XP Antispyware 2011 is a rogue antispyware program from the same family of malware as XP AntiSpyware 2010, XP AntiSpyware, etc. It reports false infections and shows fake security alerts in order to trick you into buying the software. The rogue is distributed through the use of trojans. When the trojan is started, it will install XP Antispyware 2011 onto your computer without your permission and knowledge.
During installation, XP Antispyware 2011 registers itself in the Windows registry to run automatically every time when you start an application (files with “exe” extension). The rogue also uses this method of running to block the ability to run any programs, including legitimate antivirus and antispyware tools.
Once running, XP Antispyware 2011 will begin to scan your computer and list a large amount of infections. It hopes that you will then purchase its full version. Important to know, all of these infections found are fake, so you can safely ignore them!
While the rogue is running, it will flood your computer with fake security alerts and notifications. Some of the alerts are:
Security breach!
Beware! Spyware infection was found. Your system security is
at risk. Private information may get stolen, and your PC
activity may get monitored. Click for an anti-spyware scan.
System danger!
Your system is in danger. Privacy threats detected.
Spyware, keyloggers or Trojans may be working in the
background right now. Perform an in-depth scan and removal
now, click here.
Last but not least, XP Antispyware 2011 will hijack Internet Explorer and Firefox and display fake warning when you opening a web site. The fake warning state:
XP Antispyware 2011 ALERT
Internet Explorer alert. Visiting this site may pose a security threat to your system
As you can see, XP Antispyware 2011 is designed with one purpose to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your PC as soon as possible. Use the removal guide below to remove XP Antispyware 2011 and any associated malware from your computer for free.
Use the following instructions to remove XP Antispyware 2011 (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=www.myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\pezfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Antispyware 2011 associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Antispyware 2011 infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Antispyware 2011. MalwareBytes Anti-malware will now remove all of associated XP Antispyware 2011 files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Antispyware 2011 creates the following files and folders
%AppData%\pw.exe
XP Antispyware 2011 creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\pezfile\shell
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Alright, well since the weekend I’ve had this virus.
I’ve used mbam, before reading this, and tried removing, it ‘removes’ the virus, but once I reboot computer its still there.
I’ve followed the guide to the last detail, done it 6 times now, still the virus is on my computer.
I’ve also tried several times with my System Restore turned off. Still, the virus continues to be present on my computer.
MBAM used to say 37 or some-odd infected files, now it only says 5, but I still have the virus on my computer and its driving me nuts.
Well, just did another MBAM scan, its no longer at 5 infected files, but 34 infected files.
ok so i followed step 1 all ok but i cannot open the Mbam-set file as it keeps asking which programme to open it with any helpwill be appreciated
I really need help, both the above links worked for me..but still I cant access internet inspite of restarting. ANy help would be appreciated.
Thank you for having this. This is the 2nd time I’ve had to deal with this virus. Does anyone know how the virus gets into the computer? I visit the same sites (msn/google/etc) with no issues and then this morning.. wham. Is there more I can do on my end to prevent this from happening again?
It worked. Thanks a bunch.
Thank u SOOoooOO much Worked 1st one …. may God bless u.. 🙂
Thanks a million.
Hey Patrick, I just did a scan with tdsskiller –but nothing was found — problem with updates not being downloaded either authomatically or manually persists to the point I’m going mental..do you think this is a registry problem ? what’s yr opinion abt reg.fix — would that help maybe ?? thanks again for all the help so far..jenny
I just used this on my computer after I stopped pulling my hair out. I tried both and the second one worked for me. I couldn’t get on the internet so I had to type it by hand from the internet on my laptop. What a life (and money) saver! THANK YOU VERY MUCH!!!!!
Thank you a lot! It worked for with method1 😀
jenny, looks like your PC is still infected with a hidden trojan. Ask for help in our Spyware removal forum.
patrik –I’m gonna go with yr suggestion asap – unless I break before and what the heck, start from the start (lol) — meantime, I just cant thank u enough for all the help/advice and the replies — i feel like I’ve already used too much space — more than anyone here — THANKS! – Cheers, Jenny
method 1 worked. thank you guys. how can I delete all the information about that malware? I mean the main folder, because I cant make it yet (Im using the ccleaner application, but it does not work). thanks again
Method 1 worked for me, along with Kim’s suggestion of using REGEDIT4 as the first line. Thank you so very much for your help. You have no idea how much you saved me tonight. I appreciate it more than words. God bless you
THANK YOU!!! Fix #1 worked like a charm the first go. I would like to know if anyone knows who this is that put this on the net. There has GOT to be some legal course of action we all can take, a class action law suit of some kind. This caused me to lose an entire day from work.
It is not going away i have done everything to the T any sugestions as to what else can be done other than what is listed
Method 1 worked and within 20 minutes, the Virus was gone! Thank you for making this so easy to understand for us “non-techy” people! Thank you Thank you Thank you!!
Thanks for the fix guys!
If your exe files don’t work after running method 1, go to this link, which explains how to reset your exe file associations. Sorted me out anyway…
forum.thewindowsclub.com/windows-7-management-support/30984-how-can-i-restore-exe-file-association-after-i-changed.html
I used Method 1 and it removed the virus but now I can’t open programs unless I manually search for them. All of the files I have to search for are .exe. This problem has been driving me crazy for over a week now. Thanks for the help with reomoving the virus. Do you have any idea what I can do to get my programs to open?
Many many thanks I used method 2 and it worked a treat
AVG then auto started and found numerous other files which were quarrantined and now my PC is back working and seems even faster than before
You just saved me hours and hours – thanks a lot!!
Awesome fix. Saved my bacon AND my blood pressure. Your fix was so appreciated and smooth. Fantastic.
Thanks so much man. It worked so well. God bless you.
Method 1 worked perfectly. Thank you so much for posting this. I’m not going to say it’s sorted my boyfriend’s father’s machine but it has allowed me to install Malwarebytes and it’s updated and running a scan . . .
I did try to get him to install Malwarebytes a while back but he didn’t. Anyway, thanks to this site things are looking much brighter. Thank you!
YOU CAN RELAX INFECTEE, This works!! I got infected by win7 2011 last night and was in quite a panic. It came from a completely innocuous web site. I was reading some of the comments posted on this and other web sites and getting increasingly disheartened. I used option 1 and it worked first time off. Very easy.
I used method 2 and it worked! Thanks a lot. I was planning to take my computer to my computer store technician tomorrow.
Method 2 worked for me. Thanks so much for providing this info. I wasted 3 hours trying whatever I could think of and searching the web. I’m glad I ran across your website.
I’m a computer freak, so I try to fix my friend’s laptop that infected by WIN7 ANTIVIRUS 2011, I try to locate the virus and I couldn’t find it. my last resort was to install a new OS to delete everything, but it’s kinda waste of time to install all the application that my friend had… So I watched youtube how to delete the WIN7 ANTIVIRUS 2011, and thank god it work in 0ne try. Thank you s0 much >–>My Anti Spyware and Keep it UP.
thanks for the help!