How to remove XP Internet Security 2010 malware rogues

XPInternetSecurity_alertToday got a call from a friend and was told that her computer might be virus infection since a new anti-virus software always prompted up and warned her everything. And this new anti-virus is named “XP Internet Security 2010″, but she said she never installed it before. Now she was scared since too many viruses found on her computer according to the ‘XP Internet Security 2010” application warned. Based on what she said, I could tell she got a new malware infected instead of a lot of viruses.

To verify, I remote to her machine.  And confirmed that I was right. The behaviors of this malware were the same as the web site bleepingcomputer.com described.

When installed, this rogue pretends to be an update for Windows installed via Automatic Updates. It will then install itself as a single executable called AV.exe that uses very aggressive techniques to make it so that you cannot remove it. First, it makes it so that if you launch any executable it instead launches Antivirus Vista 2010, Win 7 Antispyware 2010, or XP Internet Security 2010. If the original program that you wanted to launch is deemed safe by the rogue, it will then launch it as well. This allows the rogue to determine what executables it wants to allow you to run in order to protect itself. It will also modify certain keys so that when you launch FireFox or Internet Explorer it will launch the rogue instead and display a fake firewall warning. Last, but not least, when try to browse to a web site, it will hijack your browser and state that the site is a security risk and not allow you to visit it.

Here are some screen shots I got.

XPInternetSecurity_windows
This malware changed the settings in Windows and pretended they are real anti-virus suites.

XPInternetSecurity_scan

It acted like a real anti-virus software and scanning all of your machine then warned with “problems”

XPInternetSecurity_ie

It would hijacked all of your launched executable applications, and you could not even browser the Internet since it will embed such warning above to your browser (IE or Firefox).

When you fooled by such warnings, and you went ahead to “correct” your computer and you would be prompted to purchase from them.

How to remove it

To remove this bad boy, you need two files. The first file to kill XP Internet Security 2010 process or modify the registry to make your second file can be ran. The second file is called Malwarebytes’ Anti-Malware which can be used to remove this malware.

To download these file or need more detailed instruction, please check Automated Removal Instructions for XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010 using Malwarebytes’ Anti-Malware web site.

Other Information

Antivirus Vista 2010, Win 7 Antispyware 2010, and XP Internet Security 2010 are shown with different names and interfaces depending on the version of Windows that it is run on.

* Antivirus Vista 2010
* Vista Antispyware 2010
* Vista Guardian
* Vista Antivirus Pro
* Vista Internet Security
* Vista Internet Security 2010
* XP Guardian
* XP Antivirus Pro
* XP AntiSpyware 2010
* XP Internet Security
* XP Internet Security 2010
* Antivirus XP 2010
* Antivirus Win 7 2010
* Win7 Guardian
* Win 7 Antivirus Pro
* Win 7 Antispyware 2010
* Win 7 Internet Security
* Win 7 Internet Security 2010

Automated Removal Instructions for XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010 using Malwarebytes’ Anti-Malware:

11 thoughts on “How to remove XP Internet Security 2010 malware rogues

  1. cameron quan

    Thank you so much for your information!!

    This has helped me very much in saving my computer to be overtaken by this virus.

    Thank you!

    [Reply]

    Reply
  2. Tim

    Another solution is to simply get the latest security updates from Microsoft (especially the malicious software removal tools).

    Unfortunately, the Microsoft Update website only works with Internet Explorer, and this rogue will prevent Iexplore from accessing the website.

    The work-around is to go to your control panel and open up “Automatic Updates.” Turn on automatic updates and have it check every [current weekday] and set the time to the start of the next hour. Download and install all of the provided updates and restart your computer.

    [Reply]

    Reply
  3. Blogger Dan

    I hope you don’t mind me asking but would you be intrested in posting for my site at all? Your fantastic at writting and expressing what you mean and your website is very good.

    [Reply]

    Reply
  4. Minerva Swanger

    Thank you for inforomation! Very useful. My computer was recently infected by malware. I have tried several applications to get rid of it, but no luck. 🙁 At the end I found expert blog about rootkits and guys running this blog were able to help me with the problem. They have removed virus from my computer in 30 minutes!

    [Reply]

    Reply
  5. Twila Preza

    I have to give thanks to you for your blog article, it’s very helpful and also valuable. I’ve had many negative encounters with malware, and it can be very aggravating to cope with. One time My partner and i needed to re-install Windows xp because of some basic adware which i never took proper care of. Another moment My spouse and i experienced some voice randomly expressing products to us about some package I won, it had become extremely annoying. I’m going to book mark your web blog and come back quite often. Thank you yet again

    [Reply]

    Reply
  6. Danny Higson

    Thanks for informing us, even, once my friend’s laptop was infected with malware and warned that the website you are trying to access contains malwares or virus, which is really annoying, the only thing we did – format the whole laptop…but now you have informed us how to deal with the critical problem…thanks for sharing and expressing useful information….thanks once again

    Danny Higson

    [Reply]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Please Answer: * Time limit is exhausted. Please reload the CAPTCHA.