XP Anti-virus 2011

XP Anti-virus 2011 is a malicious application. Learn how to remove this virus from your computer with easy to follow procedure on this page.

XP Anti-Virus 2011 or also known as Vista Anti-virus 2011 and Win 7 Anti-virus 2011 is a rogue program that will be installed on multiple operating system. XP Anti-virus 2011 is a variant that will be installed on the system running under Windows XP as detected by the Trojan. It has the capability to gather system’s specifications to match the OS and make itself look like a legitimate application.  Regardless of the name, these are all the same program developed to persuade computer users and convince them to buy the licensed version by deceptive means. Either by pop-up alerts or task bar warning messages, XP Anti-virus 2011 will declare that computer is dealing with virus problems and removal must be accomplished using the paid version of XP Anti-virus 2011.

Instead of patronizing this potentially unwanted application, immediately run a full scan of the PC using a legitimate security product. Anti-malware application is known to combat rogue programs like XP Anti-virus 2011. On this page is our suggested removal tool that was tested to remove counterfeit applications. Download, install and update the database before running a full scan on the system. Remove all detected threats and if possible run a scan while the computer is in Safe Mode.

Screenshot Image:

Alias: XP Antivirus 2011, Vista Antivirus 2011, Win 7 Antivirus 2011

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Technical Details and Additional Information:

If XP Anti-Virus 2011 is installed, unnecessary fake alerts are demonstrated as an scare tactics to mislead victims. Some of this will contain these messages:

XP Anti-virus 2011 Firewall Alert
XP Anti-virus 2011 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

How to Remove XP Anti-virus 2011

Systematic procedures to get rid of the threat are presented on this section. Make sure to scan the computer with suggested tools and scanners.

Step 1 : Scan the computer with recommended removal tool

1 First thing you should do is reboot the computer in Safe Mode with Networking to avoid XP Anti-virus 2011 from loading at start-up.

NOTE: You will need to PRINT or BOOKMARK this procedure, as we have to restart the computer during the removal process.

Remove all media such as Memory Card, cd, dvd, and USB devices. Then, restart the computer and please do the following:

Boot in Safe Mode on Windows XP, Windows Vista, and Windows 7 system
a Before Windows begins to load, press F8 on your keyboard.
b It will display the Advanced Boot Options menu. Select Safe Mode.

Start computer in Safe Mode using Windows 8 and Windows 10
a Close any running programs on your computer.
b Get ready to Start Windows. On your keyboard, Press and Hold Shift key and then, click on Restart button.
c It will prompt you with options, please click on Troubleshoot icon.
d Under Troubleshoot window, select Advanced Options.
e On next window, click on Startup Settings icon.
f Lastly, click on Restart button on subsequent window.
g When Windows restarts, present startup options with numbers 1 - 9. Select "Enable Safe Mode with Networking" or number 5.

Startup Options

h Windows will now boot on Safe Mode with Networking. Proceed with virus scan as the next step.

2 Download our malware removal tool and save it on your Desktop or any location on your PC.

Download Tool

3 Click on the button to start downloading our recommended anti-virus tool. Save it to an accessible location inside your hard drive or clean USB drive if you are downloading from a different PC.

4 When finished downloading, locate and double-click the file to install the application. Windows' User Account Control will prompt at this point, please click Yes to continue installing the program.

5 Follow the prompts and install as 'default' only. There are no changes needed during the installation process.

6 Malwarebytes Anti-Malware will launch for the first time. It is necessary to proceed with software update.

7 After downloading updates, please click on Scan Now button.

8 The tool willl run Threat Scan to ensure that it thoroughly check the PC for any presence of XP Anti-virus 2011 and other forms of threats.


9 Once the scan has completed, Malwarebytes Anti-Malware will issue a list of identified threats. Mark all threats and click on Quarantine Selected.

10 If it prompts to restart the computer, please reboot Windows.

Step 2 : Ensure that no more files of XP Anti-virus 2011 are left inside the computer

11 Click on the button below to download Norton Power Eraser from official web site. Save it to your desktop or any location of your choice.

NPE Download

12 After downloading, navigate its location and double-click on the NPE.exe file to launch the program.

13 Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept to proceed.

14 On NPE main window, click on Advanced Scans. We will attempt to remove "XP Anti-virus 2011" by thoroughly scanning your current operating system.

Advance Scan

15 On next window, click System Scan to perform standard scan on your computer.

Scan the System

16 NPE will proceed with the scan. It will search for Trojans, viruses, and malware like XP Anti-virus 2011. This may take some time, depending on the number of files currently stored on the computer.

17 When scan is complete. All detected risks are listed. Click on Fix Now to remove XP Anti-virus 2011 and other known threats. Then, restart Windows if necessary.

Step 3 : Remove the Rootkit Trojan that installs XP Anti-virus 2011

Rootkit Remover is a stand-alone utility developed by McAfee. It can be used to detect and remove rootkit Trojan that is associated with XP Anti-virus 2011. This tool can detect rootkit that is part of ZeroAccess, Necurs, and TDSS family.

18 Download Rootkit Remover and save it to your desktop or any accessible location. Click the button below to begin the download.

click to download

19 Locate the file rootkitremover.exe and double-click to run the program.

20 When User Account Control prompts if you want to allow the program to make changes on the computer, please click Yes.

Rootkit Remover Scan

21 Rootkit Remover instantly scans the computer and look for presence of Trojans, viruses, and rootkit that is related to XP Anti-virus 2011 .

22 Once it finishes scanning the computer, the tool will require you to restart Windows.

Alternative Removal Procedures for XP Anti-virus 2011

Use Windows System Restore to return Windows to previous state

During an infection, XP Anti-virus 2011 drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.

