Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Thursday, January 28, 2010

How to remove XP Internet Security 2010 (free removal guide)

Tell your friends:
XP Internet Security 2010 is a fake antivirus application. For some of you this program may look like a reliable virus removal tool, but in reality it's a total scam. When running, it will "scan" your computer for malware and present you with a list of false infections (that's what rogue programs usually do) to trick you into thinking that your computer is infected. Then XP Internet Security 2010 will state that those infections cannot be removed unless you purchase the program. You shouldn't purchase this bogus software! If you already have, inform your credit card company that you were tricked into paying for this software, and that it's a scam.

Update: this virus shows up with different names. The GUI is the same, only the name is different. Please note that original removal guide written for XP Internet Security 2010 works just fine no matter how this virus is named. The rogue program also goes under these names:
  • XP Guardian
  • XP Guardian 2010
  • Windows XP 2010
  • Windows XP Security
  • XP Antivirus Pro
  • AntiSpyware XP
  • Antivirus XP
  • Antivirus XP 2010
  • XP AntiSpyware 2010
  • XP Internet Security
  • XP Smart Security 2010
  • XP Internet Security 2010 
  • Total XP Security
  • XP Security Tool
  • XP Smart Security
  • XP Smart Security 2010
  • XP AntiMalware
  • XP AntiMalware 2010
  • XP Defender
  • XP Defender Pro
  • XP Security
  • XP Security 2010


Antivirus XP 2010 video: (thanks to rogueamp)


While the XP Internet Security 2010 is active you may observe the following:
  • All programs will be blocked, including anti-virus and anti-spyware software
  • Internet Explorer and Firefox browsers will be hijacked and will display fake security alerts when surfing the Web
  • A window impersonating Windows Security Center stating that you should purchase XP Internet Security 2010
  • Numerous fake alerts stating that your PC security is compromised or that you have various malware running on your computer. Don't click on these alerts
There shouldn't be any doubts about this software. It's obviously not legitimate and should be removed from a computer a soon as possible. The worst symptom is of course the first one from the above list. How can you remove this virus if you can't open any program? Hopefully, there is a way to overcome this infection and I'll show you how to that.


XP Internet Security 2010 removal instructions:

Method #1
1. Go to Start->Run or press WinKey+R. Type in "command" and press Enter key.


2. In the command prompt window type "notepad". Notepad will come up.


3. Copy all the text in blue color below and paste into Notepad.

Windows Registry Editor Version 5.00


[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]


[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"


[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)


5. Double-click on fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.
6. Download one of the following anti-malware applications:
7. Install the selected application, update it an run a system scan.
8. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.

Method #2
1. Use another computer and download one of the anti-malware applications listed above (Method #1, step 6),
2. Create fix.reg file as said in Method #1 (steps 1-4). Copy an anti-malware application and fix.reg file to USB flash drive or any other removable device and transfer those files to the infected computer.
3. First of all run the fix.reg file. Then install the anti-malware application, update it and run a full system scan.
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Manual removal:

Associated XP Internet Security 2010 files:
  • %UserProfile%\Local Settings\Application Data\av.exe
  • %UserProfile%\Local Settings\Application Data\ave.exe
  • %UserProfile%\Local Settings\Application Data\WRblt8464P
  • %UserProfile%\Local Settings\Temp\WRblt8464P
  • %UserProfile%\Templates\WRblt8464P
  • C:\Documents and Settings\All Users\Application Data\WRblt8464P
Associated XP Internet Security 2010 registry values:

  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
  • HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
  • HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
  • HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
  • HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
  • HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
  • HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"

Share this information with other people: 

257 comments:

«Oldest   ‹Older   1 – 200 of 257   Newer›   Newest»
Anonymous said...

THESE INSTRUCTIONS ARE GREAT. thank you mucho mucho. i used method one and superantispyware
scan took a while, but with great success

Anonymous said...

Dude----You are the BEST!!
Worked like a charm.
Thanks a Million!

Anonymous said...

Method one and superantispyware used and its worked. Thank goodness coz it was driving me nuts :)

Anonymous said...

Thank You Thank You Thank you!!!!!
I used Malware.

Anonymous said...

Thanks alot buddy for sharing this... it doesn't get me out of the pain.. i tried with Malware antivirus .. I don't get the popups now :)

Anonymous said...

Hi Friend, Seems to be good instruction. This bloody virus doesn't even allow me to open internet explorer. I will follow your instructions to get rid of this idiot virus.

Anonymous said...

What if I don't have another computer to download the anti_malware on?

Admin said...

"What if I don't have another computer to download the anti_malware on?"

Then try this method: (Use this guide at your own risk)

1. Go to Start->Run and type in "command" (without quotes)

2. In DOS window type:
a) cd\
b) cd windows
c) copy regedit.exe regedit.com
d) start regedit.com

3. In the left side of the Registry Editor window, navigate to:
HKEY_CLASSES_ROOT\exefile\shell\open\command

4. Double click Default value in the right side of Registry Editor window.

5. Under Value data, delete existing value and type in "%1" %* (including quotes)
6. Press OK

Now you should be able to run an anti-malware software. Good luck!

Anonymous said...

Thank you for these excellent instructions.
I thought my Norton 360 would prevent this type of problem but evidently not!
Fortunately I have Opera as well as IE so was able to easily follow method 1 and use SUPERAntiSpyware with great success.

Anonymous said...

