Update: this virus shows up with different names. The GUI is the same, only the name is different. Please note that original removal guide written for XP Internet Security 2010 works just fine no matter how this virus is named. The rogue program also goes under these names:
- XP Guardian
- XP Guardian 2010
- Windows XP 2010
- Windows XP Security
- XP Antivirus Pro
- AntiSpyware XP
- Antivirus XP
- Antivirus XP 2010
- XP AntiSpyware 2010
- XP Internet Security
- XP Smart Security 2010
- XP Internet Security 2010
- Total XP Security
- XP Security Tool
- XP Smart Security
- XP Smart Security 2010
- XP AntiMalware
- XP AntiMalware 2010
- XP Defender
- XP Defender Pro
- XP Security
- XP Security 2010

Antivirus XP 2010 video: (thanks to rogueamp)
While the XP Internet Security 2010 is active you may observe the following:
- All programs will be blocked, including anti-virus and anti-spyware software
- Internet Explorer and Firefox browsers will be hijacked and will display fake security alerts when surfing the Web
- A window impersonating Windows Security Center stating that you should purchase XP Internet Security 2010
- Numerous fake alerts stating that your PC security is compromised or that you have various malware running on your computer. Don't click on these alerts
XP Internet Security 2010 removal instructions:
Method #1
1. Go to Start->Run or press WinKey+R. Type in "command" and press Enter key.

2. In the command prompt window type "notepad". Notepad will come up.

3. Copy all the text in blue color below and paste into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)

5. Double-click on fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.
6. Download one of the following anti-malware applications:
7. Install the selected application, update it an run a system scan.
8. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Method #2
1. Use another computer and download one of the anti-malware applications listed above (Method #1, step 6),
2. Create fix.reg file as said in Method #1 (steps 1-4). Copy an anti-malware application and fix.reg file to USB flash drive or any other removable device and transfer those files to the infected computer.
3. First of all run the fix.reg file. Then install the anti-malware application, update it and run a full system scan.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Manual removal:
Associated XP Internet Security 2010 files:
- %UserProfile%\Local Settings\Application Data\av.exe
- %UserProfile%\Local Settings\Application Data\ave.exe
- %UserProfile%\Local Settings\Application Data\WRblt8464P
- %UserProfile%\Local Settings\Temp\WRblt8464P
- %UserProfile%\Templates\WRblt8464P
- C:\Documents and Settings\All Users\Application Data\WRblt8464P
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
- HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
- HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
- HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
- HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
- HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
- HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
- HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
Share this information with other people:
257 comments:
«Oldest ‹Older 1 – 200 of 257 Newer› Newest»THESE INSTRUCTIONS ARE GREAT. thank you mucho mucho. i used method one and superantispyware
scan took a while, but with great success
Dude----You are the BEST!!
Worked like a charm.
Thanks a Million!
Method one and superantispyware used and its worked. Thank goodness coz it was driving me nuts :)
Thank You Thank You Thank you!!!!!
I used Malware.
Thanks alot buddy for sharing this... it doesn't get me out of the pain.. i tried with Malware antivirus .. I don't get the popups now :)
Hi Friend, Seems to be good instruction. This bloody virus doesn't even allow me to open internet explorer. I will follow your instructions to get rid of this idiot virus.
What if I don't have another computer to download the anti_malware on?
"What if I don't have another computer to download the anti_malware on?"
Then try this method: (Use this guide at your own risk)
1. Go to Start->Run and type in "command" (without quotes)
2. In DOS window type:
a) cd\
b) cd windows
c) copy regedit.exe regedit.com
d) start regedit.com
3. In the left side of the Registry Editor window, navigate to:
HKEY_CLASSES_ROOT\exefile\shell\open\command
4. Double click Default value in the right side of Registry Editor window.
5. Under Value data, delete existing value and type in "%1" %* (including quotes)
6. Press OK
Now you should be able to run an anti-malware software. Good luck!
Thank you for these excellent instructions.
I thought my Norton 360 would prevent this type of problem but evidently not!
Fortunately I have Opera as well as IE so was able to easily follow method 1 and use SUPERAntiSpyware with great success.
Man you are an absolute star !!!! I became infected with this Malaware crap Today and was thinking i`d have to reinstall Windows but thankfully i was able to connect to the internet with Opera as IE8 was being blocked by this it , I came across a few sites that gave complicated instructions or had dubious programs to download which i wasn`t happy doing but your instructions were clear and concise , I used Method #1 and it worked !!! i also used both SuperAntispyware and MalwareBytes to clear the nasties and i`m back to normal once again , So once again you are a star !!!!!!!! Thank you very very much !!!!!!
You are welcome!