To verify if System Restore is active on your computer, please follow the instructions below to access this feature.

Access System Restore on Windows XP, Windows Vista, and Windows 7

a Go to Start Menu, then under 'Run' or 'Search Program and Files field, type rstrui.
b Then, press Enter on the keyboard to open System Restore Settings.


c Windows will display list of saved restore points. Select the most recent one to restore Windows to previous working and clean state.
d It may take some time to fully restore back-up files. Restart Windows when done.

Open System Restore on Windows 8 and Windows 10

a For Windows 8 user, go to Start Search, while on Windows 10, use the Start Menu Search and type rstrui.
b Click on the located program to open System Restore window.


c Windows will display list of saved restore points if it is active. Select the most recent one to restore Windows to previous working and clean state.
d It may take a while to fully restore back-up files. Restart Windows when done.

If previous restore point is saved, you may proceed with Windows System Restore.

Option 2 : XP Anti-virus 2011 manual uninstall guide

IMPORTANT! Manual removal of XP Anti-virus 2011 requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1 Kill any running process that belongs to XP Anti-virus 2011.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for XP Anti-virus 2011 files (refer to Technical Reference) and click End Process.

End Task

2 Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section.
- Close registry editor. Changes made will be saved automatically.

Run Regedit

3 Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
- Thoroughly scan the computer with your updated antivirus software.

4 Delete all files dropped by XP Anti-virus 2011.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Associated Files and Folders:
File Location for Windows Versions:
  • %AllUserProfile% for Vista/7 user is C:\ProgramData while for Windows XP/2000 this is C:\Documents and Settings\All Users\
  • %UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
  • %AppData% for Vista/7 refers to C:\Users\<Current User>\AppData\Roaming, while for Windows XP/2000 user it is C:\Documents and Settings\<Current User>\Application Data.
  • %Temp% refers to C:\Windows\Temp\.
Added Registry Entries:

Troubleshooting Guides

Did XP Anti-virus 2011 blocks your Internet access?

It is usual that rogue program prevents user from downloading removal tools from the Internet. Thus, infected computer may be denied to access the Internet by making changes to computer's proxy, DNS, and Hosts file. To solve Internet connection problem, please see our guide in fixing a virus-blocked Internet access. Also, make sure that your Windows Host File is free from any malicious entries. View steps in cleaning Windows host file.


About Marco Mathew

Marco Mathew works as Windows Network administrator before establishing precisesecurity.com. Now, Marco is dedicating full-time to help computer users' fight viruses, malware, trojan, worms, adware, and potentially unwanted programs.


  1. AvatarJacob

    You can’t just simply end the processes anymore, the new versions of that virus override your administrator access, when you restart your computer while you have this virus, it won’t let you run anything. The only way to get rid of this virus nowadays is to run in safe-mode and do a full scan, for my computer the scan takes hours, which is why this is my most hated virus.

  2. AvatarRosey

    I have lost two desktop file folders. How can I recover them?? These folders contained my shortcuts and the other sensitive information. I immediately used Revo Uninstaller and ex’d Firefox altogethere from my laptop, after running antivirus — I wasn’t taking any chances! I’m a novice at this detecting creepy malware/trojans nibbling away at MY stuff!! A shame, a REAL shame….

  3. AvatarJessica

    So, my mother’s computer has been infected with this crap. And, as Jacob has said, it’s hidden it’s stuff so I can’t just delete it the manual way. I was wondering why all those guides didn’t help…

    Anyways, I ran Malwarebytes in safe mode and did a full scan, got rid of some junk with it… Booted back up in normal mode and it was STILL THERE! The hell do I do now? This is ridiculous…

  4. AvatarBill

    This virus attacked on 3/10/2011. Besides the symptoms noted above, it also disabled McAfee Internet Security. I’ve turned this problem over to a professional.

  5. Avatarifthethunderdontgetya™³²®©

    Yeah, this thing is nasty.

    But you can stop it cold, use rkill.

    Rkill only stops the malware in the registry so you can take control of your computer again, you need something else to clean the stuff out.

    But at least you can get started. Search for rkill, you’ll find it.

  6. AvatarSandy

    I had something similar on my laptop a few months ago and was able to remove it manually. It has definitely mutated because now I can’t seem to get around it. All executables are blocked, even in safe mode. Ready to throw computer out the window.

  7. Avatarjim

    3 things I learned getting rid of this:
    1) Rename an exe to com to get it to run–e.g. rename mbam.exe to mbam.com (and rkill.exe to rkill.com)
    2) roguekiller will fix the registry entry that keeps things from running: en.kioskea.net/faq/11626-roguekiller-tutorial
    3) After it’s gone, if you want to turn Windows Updates back on, you need to “install” au.inf to fix the registry entries for update. This inf file is part of the original windows intallation. To find it, go to “run” and enter “inf”. It will take you to your inf directory. Scroll down to au.inf, right-click and choose “install.”

  8. Avatargina

    Really didn’t have to go thru so many registry changes to get rid of it for me. I installed Microsoft Security Essentials and it removed it for me through its Quick Scan option.

  9. AvatarSik

    My girlfriend got this on her computer. It seems it used Youtube to get in. We used Spy Bot – Search and Destroy to remove it. It removed everything except some funweb tools or something it said was in use. Rebooted telling spy bot to run on boot, and it got rid of all of it.

    What I want to know is, if they know who put this crap out to try to get people to buy their program, is any cybercrime enforcement agency going after these attackers? To use a Trojan or whatever to try to sell a product is highly illegal.