Man you are an absolute star !!!! I became infected with this Malaware crap Today and was thinking i`d have to reinstall Windows but thankfully i was able to connect to the internet with Opera as IE8 was being blocked by this it , I came across a few sites that gave complicated instructions or had dubious programs to download which i wasn`t happy doing but your instructions were clear and concise , I used Method #1 and it worked !!! i also used both SuperAntispyware and MalwareBytes to clear the nasties and i`m back to normal once again , So once again you are a star !!!!!!!! Thank you very very much !!!!!!

Admin said...

You are welcome!

Anonymous said...

Thanks for the tips, it worked to remove the malware. I even ran a scan again in safe mode and nothing showed up. Unfortunately, after I restarted my comp - XP guardian returned again. SuperAntiSpyware removed trojan.dropper/gen-nv and Malware Bytes removed Rogue.Win7Antispyware2010 (both have been quarantined). Any thoughts on what I should do next? I use avira antivir and it hasn't found anything.

Admin said...

So XP Guardian still pop ups on your screen, right? Then maybe you should try to restore you computer to a earlier date when your PC was clean.

Anonymous said...

Wow. Incredible! Thank you so much.

Anonymous said...

Thank you, manual removal, only what is important here to mention, be careful not to remove full value!! You should remove only path to av.exe and redundant /start .. I've removed full line, and luckly for me can fix it in SafeMode with Command Prompt, because all programms cannot be executed if .exe default command will be empty, should be "%1" %*

Anonymous said...

Unbelievable....IT ACTUALLY WORKS! This is the first time I have tried something like this and I usually read the comments and can never get it to work like most people posting. BUT this one is a sure thing. I tried two or three things first and this one worked, the others didn't. Thank you, thank you, thank you. It did take time to download, transfer file with flash drives, etc., and scan for a few hours, but well worth it.

Anonymous said...

i didn't work, SUPERAntispyware didn't find the problem, it still appears on the screen!

Lauren said...

Thanks so much! I am not that great with computers and even I could do this. The detailed instructions were perfect for me. Thanks!

Shannon said...

I tried EVERYTHING but this is the only thing that worked. This guy is a super genius! Thanks so much! The only thing now is that some of my programs arent running properly. Any more advice?

Admin said...

Shannon, you can download CCleaner and fix Windows registry. Maybe this will solve your problem.

CCleaner download link:
http://www.piriform.com/ccleaner/download/standard

Anonymous said...

THANK YOU !!!! Rec'vd this prob yesterday and today I am running fine. THANKS !!!!!

Anonymous said...

Thank you, kaspersky didn't spot it and had no idea where it can from or what to do, i used method one, but had to download superantispyware.

thanks again.

Anonymous said...

Thank you very much.
This worked for me (Method #2). But used TrendMicro instead.

Thanks a lot.
From GPY - Chicago, IL

Anonymous said...

Worked for me...older machine wasn't able to run spy bot anymore but superanitspyware was great...

Anonymous said...

so what r the steps for the manual removal? Just locate all of the mentioned above and delete

Anonymous said...

Followed your instructions but can't open the fix.reg file. What should I do next? thank you for your time. Zach

Admin said...

Q: "so what r the steps for the manual removal? Just locate all of the mentioned above and delete"

A: Please don't remove registry values manually because this will make your situation even more complicated - you won't be able to run .exe files.

Admin said...

Zach,

Try to reboot your PC in Safe Mode with Networking and run a system scan with MalwareBytes or SUPERAntispyware.

Anonymous said...

How should I enter the codes in step 3? Just one after the other or does it have to go in exactly as it appears?

Admin said...

Q: "How should I enter the codes in step 3? Just one after the other or does it have to go in exactly as it appears?"

A: Yes, you have to copy and paste the text into Notepad as it appears in step 3.

Anonymous said...

I did that, and I had already download Malwarebytes previously to get rid of an older version of this, and I get a pop-up when I try to click on it that says Run-time error '0'. Ideas?

Admin said...

The infection deleted a core executable (mbam.exe) file of MalwareBytes` Anti-malware. To fix it:
1. Download Malwarebytes exe (mbam.exe, but with random name) from here:

http://mbam.malwarebytes.org/program/random.php

2. Save the file to C:\program files\Malwarebytes’ Anti-Malware\
3. Run it.

Anonymous said...

hi, got this and my son talked me through getting rid of it on the phone, one thing he told me to do was 'end process' on the av.exe so I did, but now I cannot run microsoft progs, msn, and cannot open many things, and even had to figure out how to reconnect to the internet. What can I do? thanks

Anonymous said...

It's not letting me download it on the broken computer. Instead, I downloaded the SUPERAntiSpyware onto a working computer and made the fix.reg file. The only thing I don't know how to do is get the SUPERAntiSpyware onto the flash drive. How would I do this?

Admin said...

Q: "hi, got this and my son talked me through getting rid of it on the phone, one thing he told me to do was 'end process' on the av.exe so I did, but now I cannot run microsoft progs, msn, and cannot open many things, and even had to figure out how to reconnect to the internet. What can I do? thanks"

A: Download EXE Assoc fix and run it. This should fix your problem.

Download link:
http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

Admin said...

Just copy SUPERAntispyware installer from your working PC and paste it in the flash drive. Then run SUPERAntispyware directly from flash drive. Good luck!

clanon said...