Thanks for the tips, it worked to remove the malware. I even ran a scan again in safe mode and nothing showed up. Unfortunately, after I restarted my comp - XP guardian returned again. SuperAntiSpyware removed trojan.dropper/gen-nv and Malware Bytes removed Rogue.Win7Antispyware2010 (both have been quarantined). Any thoughts on what I should do next? I use avira antivir and it hasn't found anything.
So XP Guardian still pop ups on your screen, right? Then maybe you should try to restore you computer to a earlier date when your PC was clean.
Wow. Incredible! Thank you so much.
Thank you, manual removal, only what is important here to mention, be careful not to remove full value!! You should remove only path to av.exe and redundant /start .. I've removed full line, and luckly for me can fix it in SafeMode with Command Prompt, because all programms cannot be executed if .exe default command will be empty, should be "%1" %*
Unbelievable....IT ACTUALLY WORKS! This is the first time I have tried something like this and I usually read the comments and can never get it to work like most people posting. BUT this one is a sure thing. I tried two or three things first and this one worked, the others didn't. Thank you, thank you, thank you. It did take time to download, transfer file with flash drives, etc., and scan for a few hours, but well worth it.
i didn't work, SUPERAntispyware didn't find the problem, it still appears on the screen!
Thanks so much! I am not that great with computers and even I could do this. The detailed instructions were perfect for me. Thanks!
I tried EVERYTHING but this is the only thing that worked. This guy is a super genius! Thanks so much! The only thing now is that some of my programs arent running properly. Any more advice?
Shannon, you can download CCleaner and fix Windows registry. Maybe this will solve your problem.
CCleaner download link:
http://www.piriform.com/ccleaner/download/standard
THANK YOU !!!! Rec'vd this prob yesterday and today I am running fine. THANKS !!!!!
Thank you, kaspersky didn't spot it and had no idea where it can from or what to do, i used method one, but had to download superantispyware.
thanks again.
Thank you very much.
This worked for me (Method #2). But used TrendMicro instead.
Thanks a lot.
From GPY - Chicago, IL
Worked for me...older machine wasn't able to run spy bot anymore but superanitspyware was great...
so what r the steps for the manual removal? Just locate all of the mentioned above and delete
Followed your instructions but can't open the fix.reg file. What should I do next? thank you for your time. Zach
Q: "so what r the steps for the manual removal? Just locate all of the mentioned above and delete"
A: Please don't remove registry values manually because this will make your situation even more complicated - you won't be able to run .exe files.
Zach,
Try to reboot your PC in Safe Mode with Networking and run a system scan with MalwareBytes or SUPERAntispyware.
How should I enter the codes in step 3? Just one after the other or does it have to go in exactly as it appears?
Q: "How should I enter the codes in step 3? Just one after the other or does it have to go in exactly as it appears?"
A: Yes, you have to copy and paste the text into Notepad as it appears in step 3.
I did that, and I had already download Malwarebytes previously to get rid of an older version of this, and I get a pop-up when I try to click on it that says Run-time error '0'. Ideas?
The infection deleted a core executable (mbam.exe) file of MalwareBytes` Anti-malware. To fix it:
1. Download Malwarebytes exe (mbam.exe, but with random name) from here:
http://mbam.malwarebytes.org/program/random.php
2. Save the file to C:\program files\Malwarebytes’ Anti-Malware\
3. Run it.
hi, got this and my son talked me through getting rid of it on the phone, one thing he told me to do was 'end process' on the av.exe so I did, but now I cannot run microsoft progs, msn, and cannot open many things, and even had to figure out how to reconnect to the internet. What can I do? thanks
It's not letting me download it on the broken computer. Instead, I downloaded the SUPERAntiSpyware onto a working computer and made the fix.reg file. The only thing I don't know how to do is get the SUPERAntiSpyware onto the flash drive. How would I do this?
Q: "hi, got this and my son talked me through getting rid of it on the phone, one thing he told me to do was 'end process' on the av.exe so I did, but now I cannot run microsoft progs, msn, and cannot open many things, and even had to figure out how to reconnect to the internet. What can I do? thanks"
A: Download EXE Assoc fix and run it. This should fix your problem.
Download link:
http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip
Just copy SUPERAntispyware installer from your working PC and paste it in the flash drive. Then run SUPERAntispyware directly from flash drive. Good luck!
I cannot get into internet explorer to download sypyware and when I copy to usb drive i get the message -- 'the drive or network connection that the shortcut'superantispyware ' refers to is unavailable. make sure the disk is properly inserted or the network resource is available and try again'. What am I doing wrong?
clanon, I think you have transfered SUPERAntispyware to usb drive incorrectly.
this virus has stopped me from doing anything. I can't click on anything. I downloaded the fix registry and malware on my other computer onto a disk, but when I put it on the problem computer it wont let me open it.
My Windows XP Pro unfortunately got the XP Antispyware 2010 yesterday.