  10. AvatarBob31

    I did a system restore, returned 2 days before i first noticed the problem and it got rid of the problem!

  11. AvatarVirusHater

    Nothing here will work anymore. The virus is…evolving or something. Two days ago I killed it after almost 4 hours. I got it again today and I can’t even access Control Panel. Even in safe mode I can’t open up MalwareByte, or my own anti-virus. System Restore is a no-go eithere. The virus has shut me out of my own computer. Get ready to have to hand this problem to a professional if you get it. It’s at the level where we can’t do anything anymore.

  12. AvatarIain

    I just got this today. Couldn’t start any program on my username BUT managed to start in safe mode and using Administrator instead of my personal password I was able to run Malwarebytes and access the registry. Will keep you posted on how it works out.

  13. AvatarMike

    I’ve tried everything suggested but still can’t access the web or applications unless I open them via a saved file. Safe mode won’t accept my password. System restore won’t open eithere and my own anti-virus has disappeared! I’m concerned that my sensitive data has been accessed so I just don’t turn on my wi-fi. Does anyone know which processes I must end in task manager or do I just end all those ending in .exe?

  14. AvatarGeorge Gargarella

    Running XP
    I went into Safe Mode with F8 on startup.
    Selected Administrator
    Selected Restore to two days ago.
    Ran my anti virus software
    So far looks OK.

  15. Avatarmike

    u can get on the internet by going to search in start type what ever u want and it will find it on what ever your main browser is no need for restarting or paying.

  16. AvatarJimR

    Using the System Restore option mentioned on the post of 5 April 2011 at 12:16 am worked quick for me. Then I checked and found some of the problem files which i deleted.

  17. Avatarstan

    wow! i guess im on the right track guys! i use the safemode! cool!!!

  18. Avatarlandontk

    Nasty little critter.. George has it correct. Safe mode,admin,restore to earlier state. Worked like a charm..

  19. Avatarconcept

    I got this virus earlier today and it hit my computer with a vengeance. It kept popping up the fake “scanning” thing, and it would not let me open pretty much anything.

    First I restarted in safe mode (with and without networking) a few times and the program STILL was able to run and block me from running things.

    Here’s what worked for me:
    1. Restarted in safe mode with no command prompt
    2. Chose my personal login name (not administrator — not saying that administrator wouldn’t have worked though… I simply don’t know)
    3. When Windows first started loading I got a pop up message talking about Safe Mode which basically said something like (paraphrasing): “Press YES to continue in Safe Mode, Press NO to use the system restore to restore your computer to a previous period”. I chose NO.
    4. The System Restore thing DID load at that point, even though the virus was loaded to and running a fake scan as usual.
    5. I chose to restore the system to 2 days ago, before I got the virus.
    6. When it was done I let it restart in normal mode (not safe mode) and to my surprise the virus appeared to be gone.
    7. I ran a Quick Scan with Malwarebytes Anti-Malware. It detected 3 malicious things, a Trojan, a data stealing thing, and something else, I forgot. I removed them all. Not sure if they were related to that virus or if they were on there previously (I hadn’t run a scan in like a week)
    8. I rebooted as per Malwarebytes’ instructions.
    9. I ran Malwarebytes Anti-Malware again. First I updated my database, which was outdated. Then I ran another scan and it found nothing. Problem seems to be solved, thank god.

    Good luck people.

  20. AvatarDavid

    I had the XP Antivirus 2011 and downloaded Spybot S & D to get rid of it. It seemed to work but now my Windows Automatic Updates for Windows Security Center has been turned off and everytime i try to turn it on it does nothing. I followed JIM March 15, 2011 at 12:10 a.m. instructions but could not find the “au.inf” in the ‘inf.directory. Anyone have any suggestions on how to get Windows Automatic Updates turned back on?

  21. AvatarMarc

    System Restore followed by a Malware Bytes scan is working so far so good.

  22. AvatarTeresa

    I am finally doing the system restore after running malware bytes and it finding lots of other minor things. I ran full scan again and it said i was clean while the virus is still in my tray.

    I tried rouguekiller as well, didn’t work.

    System restore has worked!

  23. AvatarLouis

    My wife got this today..nasty, couldn’t run virus protection, or any of the suggested software or restore from system tools. Had to go to Safe mode, system restore to two day’s back… and it worked. Thanks to this post and everyone’s notes I only spent an hour getting back up. It would have taken less time if I read all the comments before jumping into the steps outlined which no longer work. Able to get to my virus software now and am running it as i write… safe surfing and Thanks. I’ll be back when I get…my wife get’s another virus.

  24. AvatarRJS

    My wife got this nasty extortion-ware on our desktop computer.

    Right-click the Start bar and choose “Task Manager” (or press Ctrl-Alt-Del). Go to the “Processes” tab.

    Find and kill three-letter “exe” processes. Note: MCM.exe, jqs.exe and alg.exe are normal, but you can kill them anyway.

    That should stop the malware from messing with some of your stuff, but by the time you see it it has already messed up stuff in your registry. You might be able to run your virus scanner or Malwarebyte or SpyBot or get into RegEdit from a command line.

  25. AvatarRedford

    After countless hours of following all the steps to rid my system of XP Anti-Virus 2011 I simply only needed to follow step #1 ” Press Ctrl+Alt+Del on keyboard to stop process associated to “XP Anti-Virus 2011?. When Windows Task Manager opens, go to Processes Tab and find and end the following process:(random characters).exe

    I then searched and located the file and moved it to my recycle bin.

    I then ran the Malwarebytes Anti-Malware and rebooted. Done!