I cannot get into internet explorer to download sypyware and when I copy to usb drive i get the message -- 'the drive or network connection that the shortcut'superantispyware ' refers to is unavailable. make sure the disk is properly inserted or the network resource is available and try again'. What am I doing wrong?

Admin said...

clanon, I think you have transfered SUPERAntispyware to usb drive incorrectly.

Anonymous said...

this virus has stopped me from doing anything. I can't click on anything. I downloaded the fix registry and malware on my other computer onto a disk, but when I put it on the problem computer it wont let me open it.

Anonymous said...

My Windows XP Pro unfortunately got the XP Antispyware 2010 yesterday.

At first, the computer was "normal" besides the annoying pop ups.

Then, I run Spybot, and after that, I don't know if it was because what it cleaned or not, I can't see anymore my startup bars and any icon (!!!), just the screensaver.

I pressed the CTRL+ALT+DEL key and could access the Task Manager. Running explorer.exe does not work. Internet does not work either.

I did the fix.reg task you suggested, and am not scanning the computer with Spybot again.

Can you help me what to do next?
Is this issue solvable?

Thank you!
M.

Anonymous said...

These instructions did work well!
It was a little nerve-wracking because my browser was almost at the point of "Access Denied" thanks to that darn virus, but I re-started my computer, and then went straight to the SUPERAntiSpyware website. The whole decontamination process took no more than ten minutes for me.
I'm in your debt! Thanks!

Scarlett said...

Thanks so much for this. I contracted the virus three times as I didn't realise that a site I was visiting kept reinfecting me. The first two times I just used system restore, the third the virus would not let me.

Luckily I had saved this while researching the virus (i'm not very tech savvy, but I like finding out about what i'm dealing with in depth). I used this work around and redownloaded malwarebytes (HIGHLY RECCOMENDED - I love that program) and it got it for me.

Anonymous said...

This fix worked for me. I still want to chainsaw in half whoever created this. One day may be.

Anonymous said...

SAme thing for me....I cannot click on the START-RUN...I can't don anything on the computer...How can I remove it? thanks

Anonymous said...

Method #1 worked like a charm. Thanks!!

Anonymous said...

Fantastic....Solution 1 worked a treat.

But a word to the stupid...don't run the anti-malware app BEFORE you do the Reg Edit...else your going to spend another hour trying to get Notepad to work....like I did

Anonymous said...

Instructions worked very well. Saved my kids from having to hear lots of bad words coming from the office. I owe u guys at admin. A steak dinner. Thanks.

Anonymous said...

THANK YOU VERY MUCH!!
These instructions were great, and now my problem is solved.

Anonymous said...

THANK YOU VERY MUCH!!

These instructions worked great!

Anonymous said...

Whenever I try to run the fix.reg file it says it's not a registry script and cannot be imported? Where did I go wrong? I saved to desktop under all files as directed.. HELP!!

Anonymous said...

THANK YOU! This got my programs running again!

Anonymous said...

Followed Method #1 as written. Tried Spybot S&D but it id not clean the parasite. Downloaded SUPERantispyware, scanned and rebooted, worked like a dream. Many thanks for your time and effort.

Elizabeth said...

I was not able to run superspyware..I tried the anon link and it started to download, but then I receved a windows installer message.
"The system administrator has set policies to prevent this installation"

I didn't have any problems with the registry fix, but can't download an application to remove it.

Elizabeth said...

I want to add that I downloaded superantispyware on a flash drive. When I try to install that I get the message that the program has encountered an error.

Anonymous said...

My pc became infected last night, and I was too tired to deal with it, so I turned off the computer hoping the malware would disappear overnight. Well, that did not happen, and I could not access the internet from the infected machine.

On a different computer, I found this website and these instructions. I printed them out, and on the infected machine I first did a "system restore" to a date last week. Then I was able to go online and follow Method #1. It worked like a charm!!

I followed it up with SUPERAntispyware as suggested. That took a couple of hours, but everything is now good as new. Thanks!

Ms. Anonymous

Anonymous said...

BTW, I should add that I tried x'ing out of the malware right at the start when it popped up, and that made it load anyway. Using cont-alt-delete didn't work either.

Anonymous said...

First of all THANK YOU to the person that put this out here!!! You saved me a trip to the shop which was where I was sure I was headed. Fortunately, I had a second PC so I used method #2 with the flash drive. I'm not a geek and I was able to to it. The only thing I have to add is that following the reg fix and the Superspyware, the PC would not boot normally so I had to boot into SAFE mode and do a system restore to a date prior to the infection. System is back up and running. It took a while but it sure beat a trip to the shop. Thanks again. Mike from Atlanta, GA.

Chris said...

This really sucks!!!! Any idea where this is coming from? I would really like to get my hands on the perp. I will gladly track them down if anyone has any leads.
My question is: Do you have any idea why I couldn't run a system restore after being infected? After a few minutes, a window popped up stating "unable to restore to previous". I am going through the regfix and malware removal now.

Anonymous said...

Thanks for this help. This stupid thing got through my virus protection and like a couple of posts before this one, I also tried x-ing out and it ran anyway. Our IT guru gave all kinds of suggestions, but for this little bugger those didn't work. Ran suggestion #1 (superantispy - full scan)and got me up and going. Thanks again

Anonymous said...

First I wanted to say thank you for this. It has been a big help. Im not very good with the registry. BUT HERES A TIP. I had malwarebytes already on my computer when I got this stupid virus. Sure like most people the virus made malwarebytes not open. So to open it I had to click on the icon of Malewarebytes, Right Click with the mouse, click on RUN AS and UNCHECK the box that says "Protect my computer and data from unauthorized program activity" and malewarebytes WILL open. Then click ok and you will see malewarebytes opening. Maybe the Admin will post this. I learned this trick from another virus i got long time ago. Thanks Again!! Brad Michigan

Anonymous said...

Does everyone know to remove XP Guardian Fake Virus? just asking =_="

Anonymous said...

You rock! I tried method one and it worked like a charm.

jo jo said...

Wow u r a superstar u saved me soooo much grief i was so upset wen i realised i got this damn virus y dint i hear bout this last yr i lost a dear laptop to one of these virus's just coudln't get rid of it n i messed with god no's wot n evry time i turn it on its just a black screen that asks for a password any way thanx loads :D

sreelekha said...

Hi....I have tried method 1 and I am glad it works. It was easy and not complicated like other websites suggested. Now I have a problem. I am unable to open internet explorer. A window pops up saying "Open with...choose the program u want to use to open this file !!

Can you please help as soon as possible...Thanx Sree

Anonymous said...

My wife couldn't delete the av.exe file and tried to reboot in safe mode. the computer then rebooted again but unsuccessfully. She attempted a restore to last known good state but is now in a reboot loop that never gets windows started. Any suggestions?

Admin said...

Sreelekha, download this fix:

http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

Anonymous said...

Hey... i tried method one, running the notepad but i get a warning message from XP Internet Security 2010 saying
" Application cannot be executed. The file is infected. Please activate your anti-virus software" This occurs for any program that i try to open
please help!
Anthony from Canada

Anonymous said...

Hi
i followed step 1, did the notepad thing but my internet explorer wont work. I have firefox but it wont even load up. Help Please!

C. Andrew said...

I got the virus tonight. I did a system restore to yesterday and the pop ups are gone. I don't really know if the virus is gone or not. However I now cannot access the Help and Support or the System Restore. When I try it says "application not found". Any program I try to open comes up with a dialouge box that asks "Which Program Do I want to Open With". I can get the programs to open but not through the usual way. How do I get back to where it was before the virus got me?

Anonymous said...

THANK YOU !!!! Method one worked great- had wasted hours on other nonfixes and on trying to download malwarebyte unsuccessfully in safemode- your registry fix did the trick!

Anonymous said...

Thank you very much ! Removed "XP Guardian 2010" using method 1. I use Firefox so no problems loading "Malwarebytes"
Rebooted. XP Guardian gone ! It was a very annoying virus !!
Thanks Again !!

Kio said...

Darn thing keeps coming back Kaspersky detects nothing... Malwarebytes removes then ask for restart it is there on the next scan. It seems to always return so I guess it means the trojan is hidden somewhere! What else is there besides Malwarebytes?

Jenny said...

Thanks a lot for your instructions! You're awesome! Will you marry me? :)

Anonymous said...

When I ran the fix.reg file, it made all .exe programs useless, including the virus software. What did I do wrong. How can I fix this?

Admin said...

Jenny, sure, why not? :) I'm glad your PC is clean again.

Admin said...

Q: "When I ran the fix.reg file, it made all .exe programs useless, including the virus software. What did I do wrong. How can I fix this?"

A: Download this fix http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

It should fix exe files issue.

Anonymous said...

So should I run the xp_exe_fix.zip program AFTER I run the virus software? Sorry if you already answered this question.

Anonymous said...

Excellent guide - the only one that I understood & actually worked. Glad I found it. Thank you so much.

Anonymous said...

I am happy to be another voice to the chorus "THANK YOU!" You saved me from another sleepless night!

Admin said...

You may run xp_exe_fix.zip after a system scan.

Anonymous said...

My computer wont let me download spybot. it's taken over explorer.
I know you have an answer??????
Ken

Grateful said...

Thanks very much for this. I used method #1 and it got rid of the infection, thanks to your detailed instructions. However, when I got the infection, I lost all the icons in my toolbar, and haven't been able to get them back since. I also can not do a system restore, to any point. Computer is also painfully slow, much slower than it was before I was infected.I'd be grateful for any help, I spent 12 hours yesterday trying to get rid of this.

Anonymous said...

Good fix and great service from you guys.
One thing, on the first fix, item #5. After clicking OK, I had to restart the computer...Before loading the anti-malware.

Appreciate your work.
No, I won't marry you though!!!

Ken

Anonymous said...

Worked like a charm!! THANKS!!!

Anonymous said...

It came back after about 6 hours.
How do we stop that?
Ken

Anonymous said...

Worked for me too, so far. Thank you! I used method 1 plus MalwareBytes.

Anonymous said...

I did everything on method 1 but when I click on superantispyware I click run and nothing happens. What should I do? Thank you so much.

Anonymous said...

This was amazing! I got infected by this virus a couple of months ago, and so I had to get everything on my computer re-installed, and I was scared when i saw this stupid a** virus appear on my computer, but thank you for this, and I was able to get rid of it in 20 minutes and it isnt bothering me anymore!! I AM SO THANKFUL!!!! so far it is working...

Anonymous said...

Thanks
Used by King Information Technology Solutions with success!!!!

Scott said...

Thank you, worked like a charm.

rolo said...

dude! thanks so much that was really easy and sketch free!

Anonymous said...

