people will stop now to give all sorts of wrong or costly advises to the unfortunates who got infected. Just say thanks to Microsoft for their free OneCare safety scan.
WOW!!!! AMAZING!!!!!!!!!!!
Really cannot thank enough for this help and advice, after 3 days solid of trying to gte rid of this bastard of a virus, done in 20 mins!! Thank you so much : )
I used method 1 and it worked fine. Only problem now is that I can’t open any .exe program as it says windows needs to know what program created it. I need to put the registry back.
Help please!!
Tried method 1 but now everytime I try and access a .exe file or say control pannel I get an error message saying.
“This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel.”
So basically now I can’t run or access anthing.
I think I solved it now. I went back and tried the second method after getting the error with the first and it is working. Thanks really appreciate the hard work.
I’m wondering if someone can help please. I followed these instructions which worked thank you but now I can’t open any .exe files. Is there something I should be doing to return it to normal? Sorry if it’s a silly question!
hey guys — many thanks for the help — method 1 worked right on, then was lucky to have Malwarebytes already installed, so back on line, happy as a bird -all seems fine..except one detail. Can’t get the automatic updates installed, not even able to access the relevant microsoft page to do it manually — tried Mozilla (after seeing another fella’s comment) – nope, still no updates. Any help/suggestion — before I have to reinstall everything (yikes!!)– thanks Jenny
THANK YOU for the only fix that actually worked for me! I wish I had found this before I spent hours and hours trying everything that DIDN’T work! I tried so many other Malware detection tools and none of them found the infection, but Malwarebytes’ did!
Awesome software. Great fix. Thank you!
Hi Guys,
Option 1 is working best with me. I have a question. How do I know that the XP Anti-Spyware is not on my system?
Thanks a lot.
Thank you! Only by fluke was I even able to get on the net to find this. I launched an bookmark.html file by accident and it opened my browser when before nothing would launch. Anyhow Method One worked. Smooth stuff. THANK YOU SO MUCH!
I had the same problem. I tried the 1st method and my laptop is recovered now.Thanks a lot for providing this!!!
Matt, try to repeat the step 1.
jenny, try scan your PC with TDSSKiller.
Anyone want to help me? I can’t open the command thing! it’s killing me!
Thanks a lot to Vladimir Harconnen. onecare.live.com worked for me…
Thank you so much!!!!!! I used method 1 and it works.
I tried everything and this is all that worked. I used method 1 at the top of the page, and then was able to use restore or something like that from the start menu where it restored the computer to the state from 5 days ago. Before I ran the script, I think I could basically do nothing. I may have had to right click and run the .reg file though, I can’t really remember. Vladmir was wrong in my case, I couldn’t even start Microsoft internet explorer and so couldn’t have run the microsoft programs online until I ran the script. I tried the microsoft program then, but it was taking too long and not finding any thing, and went and did system restore, which I realized I could do after reading somewhere else on the interent about something. I couldn’t get to the web on my down computer, though, so I had to download copy and paste the script on another computer, and put it to a cd to bring it over and run it on the computer that had the problem.
God Bless people like you! i was about to pay a lot of money to have my computer repair!!! not anymore thanks to you guys! i tried method one and totally worked!!! even when i aint know nothing about computers!
thank you so much..
i’ve already shared this entry in facebook.. =))