At first, the computer was "normal" besides the annoying pop ups.
Then, I run Spybot, and after that, I don't know if it was because what it cleaned or not, I can't see anymore my startup bars and any icon (!!!), just the screensaver.
I pressed the CTRL+ALT+DEL key and could access the Task Manager. Running explorer.exe does not work. Internet does not work either.
I did the fix.reg task you suggested, and am not scanning the computer with Spybot again.
Can you help me what to do next?
Is this issue solvable?
Thank you!
M.
These instructions did work well!
It was a little nerve-wracking because my browser was almost at the point of "Access Denied" thanks to that darn virus, but I re-started my computer, and then went straight to the SUPERAntiSpyware website. The whole decontamination process took no more than ten minutes for me.
I'm in your debt! Thanks!
Thanks so much for this. I contracted the virus three times as I didn't realise that a site I was visiting kept reinfecting me. The first two times I just used system restore, the third the virus would not let me.
Luckily I had saved this while researching the virus (i'm not very tech savvy, but I like finding out about what i'm dealing with in depth). I used this work around and redownloaded malwarebytes (HIGHLY RECCOMENDED - I love that program) and it got it for me.
This fix worked for me. I still want to chainsaw in half whoever created this. One day may be.
SAme thing for me....I cannot click on the START-RUN...I can't don anything on the computer...How can I remove it? thanks
Method #1 worked like a charm. Thanks!!
Fantastic....Solution 1 worked a treat.
But a word to the stupid...don't run the anti-malware app BEFORE you do the Reg Edit...else your going to spend another hour trying to get Notepad to work....like I did
Instructions worked very well. Saved my kids from having to hear lots of bad words coming from the office. I owe u guys at admin. A steak dinner. Thanks.
THANK YOU VERY MUCH!!
These instructions were great, and now my problem is solved.
THANK YOU VERY MUCH!!
These instructions worked great!
Whenever I try to run the fix.reg file it says it's not a registry script and cannot be imported? Where did I go wrong? I saved to desktop under all files as directed.. HELP!!
THANK YOU! This got my programs running again!
Followed Method #1 as written. Tried Spybot S&D but it id not clean the parasite. Downloaded SUPERantispyware, scanned and rebooted, worked like a dream. Many thanks for your time and effort.
I was not able to run superspyware..I tried the anon link and it started to download, but then I receved a windows installer message.
"The system administrator has set policies to prevent this installation"
I didn't have any problems with the registry fix, but can't download an application to remove it.
I want to add that I downloaded superantispyware on a flash drive. When I try to install that I get the message that the program has encountered an error.
My pc became infected last night, and I was too tired to deal with it, so I turned off the computer hoping the malware would disappear overnight. Well, that did not happen, and I could not access the internet from the infected machine.
On a different computer, I found this website and these instructions. I printed them out, and on the infected machine I first did a "system restore" to a date last week. Then I was able to go online and follow Method #1. It worked like a charm!!
I followed it up with SUPERAntispyware as suggested. That took a couple of hours, but everything is now good as new. Thanks!
Ms. Anonymous
BTW, I should add that I tried x'ing out of the malware right at the start when it popped up, and that made it load anyway. Using cont-alt-delete didn't work either.
First of all THANK YOU to the person that put this out here!!! You saved me a trip to the shop which was where I was sure I was headed. Fortunately, I had a second PC so I used method #2 with the flash drive. I'm not a geek and I was able to to it. The only thing I have to add is that following the reg fix and the Superspyware, the PC would not boot normally so I had to boot into SAFE mode and do a system restore to a date prior to the infection. System is back up and running. It took a while but it sure beat a trip to the shop. Thanks again. Mike from Atlanta, GA.
This really sucks!!!! Any idea where this is coming from? I would really like to get my hands on the perp. I will gladly track them down if anyone has any leads.
My question is: Do you have any idea why I couldn't run a system restore after being infected? After a few minutes, a window popped up stating "unable to restore to previous". I am going through the regfix and malware removal now.
Thanks for this help. This stupid thing got through my virus protection and like a couple of posts before this one, I also tried x-ing out and it ran anyway. Our IT guru gave all kinds of suggestions, but for this little bugger those didn't work. Ran suggestion #1 (superantispy - full scan)and got me up and going. Thanks again
First I wanted to say thank you for this. It has been a big help. Im not very good with the registry. BUT HERES A TIP. I had malwarebytes already on my computer when I got this stupid virus. Sure like most people the virus made malwarebytes not open. So to open it I had to click on the icon of Malewarebytes, Right Click with the mouse, click on RUN AS and UNCHECK the box that says "Protect my computer and data from unauthorized program activity" and malewarebytes WILL open. Then click ok and you will see malewarebytes opening. Maybe the Admin will post this. I learned this trick from another virus i got long time ago. Thanks Again!! Brad Michigan
Does everyone know to remove XP Guardian Fake Virus? just asking =_="
You rock! I tried method one and it worked like a charm.