    So far so good. (fingers crossed)

  26. AvatarJR

    This is getting really kind of scary and annoying. I launched safe mode and did the system restore, but nothing’s working! HELP?? But its really weird- the anti-virus thing only appears on my account! It works fine on other users, but not mine? What do I do? Security essentials scans, but it doesn’t detect it! What now?

  27. AvatarHate Hackers

    The evolution of this fraud tool has taken another evolutiionary step. Proceedure used to clean effectively (so far). At least I finally have not gotten the blue screen. Scan the HD from another computer via usb with both Malwarebytes and Microsoft Security essentials. It is apparant that this program now opens the flood gates to other malwares. After scanning from another computer and once it finally boots: boot in safe mode, when the “running in safemode” window pops up before all processes begin to run go directly to “system restore” and restore to when everything was ok, maybe a day or two before issues began. The version I am dealing with if allowed to run blocks Microsoft Security Essentials and Malwarebytes! It if allowed to run also blocks Task Manager and System restore operation. There should be an extended all expense paid visit to Federal prison for the authors of this public menace.

  28. AvatarTrevor

    I’ve been fighting this for days… I noticed that I can run malware bites and spybot after I end a very cleverly named process called “Conhost”. Really… what dumbass hacker names their virus that does a fake takeover “conhost”. REEEAAAAL tough.

  29. AvatarLaurence

    I got this virus on my PC and it virtually prevented me from running any of my applications on my PC, it was so frustrating. But someone told me about a free downloadable anti-virus application called Stopzilla which is obtainable from download.com. It successfully cleans and removes Viruses, Malware of which the XP Anti-virus 2011 is one. It really worked. I tried it after having failed at trying a number of other alternatives, and as I said it works well. So far so good Ive had no more attacks of the virus.

  30. AvatarFrank

    I had this problem earlier but I detected it immediately.
    It messed up one of my limited accounts.
    I went on my administrator and deleted the account.
    No problems so far….right?

  31. Avatariemma23

    My computer was infected with XP anti-virus 2011. Completely unable to open a browser or email. I was told to eithere wait 6 days and the virus would self destruct or turn ahead the clock on the computer and the same would happen immediately. I waited the 6 days and sure enough it was gone without a trace. I am too much a novice to try the safe mode removal so I was delighted to see it gone.

  32. Avatarchandan

    g.ag. Md xp

  33. AvatarAli

    Hello Everybody,

    This “XP Anti Virus 2011” infected one of our laptops 2 nights ago all of a sudden.
    First, we got an alert to install or update McAfee (so I was told) and when the “Later” option was picked, the laptop suddenly lost the internet connection and this “XP Anti Virus 2011” started showing a list of about 11 viruses that needed cleaning.
    Clicking the McAfee icon wouldn’t launch McAfee.
    Nothing in Control Panel worked. Couldn’t remove McAfee or this “XP Anti Virus 2011” due to “Add/Remove” (programs) not opening.
    Also, was unable to install “Norton 360”.

    Anyway, after reading comments here, I restored the laptop to a previous date before the infection and wasn’t getting any “XP Anti Virus 2011” fake alerts anymore.

    Anyway, downloaded and installed “Rogue Killer”, “Malware Byte’s Anti Malware” and “StopZilla” after reading about them here.

    Run the “Rogue Killer” and picked both 1,2 and 3 options and 3 reports were created. What are these reports for ? It didn’t say anything about removing any infected files. Has it removed any viruses atall ?

    Afterwards, I ran StopZilla and but I paused it because it was taking too long to finish scanning.

    I then started “Malware Byte’s Anti Malware” and it found and deleted a few viruses. It was fater than StopZilla.

    I then started running StopZilla again and when about 64% was complete it found 1 infected file which “Malware Byte’s Anti Malware” missed. I paused it before going to bed because it was taking too long to scan.

    Today, after waking-up, I tried resuming StopZilla but it only allowed me to remove the 1 infected file it found last night.
    I’ve now started StopZilla again from the beginning and 57% is complete and it’s found no infected file so far.

    Later on, I will scan the laptop with Norton 360.

    1. Now, my question is, how come “Malware Byte’s Anti Malware” missed that 1 file that StopZilla found ?
    Does that mean, Stopzilla is better than “Malware Byte’s Anti Malware” ?
    I have a feeling, maybe “Malware Byte’s Anti Malware” has removed some infected files which StopZilla would’ve missed because if I remember correctly the former found a lot of infected files when a certain percentage of scan was finished and the latter found less than that when that same percentage was finished when it was on scan.

    Now running StopZilla 14 day trial.

    Which one should I stick with ?
    Rogue Killer, Malware Byte’s Anti Malware, Stopzilla or Norton 360 ?

    I can’t trust one to do the job fully but I can’t afford to buy everything on the market.
    What is the solution ?

  34. AvatarCamie

    I had it just today, and now my computer is running fine.
    If the above doesn’t work, you can always try system restore to a different date, such as a month ago or the most recent day other than the day it pops up.

    I’m not sure if it entirely takes the virus outs, but at least you can still go onto your computer and access internet without it popping up.

  35. AvatarStan

    There must be different versions of this out there. The one I’m looking at on a laptop I’m fixing could be killed in task manager at gtt.exe. It still comes up in safe mode though. If you can indentify the filename and location, its best to delete it in recovery console or by pulling the drive and deleting it manually. Even in save mode, killbox wouldn’t run it kept popping up.
    The people that make these and the credit card merchant providers that allow it to go on make me sick.

  36. AvatarAndri

    I got this virus and nothing seemed to work. So I rebooted in safe mode by tapping f8 on startup. I logged on as Administrator in Save mode, chose “No” thus going to System restore, and restored my computer to six hours earlier. Rebooted and my computer was back; no virus anymore.

  37. AvatarJennifer Lucas

    Stopzilla didn’t do a thing. When I called customer support they said I didn’t have a virus and that I must have down loaded a bad program. Then customer service offered me a tech session for $200. Waste of time and money. Clearly it’s a virus.

  38. Avatarharish

    OMG !! Followed every single instruction it worked for thankyou very much for this post,,,,,just would have throned my pc to the garbage,,,,,what relief,,,,malwarebytes works really well…..that rkill stuff also works great….

  39. AvatarLaurence

    The good thing about Stopzilla, or any of the other anti-virus s/w you decide to use, is that after the virus has been removed then I suggest you do an immediate backup of your essential files, or all files, to CD ROM or DVD, so that if the virus were to come back then at least you have a more recent backup of your hard drive files.

  40. AvatarLeighsky

    I did a system restore to two days before. The virus is gone, but now Windows thinks that ALL of my files needs to be opened using a program or file of some sort. Even the ones used to open other files…

  41. AvatarAli

    Guys i dont know if we should all be posting this, we could email this stuff to each other because i think the people who made the virus look at this stuff and change the virus

  42. AvatarC

    I found a number to put into the registration box for the fake XP antivirus. I was able to trick it into thinking I bought their product, but I didn’t. I ran several scans, but after the scan was over, all the above mentioned sites wanted to charge a lot of money to buy their products. I don’t know if the scans did anything but I don’t see any sign of the virus, but I suspect it is dormant in my PC. I scanned with the real Microsoft security essentials and downloaded that program as well. Its free. I don’t see signs of it, but like I said, I just don’t know if its still there. This is horrible. I wonder if tricking the malware was the right thing to do or if it is tracking my every move. Anyone that wants that number for registration, just let me know.

  43. AvatarC

    By the way, stopzilla and all the other antispywares mentioned all wanted money. I don’t know why they claim to be free. They all found something different.

  44. AvatarathEIst

    I crashed the hard disc. Still had internet but this XP 2011 took over. I would like to see whoever created this captured, hanged until almost dead and then eviscerated.

  45. Avatare

    i want that fake number that you have c

  46. AvatarK L

    I didn’t find random numbers, but found 3 letter. nrj.exe was the culprit. I ended the process and anytime I try to get into control panel it starts up again. I’m running malware programs now, but if the first doesn’t work I’ll try one more and if that doesn’t work I’m going to try a restore point. This is the second time this laptop got this. (I’m not the user)

    Any ideas where this virus is being picked up. How do you avoid? This virus is such a pain to get rid of.

  47. AvatarPooh

    use ctr-alt-del to stop the process. It will be {random 3 letters. exe}. This will temporarily give you access to programs. Create a new user account as system administrator then delete the infected user acct. This worked for me.

  48. AvatarKris Joseph

    download malwarebytes rename the file extension from exe or msi to scr eg mbam.exe >mbam.scr install perform quick scan remove selected do not update automatically before do it after the system has prompted to restart and done so it worked for me.

  49. AvatarJoshua Patrick Ramos

    I tried many things on this virus but no one worked like in the manual removal I tried to update my Kaspersky Internet Security 2011 to the latest database then full scanned my computer but didnt find any virus at all!!! So now its like a war between me and this Fake XP anti-virus 2011!!! So in this virus I conclude that you will be challenged if you really are good in computer technology!!! I hope that this post will always be updated. why? because that fake Anti-Virus 2011 improves as time passes by right so soon there will be fake Anti-virus 2012!!! so just suggesting that they may update it so that if other instruction there were not working they will fix it :DDD
    Still… getting rid with this virus…

  50. AvatarRob Kincaid

    I had just ordered some documents from my bank. Then I decided to check my e-mail. First I went to my spam folder and there was a message from DHL saying I had a package coming and this e-mail contained my tracking info. I thought it was from my bank. Also, the day before I had received an important e-mail that was in the spam folder. It sometimes happens. So anyways, like a complete innocent, I opened the fake DHL mail and downloaded the attachment to my desktop. Then I clicked on it. OH MY GOD!!! This virus/malware completely took over my computer. It turned off my AVIRA av and took it’s place. Downloaded Malware bytes on another PC and imported via thumb drive. Changed the name and extension several times. It would not install. Tried stopping virus processes via task manager. No help. What worked? Re-start in safe mode, choose system restore during start-up, and went back 2 days. System then restarted and everything was OK. Then I installed and ran SUPERantispyware. It found a bunch of crap. Then I ran Avira. It also found some crap. Quarantined my crap in the crap quarantine for later inspection. Both these av have a free version and I recommend both. Next I ran Wise reg cleaner and Wise disk cleaner. More crap gone. 24 hours later and all is still well. Thanks a lot to all of you who posted comments. The procedure in the article did not work, but you savvy commenters saved my PC!

  51. Avatarhbalt

    Hey guys when it first popped up I paid for it because it looked legit (correct file names, microsoft look alike etc).. Anyone know if I can get my money back?

  52. Avatarmlee

    The safe-mode, system restore method mentioned in several posts above worked for me. Especially good since it didn’t require any downloads of anti-spy or virus programs, of whcih I am quite suspicious. Thanks very much. None of the other sites I checked for this virus removal solution had this system restore solution.

  53. AvatarMike

    I got this virus late one night by clicking on a news story. I was just about to take my computer into the local PC repair guy ( $150 ) when I saw this thread.

    I used the safe mode system reset strategy and the virus was gone!