Thumbs Up! Instructions worked great!
Now we all need to figure out how to return the malicious favor to those that instigate these problems.

Anonymous said...

We tried MalwareBytes and it looked like it worked. But we were still having problems. Used SuperAntiSpyware and it worked like a charm. SAS found a trojan horse that MalwareBytes did not. We are up and running...hope it doesn't come back. But if it does we now know what to do!

Anonymous said...

Free download that works. Boy this was so much easier than anything else that I looked at and because it is at cnet it was clean and worked.
Good luck!

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

MJS Joiners said...

PC - XP Pro SP3
- XP Guardian 2010.
These are my personal findings.. not an expert, and thank you for this fix guys.. Great

Q- Where does this come from?
A- I picked this up from the PirateBay.org

Q- I can't get on internet?
A- I found you can [ctrl/alt/del]-taskmanager-processes, and close av.exe (that is the virus). It should close long enough for you to open IE, and download superantispyware. (just end the process again if it comes up)

Q- Does it slip past antivirus software?
A- I already ran AVG8 and Spybot (fully updated) in safe mode and they failed to get rid, but superantispyware did.

Q- How do i get into safe mode?
A- Usually tap F8 during startup - enter as administrator. (dell users may have an issue)

Q- Is the reg fix required?
A- I couldn't get it to work anyway, but ran superantispyware in safemode - still done the trick.

Q- The virus has gone, Yipee, but I can't open any programs.. What now?
A- Download EXE Assoc fix and run it. This should fix your problem. http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

Q- Should I keep posting stupid questions having not read all the posts, and assume that the Admins have nothing better to do with their time than to pander to my ever whim, and is my problem any more important that everyone elses, and if I have read all the posts and still have a new question, should I write my post in annoying tone that makes it out to be the Admins fault???
A- No

Thanks again guys

Shadowgon said...

THANKS MAN!! i should have ran into this blog days ago!! before i restore my computer and lose most of my stuff! i had this software popping out of nowhere made me thinking that this software is actually my computer's software that detects spywares and trojans for me, but i was fooled, and it messed my my computer and made me had to restore it(i saved some of my stuff before i did it) and now i had it again yesterday, then i searched the program from my tast manager about "av.exe", i found a yahoo answers question about this, then someone had posted this website as their answers, i clicked on the link leading me to this, i did everyhing you said and...IT WORKEDDD WELL!! i do get this error message "Run.dll not found blah! blah! blah!" on startup, but it did not interfere with anything AT ALL! everythign worked fine! THANKYOU VERY MUCH! and again... i should have ran to this right after seeing this 2010 security fale thingy xD

Anonymous said...

i used the manual method (thanks much) a few things - my instance was not named av.exe but was named masacui.exe. i found the equivalent registry entries and deleted. be careful to only delete the entry with the malwares .exe. I also deleted the default entry of "%1" %* and all of my programs could not load (got a no associatation for this file type error message) - if you do delete you just need to go back through each entry and add it back in

Anonymous said...

When you run malwarebytes, make sure you do a complete scan - not a quick one.

Andy said...

Thankyou, thankyou, thankyou.

Very easy to follow and helpful directions. PC was back up and running normally again in about 30 minutes.

Anonymous said...

Thank you so much for all these advises.I Finally got rid of the virus...JUST IN TIME!Cause I was writting an essay! I do recommend this site and read all the thread.

Thank you!
Sergio
London

Jenny said...

From the internet, I kiss you!

Thank you so much for helping me sort this out - I couldn't run the malware removal software until after I found your registry fix first.


Thank you a thousand times! You are my hero.

Samani said...

Thank you for this guide its worked well :)
the only problem i've encountered is when ever i try to open a program (e.g. firefox) i keep on being asked about what to open the program with. I've had this problem with all the programs i use.
With MS paint for example i get this message:
"C:\WINDOWS\system32\mspaint.exe
paint cannot read this file.
this file is not a vaild bitmap file, or its format is not currently supported"
tried opening it from system32 same error.
any ideas?
thanks

Samani said...

also another thing i have noticed is i cannot access areas in my control panel:
"C:\WINDOWS\system32\rundll32.exe
Application not found"

Samani said...

Sorry about the last two comments, read what you said earlier about someone else's problem that i had and have done what you have suggested and now works well. :) thank you

Anonymous said...

Thank you - it worked. Used option 2, then did system restore to reestablish ethernet connection and ran antivirus one more time to be sure to be sure.

karen said...

hey, so i followed all the steps but it keeps poping up on my screen. what should i do?

Lux said...

Thank you so much for this. All seems O.K... for now.

Anonymous said...

So after i finish the scan, what do i do?

Anonymous said...

I am so relieved now. Thanks! I cant find a trace of anything on my comp. Though that doesnt mean im 100% cleared, My comps working like a charm!

Anonymous said...

THANKS A LOT!! I've catch that rogue virus thing this morning and removed it within a hour !! Procedure very clear and workful, thank you

Anonymous said...

Hi,

I followed process #1 and got the virus off my computer. But now when I try to close or open windows, my computer screen freezes and I can't do anything. Any suggestions?

cseghsl said...

Thanks a lot dude. method #1 worked for me. I already had chrome and spybot SD installed which made it easier.

Anonymous said...

Thank you! I got the Internet Security 2010 malware after my daughter used my computer for accessing Facebook.