Wow u r a superstar u saved me soooo much grief i was so upset wen i realised i got this damn virus y dint i hear bout this last yr i lost a dear laptop to one of these virus's just coudln't get rid of it n i messed with god no's wot n evry time i turn it on its just a black screen that asks for a password any way thanx loads :D
Hi....I have tried method 1 and I am glad it works. It was easy and not complicated like other websites suggested. Now I have a problem. I am unable to open internet explorer. A window pops up saying "Open with...choose the program u want to use to open this file !!
Can you please help as soon as possible...Thanx Sree
My wife couldn't delete the av.exe file and tried to reboot in safe mode. the computer then rebooted again but unsuccessfully. She attempted a restore to last known good state but is now in a reboot loop that never gets windows started. Any suggestions?
Sreelekha, download this fix:
http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip
Hey... i tried method one, running the notepad but i get a warning message from XP Internet Security 2010 saying
" Application cannot be executed. The file is infected. Please activate your anti-virus software" This occurs for any program that i try to open
please help!
Anthony from Canada
Hi
i followed step 1, did the notepad thing but my internet explorer wont work. I have firefox but it wont even load up. Help Please!
I got the virus tonight. I did a system restore to yesterday and the pop ups are gone. I don't really know if the virus is gone or not. However I now cannot access the Help and Support or the System Restore. When I try it says "application not found". Any program I try to open comes up with a dialouge box that asks "Which Program Do I want to Open With". I can get the programs to open but not through the usual way. How do I get back to where it was before the virus got me?
THANK YOU !!!! Method one worked great- had wasted hours on other nonfixes and on trying to download malwarebyte unsuccessfully in safemode- your registry fix did the trick!
Thank you very much ! Removed "XP Guardian 2010" using method 1. I use Firefox so no problems loading "Malwarebytes"
Rebooted. XP Guardian gone ! It was a very annoying virus !!
Thanks Again !!
Darn thing keeps coming back Kaspersky detects nothing... Malwarebytes removes then ask for restart it is there on the next scan. It seems to always return so I guess it means the trojan is hidden somewhere! What else is there besides Malwarebytes?
Thanks a lot for your instructions! You're awesome! Will you marry me? :)
When I ran the fix.reg file, it made all .exe programs useless, including the virus software. What did I do wrong. How can I fix this?
Jenny, sure, why not? :) I'm glad your PC is clean again.
Q: "When I ran the fix.reg file, it made all .exe programs useless, including the virus software. What did I do wrong. How can I fix this?"
A: Download this fix http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip
It should fix exe files issue.
So should I run the xp_exe_fix.zip program AFTER I run the virus software? Sorry if you already answered this question.
Excellent guide - the only one that I understood & actually worked. Glad I found it. Thank you so much.
I am happy to be another voice to the chorus "THANK YOU!" You saved me from another sleepless night!
You may run xp_exe_fix.zip after a system scan.
My computer wont let me download spybot. it's taken over explorer.
I know you have an answer??????
Ken
Thanks very much for this. I used method #1 and it got rid of the infection, thanks to your detailed instructions. However, when I got the infection, I lost all the icons in my toolbar, and haven't been able to get them back since. I also can not do a system restore, to any point. Computer is also painfully slow, much slower than it was before I was infected.I'd be grateful for any help, I spent 12 hours yesterday trying to get rid of this.
Good fix and great service from you guys.
One thing, on the first fix, item #5. After clicking OK, I had to restart the computer...Before loading the anti-malware.
Appreciate your work.
No, I won't marry you though!!!
Ken
Worked like a charm!! THANKS!!!
It came back after about 6 hours.
How do we stop that?
Ken
Worked for me too, so far. Thank you! I used method 1 plus MalwareBytes.
I did everything on method 1 but when I click on superantispyware I click run and nothing happens. What should I do? Thank you so much.
This was amazing! I got infected by this virus a couple of months ago, and so I had to get everything on my computer re-installed, and I was scared when i saw this stupid a** virus appear on my computer, but thank you for this, and I was able to get rid of it in 20 minutes and it isnt bothering me anymore!! I AM SO THANKFUL!!!! so far it is working...
Thanks
Used by King Information Technology Solutions with success!!!!
Thank you, worked like a charm.
dude! thanks so much that was really easy and sketch free!
Thumbs Up! Instructions worked great!
Now we all need to figure out how to return the malicious favor to those that instigate these problems.
We tried MalwareBytes and it looked like it worked. But we were still having problems. Used SuperAntiSpyware and it worked like a charm. SAS found a trojan horse that MalwareBytes did not. We are up and running...hope it doesn't come back. But if it does we now know what to do!
Free download that works. Boy this was so much easier than anything else that I looked at and because it is at cnet it was clean and worked.
Good luck!
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
PC - XP Pro SP3
- XP Guardian 2010.
These are my personal findings.. not an expert, and thank you for this fix guys.. Great
Q- Where does this come from?
A- I picked this up from the PirateBay.org
Q- I can't get on internet?
A- I found you can [ctrl/alt/del]-taskmanager-processes, and close av.exe (that is the virus). It should close long enough for you to open IE, and download superantispyware. (just end the process again if it comes up)
Q- Does it slip past antivirus software?
A- I already ran AVG8 and Spybot (fully updated) in safe mode and they failed to get rid, but superantispyware did.
Q- How do i get into safe mode?
A- Usually tap F8 during startup - enter as administrator. (dell users may have an issue)
Q- Is the reg fix required?
A- I couldn't get it to work anyway, but ran superantispyware in safemode - still done the trick.
Q- The virus has gone, Yipee, but I can't open any programs.. What now?
A- Download EXE Assoc fix and run it. This should fix your problem. http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip
Q- Should I keep posting stupid questions having not read all the posts, and assume that the Admins have nothing better to do with their time than to pander to my ever whim, and is my problem any more important that everyone elses, and if I have read all the posts and still have a new question, should I write my post in annoying tone that makes it out to be the Admins fault???
A- No
Thanks again guys
THANKS MAN!! i should have ran into this blog days ago!! before i restore my computer and lose most of my stuff! i had this software popping out of nowhere made me thinking that this software is actually my computer's software that detects spywares and trojans for me, but i was fooled, and it messed my my computer and made me had to restore it(i saved some of my stuff before i did it) and now i had it again yesterday, then i searched the program from my tast manager about "av.exe", i found a yahoo answers question about this, then someone had posted this website as their answers, i clicked on the link leading me to this, i did everyhing you said and...IT WORKEDDD WELL!! i do get this error message "Run.dll not found blah! blah! blah!" on startup, but it did not interfere with anything AT ALL! everythign worked fine! THANKYOU VERY MUCH! and again... i should have ran to this right after seeing this 2010 security fale thingy xD
i used the manual method (thanks much) a few things - my instance was not named av.exe but was named masacui.exe. i found the equivalent registry entries and deleted. be careful to only delete the entry with the malwares .exe. I also deleted the default entry of "%1" %* and all of my programs could not load (got a no associatation for this file type error message) - if you do delete you just need to go back through each entry and add it back in
When you run malwarebytes, make sure you do a complete scan - not a quick one.
Thankyou, thankyou, thankyou.
Very easy to follow and helpful directions. PC was back up and running normally again in about 30 minutes.
Thank you so much for all these advises.I Finally got rid of the virus...JUST IN TIME!Cause I was writting an essay! I do recommend this site and read all the thread.
Thank you!
Sergio
London
From the internet, I kiss you!
Thank you so much for helping me sort this out - I couldn't run the malware removal software until after I found your registry fix first.
Thank you a thousand times! You are my hero.
Thank you for this guide its worked well :)
the only problem i've encountered is when ever i try to open a program (e.g. firefox) i keep on being asked about what to open the program with. I've had this problem with all the programs i use.
With MS paint for example i get this message:
"C:\WINDOWS\system32\mspaint.exe
paint cannot read this file.
this file is not a vaild bitmap file, or its format is not currently supported"
tried opening it from system32 same error.
any ideas?
thanks
also another thing i have noticed is i cannot access areas in my control panel:
"C:\WINDOWS\system32\rundll32.exe
Application not found"
Sorry about the last two comments, read what you said earlier about someone else's problem that i had and have done what you have suggested and now works well. :) thank you
Thank you - it worked. Used option 2, then did system restore to reestablish ethernet connection and ran antivirus one more time to be sure to be sure.
hey, so i followed all the steps but it keeps poping up on my screen. what should i do?
Thank you so much for this. All seems O.K... for now.
So after i finish the scan, what do i do?
I am so relieved now. Thanks! I cant find a trace of anything on my comp. Though that doesnt mean im 100% cleared, My comps working like a charm!
THANKS A LOT!! I've catch that rogue virus thing this morning and removed it within a hour !! Procedure very clear and workful, thank you
Hi,
I followed process #1 and got the virus off my computer. But now when I try to close or open windows, my computer screen freezes and I can't do anything. Any suggestions?
Thanks a lot dude. method #1 worked for me. I already had chrome and spybot SD installed which made it easier.
Thank you! I got the Internet Security 2010 malware after my daughter used my computer for accessing Facebook.
I tried method 1, above first. After running the reg.fix file, I was stilling having problems. Based on another post in this thread, I realized my virus .exe file wasn't called AV.exe, rather MSASCUI.exe. I decided to clean the registry entries manually.