  54. AvatarMike

    Oh, If I find the motherF****R who built this virus I am going to pound him into the ground with my laptop.

  55. AvatarBrandy

    This isn’t my first go round with this virus and usually I can just restore to an earlier date and it does fine. However, this time it will not let me go back a month at all, it only gives me the time period of which the virus started. Any help with that guys?

  56. AvatarTim

    Sent an fyi to Microsoft as they are using their security shield icon and make reference to internet explorer. I originally thought this was a microsoft warning, but then when it requested money, it brought up a red flag for me. I sent a nasty email to xp anti-spyware, as that is the only way to contact them.

  57. Avatarandy

    just reformat. by now most people should have learned to back everything up. external harddrives are cheaper than the geek squad.

  58. AvatarJay

    I agree Andy. Being proactive is the key.. Backup your computer before the problems start. I use Carbonite ($35yr), it’s alright the only complaint is they throttle the upload speed so 10 gb takes like 4 days to upload. After initial backup it works pretty good. I’m in the field, so I’ve dealt with these issues for a few years. If it looks like it going to take more then 2 hours to resolve the problem. Just reinstall the o.s.

  59. Avatarhilly

    This virus first cropped up on my mother’s computer a while ago and it took all sorts of creativity to destroy, and it took hours!!!! and lucky me, my sister’s computer just contracted the new and improved version that i am still struggling with. it would not let me connect to the internet or connect any usbs/flash drives. luckily i had previously installed malawarebytes on her computer, but unfortunately i was not able to use it until i manually deleted all the files listed above. it is currently still scanning……

  60. Avatardan

    Had this malware before, i found the only way to get rid of it was to disconnect from the internet and do a complete reformat of the hard drive. That did get rid of it, tried all the other methods but a complete reformat will always work.

  61. AvatarDonna

    Thanks to all who took the time to post the solutions to this virus. I’m 66 and my husband is 68. This is the first virus we have encountered on our home computer after years of using computers. Staples and Best Buy both wanted $199 to fix (they really wanted to sell us a new computer). Thanks to this website and each of you, I had the confidence to fix it myself. God bless each of you. I couldn’t get to safe mode but went through Start/Accessories/System Tools/System Recovery (as one of you suggested). The screens in system recovery described exactly what would happen and how to proceed. We restored to three days earlier and it solved the problem. I learned a lot today.

  62. Avatarrachel

    It’s seriously shutting my pc off every time I almost fix it. I’m so mad.

  63. Avatarrubios_us

    I just got it the virus and was able to fix it in just a few steps. Hope this helps you as I was very concerned until I figured out what to do quickly. Here’s what I did:

    1. Run the System Restore from the System Tools option in the Accessories program. Programs >> Accessories >> System Tools >> System Restore

    2. Select “Restore my compter to an earlier time” and hit next>>

    3. Select the last restore date closest to right before you got the virus. Restore points are usually marked in bold dates.

    4. The system will begin it’s restore to that time before you got the virus. It will reboot. Log in as normal. The Virus expected you to run a restore and has corrupted your programs files so you can’t use them. This is sort of a panic attempt on their behalf. Don’t worry. Go on to next step after you’re completely up and running.

    5. Run the System Restore (again) from the System Tools option in the Accessories program. Programs >> Accessories >> System Tools >> System Restore

    6. Select “Restore my compter to an earlier time” and hit next>>

    7. Select the restore date one date earlier than you selected in step 3.

    8. When the restore is complete, this should put your system back to a known good state with no furthere signs of the Virus.

    The reason you have to do a restore twice is that the virus corrupted the restore point you selected in order to keep you scared. None of your normal system programs will work, ie. Internet Explorer. When you have restored it the second time, the next restore point you selected will have full capabilties with no corruption. Hope this helps.

  64. AvatarDMShuman

    for XP

    You can get your .exe programs running again by downloading the following reg file at

    Click on EXE file assocation link. Download xp_exe_fix.zip. Unzip and double click on the include reg file. You will be able to run your applications again. The easy way to fix windows update is to reinstall windows autoupdate service…
    At the run command type in %windir%\inf
    right click on AU.inf and select install
    You may need your I386 disk or if you install SP 3 for XP when asked for missing DLL browse over to %windir%\ServicePackFiles\i386.
    Hope this helps.

  65. AvatarJay

    Repair “running of .exe files”.

    Method 1

    Click Start, Run. Type command and press Enter. Type notepad and press Enter.
    Notepad opens. Copy all the text below into Notepad.

    Windows Registry Editor Version 5.00


    @=”\”%1\” %*”

    “Content Type”=”application/x-msdownload”

    Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
    Double Click fix.reg and click YES for confirm.
    Reboot your computer.

    Method 2

    Click Start, Run. Type command and press Enter. Type notepad and press Enter.
    Notepad opens. Copy all the text below into Notepad.



    HKCU, Software\Classes\.exe
    HKCU, Software\Classes\pezfile
    HKCR, .exe\shell\open\command

    HKCR, exefile\shell\open\command,,,”””%1″” %*”
    HKCR, .exe,,,”exefile”
    HKCR, .exe,”Content Type”,,”application/x-msdownload”

    Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
    Right click to fix.inf and select Install. Reboot your computer.

  66. AvatarShauna

    I was hit with this about an hour ago. I immediately unplugged myself from the internet and shut down my laptop. I then restarted in Safemode, and planned to run my AVG anti-virus program. However, the XP Anti-virus 2011 program beat me to the punch, and began its fake scan – IN SAFE MODE. I am going to try a system restore next. This thing embeds itself into your registry files…

  67. Avatarwink

    I can’t understand why someone has not tracked the persons responsible and subjected them to the aggrevation we have all suffered. Only seems fair.