I tried method 1, above first. After running the reg.fix file, I was stilling having problems. Based on another post in this thread, I realized my virus .exe file wasn't called AV.exe, rather MSASCUI.exe. I decided to clean the registry entries manually.

I opened a command prompt window (Start Menu > Run > cmd, and typed "regedit" to open the registry editor. I did a manual search for "MSASCUI.exe" and found it in several places. As noted in another post, I was careful not to delete the entire "Default" value; I only deleted the MSASCUI.exe path name and the extra START command.

For example:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

became:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%1" %*

I kept hitting F3 to find all refererences to MSASCUI.exe in the registry, and if they weren't shell\open type commands, I deleted the entry entirely.

After closing regedit, I verified that the MSASCUI process wasn't running in Task Manager. I was then able to access IE without the dreaded malware popup, and download and run Malware Bytes. I then downloaded and ran the free SuperAntiSpyware and it found another lurking virus and killed it.

Perhaps an extermination fund is in order to track down the malware authors and deliver some social justice. They don't care about our suffering, I certainly don't care about theirs.

Admin said...

Thank you for writing, we really appreciate this!

Anonymous said...

Thank you very much indeed ...its works..
i.ve been so confused to remove the spyware 2010

thanks man....

Anonymous said...

ok so this xp antivirus 2010 totally fked my computer... i have had a similar type of virus trojan before, but nothing like this.. i tried malwarebytes but it wont let me update.. lost any sort of internet connectivity... so tried the fix.reg deal, and now my computer wont boot. says "memor" .. so now what?

Anonymous said...

Dammit! I fell for the stupid thing and paid $60 =/. Wish I had known about it before.
Thanks so much for the help! I am not so good with all of this stuff and although, I THINK it's gone, I'm not sure. Is there anyway of knowing that it's gone for sure?

Anonymous said...

I did the first parts of step 1 and in the process of scanning, the malware program randomly disappeared. It won't let me run it. Is this good or bad?

Anonymous said...

should i restart after using fix.reg other sites are suggesting i do so before using on of the antivirus things

Anonymous said...

am i supposed to delete the fix.reg file from my desktop after i've completed all the steps?

Anonymous said...

thank u so effing much!!!!!!
i did the first one and it worked perfectly
thank u thank u thanks a million!!!!!!!!!!

Anonymous said...

I usually don't post on these, and I know it has been said before, but I would just like to thank you for these steps. I hate that vulnerable, violated feeling you get when you find yourself with a virus on your computer, but your instructions renewed my faith in the online community. Thanks again!

Admin said...

Q: "am i supposed to delete the fix.reg file from my desktop after i've completed all the steps?"

A: Yes, you can delete it.

rocky said...

Hi just got this virus. It won't let me run task manager. Tried the reg fix (on usb flash drive) and it's disabled editing the registry as well. It also is stopping the system restore in both normal and safe mode. Any other ideas would be greatly appreciated. Got access to a laptop (that's how I'm online now.)

Anonymous said...

Well, I've gotten this XP smart security 2010 and it got to the point where i couldnt even do any thing on the computer so restart it. Now it won't run. It won't boot in safe mode either. What can I do?

dave said...

i dunno if the my comment got through or not but.

1) is it normal to have that virus popup again and again when im scanning with malwarebytes

2) after doing the fix.reg and scanning. the virus is back after i restart and go onto internet.

what are some things i can do differently.

Anonymous said...

Hello -I performed Method #1, then updated and ran my Spybot S&D program, then rebooted my PC -but the XP Smart Security 2010 problem remains. Please advise, thanks!

Anonymous said...

you are 'GOD'

Admin said...

IMPORTANT UPDATE: if this virus disables everything and you can't reboot your PC in Safe Mode or Safe Mode with Networking then try this:
a) Reboot your PC in Safe Mode with Command Prompt.
b) From there type in the following line (below) and hit Enter button:
%systemroot%\system32\restore\rstrui.exe
c) If everything goes well then you should be able to restore a system to an earlier date when your PC as not infected.

Also you may reboot your PC in Debugging mode and run Malwarebytes or SUPERAntispyware. Rebooting your PC in

Anonymous said...

YaY! *hug*

Natty said...

I am in the same boat as the anon that posted 3 comments up. The infection hasn't really gone beyond the pop ups yet, but its definatly becoming a pain in the butt. Any other steps that need to be taken?

Anonymous said...

Adding to my previous post at 8:00pm on 15Mar: Please note that the virus on my PC is actually called "XP Smart Security 2010". I'm wondering if Method #1 didn't work because it is for "XP Internet Security 2010" (different name).

Please advise if you have a solution for "XP Smart Security 2010" -thanks!

Anonymous said...

MalwareBytes Anti-malware fixed it -forget Spybot for Methid #1

Anonymous said...

Thank you so very much for this. It worked like a charm. I have not rebooted yet, however I double checked it and it is no longer showing up in the security center so it should be gone. Hillary M.

Anonymous said...

The virus has gone, but if I click on my FireFox icon, it asks what programs do I want to use to open it. But I can right click on the FireFox icon and click on start and it returns me to the last session that I was on. I tried the download you left in an earlier post "http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip" but when I licked on "Run" it to asked me what program do I want to use to open it. I am officially lost!
Brandon

Anonymous said...

I've used this to help five different people get thru this, and it works great. I've done a couple of combos of the methods. Just remember to delete your temp files and temporary internet files.

Anonymous said...

Thanx man! /From Sweden

Anonymous said...