I opened a command prompt window (Start Menu > Run > cmd, and typed "regedit" to open the registry editor. I did a manual search for "MSASCUI.exe" and found it in several places. As noted in another post, I was careful not to delete the entire "Default" value; I only deleted the MSASCUI.exe path name and the extra START command.
For example:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
became:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%1" %*
I kept hitting F3 to find all refererences to MSASCUI.exe in the registry, and if they weren't shell\open type commands, I deleted the entry entirely.
After closing regedit, I verified that the MSASCUI process wasn't running in Task Manager. I was then able to access IE without the dreaded malware popup, and download and run Malware Bytes. I then downloaded and ran the free SuperAntiSpyware and it found another lurking virus and killed it.
Perhaps an extermination fund is in order to track down the malware authors and deliver some social justice. They don't care about our suffering, I certainly don't care about theirs.
Thank you for writing, we really appreciate this!
Thank you very much indeed ...its works..
i.ve been so confused to remove the spyware 2010
thanks man....
ok so this xp antivirus 2010 totally fked my computer... i have had a similar type of virus trojan before, but nothing like this.. i tried malwarebytes but it wont let me update.. lost any sort of internet connectivity... so tried the fix.reg deal, and now my computer wont boot. says "memor" .. so now what?
Dammit! I fell for the stupid thing and paid $60 =/. Wish I had known about it before.
Thanks so much for the help! I am not so good with all of this stuff and although, I THINK it's gone, I'm not sure. Is there anyway of knowing that it's gone for sure?
I did the first parts of step 1 and in the process of scanning, the malware program randomly disappeared. It won't let me run it. Is this good or bad?
should i restart after using fix.reg other sites are suggesting i do so before using on of the antivirus things
am i supposed to delete the fix.reg file from my desktop after i've completed all the steps?
thank u so effing much!!!!!!
i did the first one and it worked perfectly
thank u thank u thanks a million!!!!!!!!!!
I usually don't post on these, and I know it has been said before, but I would just like to thank you for these steps. I hate that vulnerable, violated feeling you get when you find yourself with a virus on your computer, but your instructions renewed my faith in the online community. Thanks again!
Q: "am i supposed to delete the fix.reg file from my desktop after i've completed all the steps?"
A: Yes, you can delete it.
Hi just got this virus. It won't let me run task manager. Tried the reg fix (on usb flash drive) and it's disabled editing the registry as well. It also is stopping the system restore in both normal and safe mode. Any other ideas would be greatly appreciated. Got access to a laptop (that's how I'm online now.)
Well, I've gotten this XP smart security 2010 and it got to the point where i couldnt even do any thing on the computer so restart it. Now it won't run. It won't boot in safe mode either. What can I do?
i dunno if the my comment got through or not but.
1) is it normal to have that virus popup again and again when im scanning with malwarebytes
2) after doing the fix.reg and scanning. the virus is back after i restart and go onto internet.
what are some things i can do differently.
Hello -I performed Method #1, then updated and ran my Spybot S&D program, then rebooted my PC -but the XP Smart Security 2010 problem remains. Please advise, thanks!
you are 'GOD'
IMPORTANT UPDATE: if this virus disables everything and you can't reboot your PC in Safe Mode or Safe Mode with Networking then try this:
a) Reboot your PC in Safe Mode with Command Prompt.
b) From there type in the following line (below) and hit Enter button:
%systemroot%\system32\restore\rstrui.exe
c) If everything goes well then you should be able to restore a system to an earlier date when your PC as not infected.
Also you may reboot your PC in Debugging mode and run Malwarebytes or SUPERAntispyware. Rebooting your PC in
YaY! *hug*
I am in the same boat as the anon that posted 3 comments up. The infection hasn't really gone beyond the pop ups yet, but its definatly becoming a pain in the butt. Any other steps that need to be taken?
Adding to my previous post at 8:00pm on 15Mar: Please note that the virus on my PC is actually called "XP Smart Security 2010". I'm wondering if Method #1 didn't work because it is for "XP Internet Security 2010" (different name).
Please advise if you have a solution for "XP Smart Security 2010" -thanks!
MalwareBytes Anti-malware fixed it -forget Spybot for Methid #1
Thank you so very much for this. It worked like a charm. I have not rebooted yet, however I double checked it and it is no longer showing up in the security center so it should be gone. Hillary M.
The virus has gone, but if I click on my FireFox icon, it asks what programs do I want to use to open it. But I can right click on the FireFox icon and click on start and it returns me to the last session that I was on. I tried the download you left in an earlier post "http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip" but when I licked on "Run" it to asked me what program do I want to use to open it. I am officially lost!
Brandon
I've used this to help five different people get thru this, and it works great. I've done a couple of combos of the methods. Just remember to delete your temp files and temporary internet files.
Thanx man! /From Sweden
PERFECT AND AWESOME, THANKS A LOT, A LOT, A LOT AND A LOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOT! :D IT WOKRS UNBELIEVEABLE! From Azerbaijan.
I thank you from the bottom of my heart sir. Your instructions worked like a charm! This only occurred after I uninstalled comodo firewall because it was giving me a headache blocking programs unnecessarily etc.. Coincidence?(ironically this little nasty gave me an even bigger headache!) That will teach me, I'm off to download their latest.
Warmest Regards.
method 1 doesn't work for me...
for method 2 how do i get superantispyware to open using my flashdrive????
PLEASE HELP
Hi,
Thank you a lot .. my system was infected with "smart xp internet security 2010" and i just tried both spybot and superantispyware ... but it was MalwareBytes !!! that worked gracefully for me .... though it showed a vb 60 dll missing first ... thanks a lot .. and will be a regular here .. carry on:)
You're making a great many people happy, Admin! I have the same problem as C. Andrew (above). I got rid of the malware, but now, whatever I click on the desktop, it's either "Application Not Found" or it asks what application I want to open it with. Sorry if you already answered this. Samani (also above) seemed to think you had, but I've been through this blog twice now, and can't see the answer s/he's referring to. Thanks, Stephen
Stephen,
Download and run xp_exe_fix.reg file
Download link: http://bit.ly/8ZhB1V
This hould fix your problem. Good luck!
for SUPERAnti spyware. which scan do you do? the full system scan, or the virus smart scan thingy? thanks :)
dude, you are awesome! I have had this problem 2 to 3 times, and everytime I used malwarebytes, it found some bugs but the problem cropped in a few days. your registry changes work great. my m/c works great now.
Admin, someone should buy you a cape!
It worked. Thank you!
i created the fix.reg but it will not run. says cannot import c/document.....not registry script can only import binary registry files from the editor. it is invading when in safe mode also.
ThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYou!
I can't believe it is finally gone. I did Option #1 while in Safe Mode and used Malwarebytes. Thank you so much.
i did this a few times. it worked but it kept coming back. and now its not working at all.. D: how do i delete it??
THANK YOU SOOOOOOOOOOOOOO MUCH. worked like a wonder, my PC is up and running as normal. I used the malawarebytes software. It tok only 2 hours to scan my computer and when I restarted it all was good. So once again thank you so much
Thank you, thank you, THANK YOU! My computer became infected yesterday (my birthday) so I consider this a late birthday present. I did Option #1 and used Malwarebytes. Thanks again!
Thank you, thank you, thank you! Worked like a charm! I couldn't get the Malwarebytes to work, but the SUPERAntispyware did!
Thanks a lot... Step 1 works for me
Thank you thank you thank you. This worked perfectly.
i think i got rid of it but the laptop is still slow. does that mean i still have it? it doesnt pop up anymore though.
thank you very much! it works,,that threatened me seriouly! you're great!
reg fix worked perfectly, thank you.
Thanks a lot. Looks like this worked out pretty well. Hope to not see such enerving pop-ups for a while.
The fix.reg and SUPERAntispyware worked. Thanks
i used method 1 and superanti spyware. it said it needed to restart my computer,an upon restart, many of my programs are no longer working. when i try to open their icons, it says file not found. is there anything i can do?
thank you worked great! :)
Q: "i used method 1 and superanti spyware. it said it needed to restart my computer,an upon restart, many of my programs are no longer working. when i try to open their icons, it says file not found. is there anything i can do?"
A: Download and run xp_exe_fix.reg file
Download link: http://bit.ly/8ZhB1V
Thank you...worked great...what a nuisance these people that make these viruses, thinking that by hijacking your computer, you'll be forced into buying their junk !!! It's extortion !!
In any case, the fix.reg and superantispyware free edition worked. I ran the full system scan ; it took almost an hour ; then re-booted and the nuisance is gone !! Also, the superantisypware got rid of more ad-ware etc, and the computer runs a tad quicker than before...
Thanks for helping out by starting this blog and god bless !!
Thanks! Used step 1 with great success. Actually, the most annoying malware I have ever had, but with your instructions, the easiest to remove.
Thanks for sharing. Very much appreciated. Keep up the good work.
Hello when I try this method it says " cannot import c:\documents and settings\david\desktop\fix.reg: The specified file is not a registry script. You can only import binary resgistry files from within the registry editor. HELP !
Please help me, I finished steps 1-5, and I already have a Malwarebytew Anti-malware. But the problem is, I can't seem to get it open. Any help?
thank you. and this is not a first of april joke
I am a cheese
Wow!!! What can I say? This was the easiest computer fix ever! Your instructions were extremely clear and easy to follow. I had the same problems as others with running .exe programs after the fix and the link you provided took all of five seconds to correct the problem!
Thank You!
