How to remove XP Internet Security 2010 rogue anti-spyware

Malware Description:
It’s amazing how a program called XP Internet Security 2010 having a professional-looking GUI can turn out to be worthless rogue anti-spyware that robs people of their savings. XP Internet Security 2010 is one of the several occurrences of the same malware code whose name depends on the Operating System it compromises. As the name prompts, XP Internet Security 2010 denotes the malicious entity installed on Windows XP. The counterpart of XP Internet Security 2010 which attacks Windows 7 system is denominated Win 7 Internet Security 2010, and it differs in the graphical UI and the name only. XP Internet Security 2010 is quite aggressive when its executables start running on your computer. It blocks any process which the user tries to launch, and substitutes it with its own malcode unless it finds the to-be started executable safe and in no way related to antivirus tools. XP Internet Security 2010 displays many fake warning messages reporting the detection of dangerous parasites such as Trojan-BNK.Win32.Keylogger.gen and similar. The effect of these fake ads will be reinforced by the scanners which will keep popping up once your PC starts and Windows logo appears. All these alerts are determined to tell the user that his/her computer is at risk and has to be aided immediately to avoid system crash. It’s a good thing that ads from XP Internet Security 2010 are false; it’s really unfortunate though that you really need to take care of the rogue anti-spyware that’s inside your PC and gradually rendering it unbearably slow and vulnerable. XP Internet Security 2010 removal is not simple yet possible. Please follow our guide provided below to uninstall XP Internet Security 2010 without giving this malware any chances to damage your Windows XP.

Malware Type: Rogue Anti-Spyware

Malware Author: Unknown

Threat Level: Critical

Advice: Immediately remove and scan for additional malware

XP Internet Security 2010 Free Scanner and Remover: Download Now

XP Internet Security 2010 Screenshot:

XP Internet Security 2010

How to remove XP Internet Security 2010 manually:
Manual removal of XP Internet Security 2010 is a feasible objective if you have sufficient expertise in dealing with program files, processes, .dll files and registry entries.

The files to be deleted are listed below:

  • %Documents and Settings%\[UserName]\Application Data\av.exe
  • %Documents and Settings%\[UserName]\Application Data\WRblt8464P

The registry entries that need to be removed are as follows:

  • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
  • HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
  • HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
  • HKEY_CLASSES_ROOT\secfile\shell\open\command “(Default)” = “av.exe” /START “%1″ %*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “av.exe” /START “firefox.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “av.exe” /START “firefox.exe” -safe-mode
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “av.exe” /START “iexplore.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″

Please, be aware that manual removal of XP Internet Security 2010 is a cumbersome process and does not always ensure complete deletion of the malware, due to the fact that some files might be hidden or may get reanimated automatically afterwards. Moreover, manual interference of this kind may cause damage to the system. That’s why we strongly recommend automatic removal XP Internet Security 2010, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.

Download XP Internet Security 2010 Automatic Remover

Like This Article? Let Others Know!

Reader's Comments:

  1. Martin |

    I have Windows XP. A few comments:

    Removal of registry entries works fine. The av.exe file also exists as a .ini file in the \Application Data\ area (there must be some startup command that renames it to av.exe so that it can run).

    Worse. If you use task manager to stop the av application it will not shut down properly, but re-associates .exe program extensions to null and tries to corrupt the hard disk. So that on re-booting, the operating system does a file system check disk and will not allow any applications to run unless you re-assign .exe program extensions using the control panel associate file option.

    Infection occured 08/02/2010.

    AVG 8.5 free anti virus software did not pick this up.

  2. Blair |

    What should .exe be associated with?

  3. admin |

    .exe stands for an executable, i.e. a process run by an application.
    If you open up your Task Manager and click the ‘processes’ tab, you will see all the ones running on your machine.

  4. Julie |

    I can’t find anything in the registry about av.exe but I have ave.exe. Is this another name for the registry file?

  5. admin |

    Hi Julie,
    Yes, the rogue antivirus products from this family have been noticed to be currently using Ave.exe process to take over computers.

  6. Angela Cornell |

    I have downloaded every malware product on the market and none have removed XP Internet Security 2010. It spread thru my network onto my laptop also. I had to take that back to factory settings to get rid of it. I have not been able to take my business computer back to factory settings, too much info to replace.

    If anyone has any idea on how to get rid of this, please email me.

Post a Comment: