How to remove XP Antispyware 2010
Thursday, February 4th, 2010 at 7:14 amHome » Rogue Antispyware » XP Antispyware 2010
XP Antispyware 2010 description
XP Antispyware 2010 spreads via trojans and deceptive online advertisements. Avoid installing this program if you have a choice.
XPAntispyware 2010 targets your money. It loads imitation of system scan and then displays fabricated system scan results. XPAntispyware2010 urges paying for the program for deleting the imaginary threats. Trust none of the notifications loaded by XP Antispyware 2010. The program is actually a malware. Besides generating large amounts of counterfeit alerts, XP Antispyware2010 also interrupts web browsing and terminates reputable security tools.
XP Antispyware 2010 displays the following falsified warnings:
XP Antispyware 2010 – Unregistered Version
Attention: DANGER!
ALERT! System scan for spyware, adware, trojans and viruses is complete. XP Antispyware 2010 detected 28 critical system objects. These security breaches may be exploited and lead to the following:
! Your system becomes a target for spam and bulky, intruding ads
! Browser crashes frequently and web access speed decreases
! Your personalfiles, photos, document and passwords get stolen
! Your computer is used for criminal activity behind your back
! Bank details and credit card information gets disclosed
Click REGISTER to register your copy of XP Antispyware 2010 and perform threat removal on your system. The list of infections and vulnerabilities detected will become available after registration.
XP Antispyware 2010 Firewall Alert
XP Antispyware 2010 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.
Windows recommend Activate XP Antispyware 2010
Click “Yes, Activate…” to register your copy of XP Antispyware 2010 and perform threat removal on your system.
Get rid of XP Antispyware 2010
XP Antispyware 2010 is a Rogue Antispyware software
How to manually remove XP Antispyware 2010
To remove XP Antispyware 2010 spyware you must block XP Antispyware 2010 sites, stop and remove processes, unregister DLL files, search and delete all other XP Antispyware 2010 files and registry utility. Follow the XP Antispyware 2010 detection and removal instructions below.
The most typical software removal method is to remove XP Antispyware 2010 by using "Add or Remove Programs" service. However there may be hidden XP Antispyware 2010 files, running processes and registries in your computer, so XP Antispyware 2010 may recreate all other files after reboot.
XP Antispyware 2010 manual removal instructions
Block XP Antispyware 2010 sites:
pc-winlive.com
Read more how to block XP Antispyware 2010 sites
Stop and remove XP Antispyware 2010 processes:
av.exe
Read more how to kill XP Antispyware 2010 processes
Locate and delete XP Antispyware 2010 registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*"
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "av.exe" /START "%1? %*"
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*"
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "av.exe" /START "%1? %*"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "av.exe" /START "firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "av.exe" /START "firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "av.exe" /START "iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
Read more how to delete XP Antispyware 2010 registry entries
Download RegistryBooster 2010 to scan errors caused by XP Antispyware 2010
Detect and delete other XP Antispyware 2010 files:
av.exe
WRblt8464P
We strongly recommend you to use spyware remover to track XP Antispyware 2010 and automaticaly remove XP Antispyware 2010 processes, registries and files as well as other spyware threats.
February 6th, 2010 at 1:56 pm
this is not working for me and what can i do to stop this stuff from going deeper in my computer?
Reply
Luciana Reply:
February 8th, 2010 at 12:37 am
It won’t do anything more than it already did. However, you should remove XP Antispyware 2010 as soon as possible. Use the manual removal guidelines or run an anti-spyware tool.
Reply
February 9th, 2010 at 6:37 pm
first make a backup of your registry,
then delete the whole keys:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CLASSES_ROOT\.exe\shell\open\command
HKEY_CLASSES_ROOT\secfile
make sure the following values are correct:
[HKEY_CLASSES_ROOT\.exe]
Default=”exefile”
“Content Type”=”application/x-msdownload”
in my case the above Default value was “secfile”, which prevented me from running any exe files
Reply
johnny Reply:
February 28th, 2010 at 9:44 am
where do i do this? in the command promt? i dont get it? please explain, i really need help. Thank You!
Reply
SPHINX Reply:
March 4th, 2010 at 1:57 am
Thanks for putting this up i just force started regedit and inserted it so everything started working again. I’m doing this on a corporate computer at work and the other employees keep getting this same crap on here. THANKS to all my fellow hacker/nerds/system admins.