Thank you SO much for these easy instructions. I thought I would have to deal with the annoying security alerts forever!
Alrighty, Thanks for the clear directions on how to zap this bug away! Keep up the good work and help rid the world of more pest like these.
Thank you so much!
I have the same problem as anonymous about 6 comments up. I downloaded the software, but I can't get it to open
I'm stuck on step #5. After clicking "Yes" to the Registry Editor prompt window, I get a message that says: "Cannot import C documents and settings Desktop fix.reg. Not all data was successfully written to the registry. Some keys are open by the system or other process."
I copied and pasted everything that was written in blue into the notepad like you mentioned in step 3. PLEASE HELP!!!
Thanks,
Ellen
Thanks for these instructions - I had dealings with this malware yesterday... Tried first with Malwarebytes but the malware came back with a slightly different name; tried again with SUPERantispyware which found a couple of trojans Malwarebytes had missed and now everything is working fine.
Thanks again
Gavin
UK
unable to get step 5 to run the program of fix.reg? Please help me
Should I be able to access my files after completeing method 1 ? Also, will I physically lose my programs after completeing Method 1 ?
Method one and Superantispyware did the trick! Thank you! Thank you!
I'm stuck on step #5. After clicking "Yes" to the Registry Editor prompt window, I get a message that says: "Cannot import C documents and settings Desktop fix.reg. Not all data was successfully written to the registry. Some keys are open by the system or other process."
I copied and pasted everything that was written in blue into the notepad like you mentioned in step 3. PLEASE HELP!!!
Thanks for this. I was getting pretty concerned with all I was reading about this little bugger. The McAfee website was no help at all. Guess I'm going to rethink that whole $75 per year thing. Thanks again! I'm off to build a small sacrilegious temple in your honor.
JD
Don't know if this is the problem, but .reg file is supposed to have one blank line at the end. If you copy & paste the text part, there won't be a blank line. After copy & paste, hit Enter key a couple of times.
Tried to run Fix.reg in safe mode but get " Registry editing has been disabled by your administrator" How do I activate the Registry Editor? I am a bit scared about mucking about with registry things!!!!
Hi,
thanks a lot!
This was a painless experience, it worked just as noted. I had to run the fix as mentioned earlier on Mar 22, and now my computer works just as normal.
You are the best!
Tks, jp
YOU ARE AWESOME. Thank you so much. I was an idiot and fell for the scam and paid the $$. Hopefully the virus is gone now and the bank will fix my error. Luckily, you saved my sanity! Thanks so much!
Hey,
I have XP Snart Security 2010 currently infecting my computer. It lets me use the internet, itunes, etc. but I keep getting annoying pop-ups about the scan and buying the new software. When I scan with malware(which I already had) no viruses are detected. Do I need to update malware or go about this differently?
Hi, I'm getting stuck on step 5. When I double-click on the file, all that happens is it opens in notepad-- nothing more. What am I doing wrong?
Thanks alot! Used method #2, xp no longer pops up, however i cant use any internet browser. anyone know how to fix this?
This was a great and fast fix. I used method #1. I left this page open in the background and then went step by step. I already had "spybot seach and destroy" installed but it didn't work until I did method# 1. After I followed the instructions I opened "spybot" download any updated then did a full scan. Once the scan was complete I rebooted and the problem was solved. Thank you very much. I will keep this site for future emergencys.
Malwarebyte's Anti-Malware fixes Internet Explorer registry problem.
Thank You Very Much! It Worked!
A quick way that does not touch the registry:
vma.exe (the infection that showed on a PC here (aka Total XP Security), after cleaning with Malwarebytes I found that it corrupted the users profile.
Copy out Desktop, Favorites, and My Documents. Delete the profile and have the user logon to create a new profile, then copy the Desktop, Favorites, and My Documents folders back into the new user profile.
The symptom that had me try this was when the infected user account logged in and tried to activate a program link (such as IE from the desktop icon), it would ask for which program to open it. When I logged in as a different user all worked fine. This lead me to beleive it was the users profile that had the issues.
People this Works! At the very end of the process, it asks for a donation. I Did Not give one, and because it worked, I feel bad now for not having given one. Someone in the future, please pass it on. Again, thanks!
Well done.. my friends computer thanks you..
Wow! You are a genius!! Thank you!!!
But.. Can I delete the fix.reg document? Or do I have to have that on my desktop?
I did method one with SUPERantispyware, in less than an hour it's done, no more FAKE XP security, system is clean. For as crappy as all these viruses can be, it's nice to have a relatively easy fix for one like this.
THANK YOU!
thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you
I had this, i got so pi**ed off with trying to remove it i ended up just formatting my computer. Worked a treat!
Thanks
My English level is very low but I only want to say one thing: you solved my problem. Thanks a lot!!... and congtratulations for this site.