  68. AvatarShauna

    I completed a system restore twice – as recommended above. However, restoring my system to over a week ago did not get rid of the bug. The virus then locked me out of all of my programs – I could not open anything.

    JAY – I followed your instructions and am now able to run .exe files. What should I do now? Do I try a system restore again?

  69. Avatartilmsmith

    I just tried the fix recommended by Rubios_us posted May 9. All good through step 4. However, can’t get to step 5 because executable files have been corrupted. Any suggestions on how to get around this?

  70. AvatarBrendan

    Note: I am not good with computers but this is helping me at least be able to start to work through this.

    I got this virus lastnight and at first was completly shut out of everything. I got on another computer and looked this up and found a reg key that at least allows me to do stuff now , its 1147-175591-6550 after entering that I am now able to atleast use all functions on my computer and am getting someone else to remove this thing completly

  71. AvatarHELP

    I’ve manged to turn on the Malwarebyte’ Anti-Malware by using safe mode system. And it deleted virus – in my case “avl.exe”, but after rebooting computer it was still there! How come this antivirus doesn’t work?! Is there any other better programme which can get rid of this virus? If somebody knows please answer! PLEASE!!!

  72. AvatarDerek

    System Restore worked for Me In XP Worote them a Nasty Note ,, I thought i was going to reformat

  73. Avatardb

    try this utility

  74. AvatarCraig

    Successfully (or so I think) removed most of the offending virus elements with combination of safe mode, anti-malwarebytes, etc. But like some others on here, now have found that my personal profile is corrupted where any program I try to open gives me the “Run As…” pop-up window. I have to run everything as an Administrator to get it to work. Also when I attemped to open iTunes, it acted like it was the first time it had ever been used. When it did open I noticed that my entire music library was no longer linked. Wondering if I just need to delete my profile and create a new one.

  75. AvatarCorey

    I don’t usually write reviews, but I had to for this product. I actually worked and it worked fast for my laptop. I downloaded the rkill.com and ran it on my infected pc. I was back up and running in less than 5 min…maybe 3. I really got rid of the xp anti-virus 2011 problems i was having.

  76. AvatarMe

    So for whatever reason my system restore doesn’t have any dates set in it (even though I created one only 4 days ago). and nothing else seems to work. And I would rathere not have to delete my user account, because well…I just don’t want to.

    Malware Bytes didn’t work, Avira has always been a bit of a waste, the rogue killer apparently did nothing EXCEPT when I did #5 or 6 it gave me my desktop icons back from the virus I managed to get rid of on the 15th(when I created the restore point that has gone missing).

  77. AvatarMe


    I tried method 1 & 2.

    Method 1 no matter what I do says it’s not a registry file, and that I can’t import binary whatevers into the registry outside of registry editor.

    the second fails to understand what type of program file it is and asks if I should search for the program to run it online or locally.

  78. Avatardavid

    I just experienced the new version of this virus and it blew my system away and took me by complete suprise!!

    One minute i was checking some webpage.. then AVG threw up a box saying there was a malicious file, it gave me the choice to stick it in the vault – i did.. but after i was told windows firewall was off.. when i tried to stick it on again.. ” cannot open file, missing rundll32 ” this same message occured for everything.

    I decided to opened AVG interface by other means, when i did, i removed the malcious file from the vault and as soon as i did.. i was attacked by XP anti-virus 2011, it looked very legit, .. it just so happens that this whole event happened right after i had a windows update.. so i assumed it was part of the update.

    It looked so legit, that i thought it was microsofts idea of charging now for the xp firewall and additionally adding in anti-virus.. it also switched off AVG.

    It pushes you to buy the full licence program.

    Im shocked at how vunerable i was.. i thought my security was pretty good, but this is a disgrace .

    by the way users, heres an easier fix…. open up MSCONFIG ..then TOOLS and choose SYSTEM RESTORE… restore it to a day before and it will fix everything.

    Im fine now.. but 1st thing i have done was, get latest windows updates, AVG, windows defender and firefox updates.

    hope this helps someone

  79. Avatarmalik

    System Restore takes care of it, no big deal.

  80. AvatarAdiriana Ortega

    pls refund me this protection didnt work for my computer

  81. AvatarMeg

    When you open the xp anti-virus ad, place this number in the register key, it will run the system and clear everything up. It is the only thing that worked for me. 1147-175591-6550

  82. AvatarMelissa S

    I did a systems restore and three weeks later it came back!!! I hate this virus so much

  83. AvatarUjjawal

    when this creepy virus asks for registration go to manual registration and enter this key-


  84. AvatarCody

    i can’t even get task manager open. it says the admin turned allowance to it off.

  85. AvatarJoe Cavaorgava

    The virus made it look like my data was completely wiped out. I found it all again. Turns out the virus marked all the files as “hidden.” Once you’ve followed the instructions and eliminated the file, open the Control Panel and go to Folder Options. Click “Show hidden files and folders.” This will display your files in “ghosted” form. Then, under “View,” click “Reset All Folders.” Good luck!

  86. AvatarMichael

    No need to throw away your PC or get a professional. With Trojans like this one that are Fake Virus Program Alerts there are only 2 tools you need to combat and remove the trojan.

    First is RKill which you can find and download at bleepingcomputer.com or elsewhere. Run Rkill which kill any malware/trojan .exe and registry key running.

    After executing RKill then run MBAM (Malwarebytes Anti-Malware) to perform a scan and then remove infected files. MBAM, Malwarebytes, can also be downloaded at bleepingcomputer.com or elsewhere.