Reply
LE Reply:
March 6th, 2010 at 3:04 pm
I was having a panic as I needed those files right away. I checked what you said and mine was set to secfile as well. Switched it and now it all works!!!
Thanks so much Daniel A
Reply
February 14th, 2010 at 10:17 am
Sorted it – as some exe files would run and others wouldnt I delved a bit deeper. I typed run – command – regedit and then it started and yes Daniel A my default vlue was also set to ’secfile’. Thanks a lot to both of you for your help.
Reply
February 18th, 2010 at 8:05 pm
Daniel A.:
Thanks a lot for that extra tidbit, that’s exactly what prevents exe files from running. Saved me a lot of time.
Reply
February 19th, 2010 at 6:32 am
if you remove the exe association, you’ll have trouble opening regedit to get back in and correct it (as I did.. pays to read the whole chain first…). this link will help you open the regedit if you’ve hosed it. http://support.microsoft.com/kb/555067 then you can change the [HKEY_CLASSES_ROOT\.exe] value..
Reply
Cory Reply:
March 2nd, 2010 at 11:56 am
removed the regisrty values and now some of my programs will run whil others won’t. what should I do?
Reply
bryan Reply:
March 3rd, 2010 at 12:08 am
follow a guide in a link above and fix your registry entries
Reply
Cory Reply:
March 4th, 2010 at 9:53 am
went into registry and got it fixed thanks!
February 19th, 2010 at 6:54 am
I only realized Daniel A’s point now, and I’ve already deleted the values, so I can’t access regedit now, when I try to run it, it comes up with the little box saying: Windows can not open this file, windows needs to know what program created it. I just want to go the the registry and check that the value isn’t secfile. Can anyone help?
Reply
bryan Reply:
February 19th, 2010 at 6:57 am
Bill,
check Shawn’s solution above
Reply
February 19th, 2010 at 7:00 am
Cheers for that, sorted it and got rid of that bloody fake xp antispyware for the second time in a week.
Reply
February 19th, 2010 at 1:20 pm
This is the only site helped my problem. I searched many other places, the registry and file name did not match my case. I stilled can not find av.exe on my machine. But it was in several places in the registry. Using Search in XP, I only found av.exe-0798f1fd.pf. How can I find this av.exe and delete it forever?
Thank you very much.
Reply
bryan Reply:
February 20th, 2010 at 1:42 am
try to search in:
%UserProfile%\AppData\Local\
%UserProfile%\Local Settings\Application Data\
Reply
February 20th, 2010 at 8:13 pm
After removing the “XP Antispyware 2010″ by running certain software, I performed manual check-up of my system registry and I found from all of the files described in your website only two remaining in directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center as follows: “AntiVirusOverride” = “1″ and “FirewallOverride” = “1″, so I removed them.
However, there where three more files in the same directory, which carry the same icon as the removed ones: “AntiVirusDisableNotify” = “0″; “FirewallDisableNotify” = “0″ and “UpdatesDisableNotify” = “0″. Question: should I remove these three as well?
Also, I have searched for av.exe and I found AV.EXE-38C58F5E.pf in C\WINDOWS\Prefetch. Should I delete this exe?
Thank you for your help.
Boicho Miloshov
Reply
bryan Reply:
February 21st, 2010 at 7:01 am
yes delete everything
Reply
Anne Reply:
March 8th, 2010 at 2:48 am
I followed all the instructions listed and it appears that the virus has been removed. I did all the manual steps, ran the system checker, and extra steps listed here just to be sure it was all gone. Including deleting all the items listed above, but now my firewall wont start up or anything. What do I need to do to fix this?? Everything else is working fine, just that is messed up so far…
Reply
jackee Reply:
February 27th, 2010 at 8:12 am
what certain software did you use?? I cant get anything to run its course on my PC?
Reply
February 21st, 2010 at 12:33 am
Thank you so much, it pop up on my home pc and we didn’t believe it. We did have to go to the task manager and remove the av.exe and go into regedit and remove the following
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
This removed the “advertised” program and allow us to get by on the internet. We have downloaded the removal tool from this website as well. When the “program” popped up it disable our ability to get on the internet. Thank you for all the help.
Reply
Stephen Reply:
February 21st, 2010 at 7:38 pm
This worked!!! The spyware was totally taking over one of our computers! This removed it right away!
Reply
February 21st, 2010 at 8:26 am
You guys are excellent. You saved me from tons of trouble.
Thank you for all the help.
Reply
February 21st, 2010 at 2:47 pm
Ok, so before I do this (I’m not techy), how do I make a back up of these registries?