PERFECT AND AWESOME, THANKS A LOT, A LOT, A LOT AND A LOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOT! :D IT WOKRS UNBELIEVEABLE! From Azerbaijan.

Anonymous said...

I thank you from the bottom of my heart sir. Your instructions worked like a charm! This only occurred after I uninstalled comodo firewall because it was giving me a headache blocking programs unnecessarily etc.. Coincidence?(ironically this little nasty gave me an even bigger headache!) That will teach me, I'm off to download their latest.
Warmest Regards.

Anonymous said...

method 1 doesn't work for me...
for method 2 how do i get superantispyware to open using my flashdrive????
PLEASE HELP

Anoop D said...

Hi,

Thank you a lot .. my system was infected with "smart xp internet security 2010" and i just tried both spybot and superantispyware ... but it was MalwareBytes !!! that worked gracefully for me .... though it showed a vb 60 dll missing first ... thanks a lot .. and will be a regular here .. carry on:)

Stephen said...

You're making a great many people happy, Admin! I have the same problem as C. Andrew (above). I got rid of the malware, but now, whatever I click on the desktop, it's either "Application Not Found" or it asks what application I want to open it with. Sorry if you already answered this. Samani (also above) seemed to think you had, but I've been through this blog twice now, and can't see the answer s/he's referring to. Thanks, Stephen

Admin said...

Stephen,

Download and run xp_exe_fix.reg file
Download link: http://bit.ly/8ZhB1V

This hould fix your problem. Good luck!

Anonymous said...

for SUPERAnti spyware. which scan do you do? the full system scan, or the virus smart scan thingy? thanks :)

me said...

dude, you are awesome! I have had this problem 2 to 3 times, and everytime I used malwarebytes, it found some bugs but the problem cropped in a few days. your registry changes work great. my m/c works great now.

Stephen said...

Admin, someone should buy you a cape!
It worked. Thank you!

terrys said...

i created the fix.reg but it will not run. says cannot import c/document.....not registry script can only import binary registry files from the editor. it is invading when in safe mode also.

Anonymous said...

ThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYou!
I can't believe it is finally gone. I did Option #1 while in Safe Mode and used Malwarebytes. Thank you so much.

ShanV said...

i did this a few times. it worked but it kept coming back. and now its not working at all.. D: how do i delete it??

Anonymous said...

THANK YOU SOOOOOOOOOOOOOO MUCH. worked like a wonder, my PC is up and running as normal. I used the malawarebytes software. It tok only 2 hours to scan my computer and when I restarted it all was good. So once again thank you so much

Anonymous said...

Thank you, thank you, THANK YOU! My computer became infected yesterday (my birthday) so I consider this a late birthday present. I did Option #1 and used Malwarebytes. Thanks again!

Erica Anderson said...

Thank you, thank you, thank you! Worked like a charm! I couldn't get the Malwarebytes to work, but the SUPERAntispyware did!

Anonymous said...

Thanks a lot... Step 1 works for me

Anonymous said...

Thank you thank you thank you. This worked perfectly.

B said...

i think i got rid of it but the laptop is still slow. does that mean i still have it? it doesnt pop up anymore though.

Anonymous said...

thank you very much! it works,,that threatened me seriouly! you're great!

Anonymous said...

reg fix worked perfectly, thank you.

Anonymous said...

Thanks a lot. Looks like this worked out pretty well. Hope to not see such enerving pop-ups for a while.

Paul said...

The fix.reg and SUPERAntispyware worked. Thanks

Anonymous said...

i used method 1 and superanti spyware. it said it needed to restart my computer,an upon restart, many of my programs are no longer working. when i try to open their icons, it says file not found. is there anything i can do?

Anonymous said...

thank you worked great! :)

Admin said...

Q: "i used method 1 and superanti spyware. it said it needed to restart my computer,an upon restart, many of my programs are no longer working. when i try to open their icons, it says file not found. is there anything i can do?"

A: Download and run xp_exe_fix.reg file
Download link: http://bit.ly/8ZhB1V

Anonymous said...

Thank you...worked great...what a nuisance these people that make these viruses, thinking that by hijacking your computer, you'll be forced into buying their junk !!! It's extortion !!

In any case, the fix.reg and superantispyware free edition worked. I ran the full system scan ; it took almost an hour ; then re-booted and the nuisance is gone !! Also, the superantisypware got rid of more ad-ware etc, and the computer runs a tad quicker than before...

Thanks for helping out by starting this blog and god bless !!

Anonymous said...

Thanks! Used step 1 with great success. Actually, the most annoying malware I have ever had, but with your instructions, the easiest to remove.

Anonymous said...

Thanks for sharing. Very much appreciated. Keep up the good work.

David said...

Hello when I try this method it says " cannot import c:\documents and settings\david\desktop\fix.reg: The specified file is not a registry script. You can only import binary resgistry files from within the registry editor. HELP !

Anonymous said...

Please help me, I finished steps 1-5, and I already have a Malwarebytew Anti-malware. But the problem is, I can't seem to get it open. Any help?

sander said...

thank you. and this is not a first of april joke

Anonymous said...

I am a cheese

Anonymous said...

Wow!!! What can I say? This was the easiest computer fix ever! Your instructions were extremely clear and easy to follow. I had the same problems as others with running .exe programs after the fix and the link you provided took all of five seconds to correct the problem!
Thank You!

Lauren said...