Reply
bryan Reply:
February 22nd, 2010 at 5:15 am
open registry editor and click File -> Export
Reply
February 21st, 2010 at 8:53 pm
Hi, Looks like I messed up my Registry by deleting the unknown values in regedit. Now I am not able to access it to change it in the right way. I checked Shawn’s solution above but even with it, I was not able to get to the regedit. Anything I try to open with .exe, the message comes up as “The file does not have a program associated with it for performing the action. Create an association in the folder options control panel”
Can any one please help me with it?
Reply
Cory Reply:
March 2nd, 2010 at 11:59 am
same problem- need help!
Reply
February 22nd, 2010 at 5:39 am
Hi everyone,
I followed all of your directions above completely and when I got to the delete registry files, I clicked on the “Read more how to delete XP Antispyware 2010 registry entries” link below that section because I didn’t know how to do this before. I did all the way through step D. After that it talks about adding a new value or new key… am I supposed to do any of this??
Thanks again for all your help! Those pop ups for “XP Antispyware 2010″ were making me nuts!
Now if I could just become a computer genius! =)
Reply
February 22nd, 2010 at 10:06 am
Thank you to both Daniel A. and Shawn for your comments. They helped me out!
Nish – With regard to Shawn’s comment, I couldn’t get that to work either. I couldn’t get the command to work to copy regedit.exe to regedit.com, so I just changed regedit.exe to regedit.com and then I was able to open regedit.com and fix the registry. (regedit.exe was auto-re-created for me) Hope that helps.
Reply
February 22nd, 2010 at 3:15 pm
Hey All,
I’m in the same boat as the above guys. Sahwn’s solution worked for me and I can now run regedit from the the Run… comand but I can’t run any exe file it just brings up the “open with” window. I’m assuming one of the other instructed regestry entries to delete needs a proper setting. Can someone post the default value for all of those?
Many thanks in advance
Reply
February 22nd, 2010 at 10:25 pm
Please! Someone help! I am a noob and I just was trying to help my girlfriend get rid of this on her computer and I accidentally told her to delete the following in her registry.
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*”
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1? %*”
HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1? %*”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
But we just deleted it all and didn’t do it right and now she can’t run firefox and IE and can’t even run the registry in start run. We also can’t open any .exe files!
ANY HELP WOULD BE GREATLY APPRECIATED.
Reply
EC Reply:
March 1st, 2010 at 7:36 am
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = c:\Program Files\Mozilla\firefox.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = c:\Program Files\Internet Explorer\iexplore.exe
Firefox and IE will now open.
Reply
February 23rd, 2010 at 12:18 am
guys guys
use Registry Booster 2010 to fix registry errors
Reply
Cory Reply:
March 2nd, 2010 at 12:03 pm
but how do you get it to run? if the exe are not able to run how?
Reply
February 23rd, 2010 at 3:06 am
just posting to see if the comment section is fake
Reply
bryan Reply:
February 23rd, 2010 at 3:55 am
ha!
Reply
February 24th, 2010 at 9:09 pm
This fix along with the comment clarifications worked perfectly. Thank You!
Reply
February 24th, 2010 at 11:13 pm
Excellent directions and results achieved. I would love to make a donation for the help. But , that could be construed as indirectly promoting the proliferation of this spyware. So instead I offer to first in line to tea bag the jack hole who wrote this program.
Reply
February 25th, 2010 at 8:25 am
Mike Massie – I think that line is going to be pretty long. Count me in.
Reply
February 25th, 2010 at 5:08 pm
This message really helped my case. There are other instructions for removing this malware but did not fit my case. Thanks so much
Reply
February 26th, 2010 at 6:45 pm
I have XP Anitspyware 2010 on my computer, and it won’t let me get on the internet, so I get on it in Safe Mode. Will the XP Anitspyware tool kit work and be effective against the virus if I download it and use it in Safe Mode? In addition, I’m not too computer savy, so do you think I will be able to remove the virus with the tool kit?Thanks for any help you can give me on this.
Reply
February 27th, 2010 at 6:36 am
Ok so I followed the comments and successfully deleted the virus, however now I can’t run .exe files. I tried following the directions to fix it, and as I cant get into regedit, but when I tried to follow the directions from that support link, it wouldn’t work. When I tried to add the value regedit.exe to regedit.com it said that it could not be added. I saw a message saying that maybe I have to turn off systems restore in xp in order to get it to work, but I can’t do that either because right clicking on “my computer” and clicking on properties is not allowed, since that is apparently an exe operation too! I don’t know what to do… I’m definitely not computer savvy.
Reply
February 27th, 2010 at 8:10 am
HELP!!! I have this XP antispyware on my PC… I am unable to download any tools to help. I was able to delete the av.exe in the process area, but I am not able to get my registry open, much less delete the bad files. I have read all the intructions.. I don’t know what to do.. I keep getting an X that windows cannot perfom the action I may not have certain permissions. I cant get into my add remove programs.. etc nothing. I am however able to access internet via XP’s so- called security page.. What do I do? Please help!! Thanks!!
Reply
February 27th, 2010 at 1:32 pm
whats hot key, do go into command prompt? can i have a step by step guide for someone illiterate please thanks!
Reply
February 27th, 2010 at 5:07 pm
I was weary of downloading the removal tool so instead, I just followed the manual removal instructions and now have my computer back. Thanks a to all the posts.
Reply
February 28th, 2010 at 9:20 am
After I delete av.exe in my registry, I couldn’t open any exe files. On Microsoft website, there is a blog teaching how to reset registry to change secfile back to exefile. That solved my problem.
Reply
March 1st, 2010 at 7:54 am
For those complaining about the solution, READ and FOLLOW the instructions line by line. Worked for me
thanks guys
Reply
March 3rd, 2010 at 6:07 am
What I found when I had this virus:
1) You can’t stop the process AV.exe is running in because you can’t start task manager.
2) My ZoneAlarm was halted via a registry update I found in my C: directory. That meant I no longer had any control over incoming or outgoing processes on my PC. So I disconnected my LAN cable.
3) You can’t run most executables, particularly by double-clicking. What you can do is rename or copy some of them to .com extensions. The virus redirects .exe extensions, but not .com. Also, you can right click on file icons and there is a start option you can use to make programs like regedit run.
4) You can’t delete the av.exe file because it’s “in use”, but you CAN rename it. When you restart your computer, it then can’t reload. The location is exactly where this article says it will be.
5) The guidance to use Safe Mode to turn off system restore before doing the registry edits wasn’t useful because I couldn’t get into the System Restore settings even in Safe Mode. Executable function and system tools were still blocked in safe mode.
Once I renamed the executable and restarted my PC, I forced the ZA client to restart. I scanned the system and had the file that originally loaded the AV trojan quarantined. Then I did the registry edits listed above. That cleared up my infection.
Pay attention to the MS article Shawn refers to. That will allow exe files to run again.
Reply
March 5th, 2010 at 8:42 am
Changing the registry worked!! Thank you, thank you!!
Reply
March 6th, 2010 at 7:48 pm
I want to thank you guys and gals for the excellent info. It worked great.
I want on the list to tbag the scumbags who inflict this crap on everyone.
Thanks again
Reply
March 7th, 2010 at 12:09 pm
Thank you, this was all very helpful. I was able to find and delete the files. I had to rename regedit before I could get into it, but then was able to clean everything out of there as well. The only issue I have now is that I am not allowed to rename regedit back to an .exe file because it seems there is another file with the same name.
Reply
March 7th, 2010 at 3:29 pm
I couldn’t find the av.exe file in either my processes or by searching my computer. After so Task Manager work, i narrowed the file down to MSASCui.exe(blahblah.pf) so maybe they’ve updated their filename? Anyways, after deleting that file, i’m back up and running.
(I also did the registry edits, just in case, but a lot of them were missing. Maybe i had something different)
Anyways, thanks for the help!
Reply
March 7th, 2010 at 7:32 pm
It seems to me what this nasty piece of malware does is copy the itself (filename av.exe) onto your computer.
AND it changes several registry settings controlling how Windows actually runs ANY programs. In fact these malicious changes just make Windows run av.exe regardless of which program you’re trying to run.
If you find and delete all copies of av.exe, Windows behaves really oddly because mostly regardless of whatever you actually wanted to run, Windows still tries to run av.exe, which no longer exists!
THE SOLUTION (for me with WinXP, at least) is to right-click the program file you want in explorer, and use the “Run as…” option. YOU MUST uncheck the “Protect my computer…” option, and run the program as current user.
Obviously the best program to run is System Restore (filename rstrui.exe, which on my system was in \windows\system\restore). Using the “Run as…” method described above, I ran it and restored back to last night, then rebooted – all in less than a minute, after which all problems are gone.
Reply