Thank you SO much for these easy instructions. I thought I would have to deal with the annoying security alerts forever!

Anonymous said...

Alrighty, Thanks for the clear directions on how to zap this bug away! Keep up the good work and help rid the world of more pest like these.

Anonymous said...

Thank you so much!

Anonymous said...

I have the same problem as anonymous about 6 comments up. I downloaded the software, but I can't get it to open

Anonymous said...

I'm stuck on step #5. After clicking "Yes" to the Registry Editor prompt window, I get a message that says: "Cannot import C documents and settings Desktop fix.reg. Not all data was successfully written to the registry. Some keys are open by the system or other process."
I copied and pasted everything that was written in blue into the notepad like you mentioned in step 3. PLEASE HELP!!!
Thanks,
Ellen

Anonymous said...

Thanks for these instructions - I had dealings with this malware yesterday... Tried first with Malwarebytes but the malware came back with a slightly different name; tried again with SUPERantispyware which found a couple of trojans Malwarebytes had missed and now everything is working fine.

Thanks again
Gavin
UK

Anonymous said...

unable to get step 5 to run the program of fix.reg? Please help me

Anonymous said...

Should I be able to access my files after completeing method 1 ? Also, will I physically lose my programs after completeing Method 1 ?

Anonymous said...

Method one and Superantispyware did the trick! Thank you! Thank you!

Anonymous said...

I'm stuck on step #5. After clicking "Yes" to the Registry Editor prompt window, I get a message that says: "Cannot import C documents and settings Desktop fix.reg. Not all data was successfully written to the registry. Some keys are open by the system or other process."
I copied and pasted everything that was written in blue into the notepad like you mentioned in step 3. PLEASE HELP!!!

Anonymous said...

Thanks for this. I was getting pretty concerned with all I was reading about this little bugger. The McAfee website was no help at all. Guess I'm going to rethink that whole $75 per year thing. Thanks again! I'm off to build a small sacrilegious temple in your honor.

JD

Anonymous said...

Don't know if this is the problem, but .reg file is supposed to have one blank line at the end. If you copy & paste the text part, there won't be a blank line. After copy & paste, hit Enter key a couple of times.

Anonymous said...

Tried to run Fix.reg in safe mode but get " Registry editing has been disabled by your administrator" How do I activate the Registry Editor? I am a bit scared about mucking about with registry things!!!!

jp said...

Hi,
thanks a lot!
This was a painless experience, it worked just as noted. I had to run the fix as mentioned earlier on Mar 22, and now my computer works just as normal.
You are the best!
Tks, jp

Anonymous said...

YOU ARE AWESOME. Thank you so much. I was an idiot and fell for the scam and paid the $$. Hopefully the virus is gone now and the bank will fix my error. Luckily, you saved my sanity! Thanks so much!

Russell said...

Hey,

I have XP Snart Security 2010 currently infecting my computer. It lets me use the internet, itunes, etc. but I keep getting annoying pop-ups about the scan and buying the new software. When I scan with malware(which I already had) no viruses are detected. Do I need to update malware or go about this differently?

Anonymous said...

Hi, I'm getting stuck on step 5. When I double-click on the file, all that happens is it opens in notepad-- nothing more. What am I doing wrong?

Anonymous said...

Thanks alot! Used method #2, xp no longer pops up, however i cant use any internet browser. anyone know how to fix this?

Anonymous said...

This was a great and fast fix. I used method #1. I left this page open in the background and then went step by step. I already had "spybot seach and destroy" installed but it didn't work until I did method# 1. After I followed the instructions I opened "spybot" download any updated then did a full scan. Once the scan was complete I rebooted and the problem was solved. Thank you very much. I will keep this site for future emergencys.

Anonymous said...

Malwarebyte's Anti-Malware fixes Internet Explorer registry problem.

Anonymous said...

Thank You Very Much! It Worked!

Anonymous said...

A quick way that does not touch the registry:

vma.exe (the infection that showed on a PC here (aka Total XP Security), after cleaning with Malwarebytes I found that it corrupted the users profile.

Copy out Desktop, Favorites, and My Documents. Delete the profile and have the user logon to create a new profile, then copy the Desktop, Favorites, and My Documents folders back into the new user profile.

The symptom that had me try this was when the infected user account logged in and tried to activate a program link (such as IE from the desktop icon), it would ask for which program to open it. When I logged in as a different user all worked fine. This lead me to beleive it was the users profile that had the issues.

Anonymous said...

People this Works! At the very end of the process, it asks for a donation. I Did Not give one, and because it worked, I feel bad now for not having given one. Someone in the future, please pass it on. Again, thanks!

Anonymous said...

Well done.. my friends computer thanks you..

Anonymous said...

Wow! You are a genius!! Thank you!!!

But.. Can I delete the fix.reg document? Or do I have to have that on my desktop?

Anonymous said...

I did method one with SUPERantispyware, in less than an hour it's done, no more FAKE XP security, system is clean. For as crappy as all these viruses can be, it's nice to have a relatively easy fix for one like this.

THANK YOU!

Anonymous said...

thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you thank you

Jon from Cardiff said...

I had this, i got so pi**ed off with trying to remove it i ended up just formatting my computer. Worked a treat!

Anonymous said...

Thanks

Anonymous said...

My English level is very low but I only want to say one thing: you solved my problem. Thanks a lot!!... and congtratulations for this site.

«Oldest ‹Older   1 – 200 of 257   Newer› Newest»