    With these 2 programs you can stop Trojans like this and remove them from you PC.

  87. AvatarAslana

    Just tried the code and it let me in, thanks, now to remove it because once your in, it will record all passwords and sensitive identity information and send to their servers. Use the code then get Microsoft security essentials
    As I’m using microsoft essentials right now and as it scanned it found rogue: win32/fakerean which was that xp 2011 antivirus rogue program as the scan ended, the xp fake icon at drawer disappeared it removed it and now I will install the ms bytes just to make sure

  88. AvatarAslana

    One more thing definitely run the malwarebytes,after the me security scan because it finds the hidden files, I saw all the hikey files there and moved them so using both seems to work but use the code to be able to get back on your Internet, thanks Meg and ujjawal for that awesome bit of advice, follow those instructions and code number

  89. Avatardaemon

    im 13 but i cant get this virus off but i can acces the web by deleting the process explorer (not iexplorer)and go to control alt delete place and then applications new task and then find program i exporer and get on but i realy need help any ideas?.. oh man secrurty pop up just happened after 10 min.

  90. Avatardaemon

    by the way i am knowlegeble with the computer i have goten rid of viruses but this is advanced…

  91. AvatarCJ

    I just got rid of this BLEEP BLEEP BLEEPITY BLEEPING thing off of my computer!!!

    Before doing so, I transferred all my vital file to CD. Then I just ran AVG (the free version). It found two threats and took care of them.

    I was surprised!

  92. Avatarjon

    Restore in safe mode worked for me.Afterwords i ran malwarebytes and it found several things I quarantined.Thanks for the help.
    Also, someone mentioned Stopzilla, which i believe is a similar virus.

  93. AvatarBrian Gilbert

    To all of the above:

    The following instruction are not for the faint of heart and will you need to open the Windows System registry with the regedit command and we willing to kill process from the task manager.

    Please think of the procedure as a scene from the 1970’s movie M*A*S*H:

    1) First do not panic, panic is a killer, just shut your system down in a polite way (I just pull the plug).

    2) Go get a drink (pick your poison).

    3) Take a deep breath (tobacco or canibis is optional) .

    4) Turn the system back on and under most MS OS hit the F8 key. This will give the option to start the system in “Safe Mode” just do it.

    5) After you have logged in, press the Ctrl/Alt/Del keys as fast as you can and watch the the list of processes that start. Kill the one under the log-in name that starts at the same time at the message the pops up.

    6) Run your browser (it does not matter which one) look for the same process name kill it. Oh yes before you kill it you need to write it down.

    7) Do step 6) again, (please just work with me) this time just let it do its thing, it will present a screen the wishes you to continue just do it. It will take about 4 to 5 minutes and present a list of “virus”. Accept and depending on the version of the software you can enter the online “code” 1147-175591-6550 that will make it “less of a hassle”.

    8) Now using the regedit tool find the process name delete and the pre-fetch file entry delete related to it; save that in information. You are not done yet, now exit out and should you not just be ready to proceed then return to step’s 2) and/or 3) returning to step 9).

    9) Using the file search function locate that pre-fetch file and delete it, and remove it from the “trash can” also.

    10) This is the Key Point: should you make any changes to the Windows registry this is the time to opt-out just do a soft reboot and with at least XP Pro things did not change. Should you be willing to take the plunge after making the changes you need to not only shut down the system but to turn the power off!

    This worked for me.

    Should anyone have furthere problems I will actually infect a spare system and try to reproduce the results for the other users.

    Best Regards

    Brian j. Gilbert

  94. AvatarGabor47

    It is time to introduce a law, according which anyone caught with creating a virus should be put in prison for at least 20 years. That would somewhat deter cyber criminals who create viruses just to irritate others.

  95. Avatarkaungmyat

    Xp Anit-virus 2011 free download.
    now free download.

  96. Avatarkaungmyatnoe

    xpAnit-virus 2011 free download.
    How to virus remover xpAnti-virus 2011

  97. Avatarkaungmyatnoe

    XP Anti-Virus 2011 or also known as Vista Anti-virus 2011 and Win 7 Anti-virus 2011 is a rogue program that will be installed on multiple operating system.

  98. Avatarkaungmyatnoe

    It is time to introduce a law, according which anyone caught with creating a virus should be put in prison for at least 10 years.

  99. AvatarMet

    Can you get this virus from anything at random?

  100. AvatarVic

    I just found this on my kids’ PC (I THANKFULLY use a Mac)… running system restore right now… going back a month, just to be safe!! will let you know how it works out.

  101. AvatarVic

    well, so far so good… it appears to be gone after doing the system restore… (oh thank goodness!!!) I am thinking it is time to upgrade the kids to a Mac so I don’t have to worry with this crap anymore!!!

  102. AvatarReddy

    System Restore did the trick. Thanks for the info. Also, if you have purchased this software, call your credit card company to dispute the charges. They will credit you back the money. Good Luck!

  103. AvatarMichael

    To all concerned;
    I would like to say thank you for all the information on how to remove this problem. I tend to agree with Mike on the jail time idea. I am having to restore my “game” machine and have found all the information useful. Vic’s idea about the upgrading the kid’s machines is a good one. But I would look at going to a Linux based system instead, you can just down load the soft ware and install it. It is a free os and works great. If you wanted to get a disk set it will only cost about $10 for a five full sets of Ubuntu 11.04. And by the way Ubuntu is completely Windows virus proof. That is why it is on my netbooks. Just a thought.

  104. AvatarMike

    This has been around for quite some time and has hit a lot of users. I’ve been hit twice in the last 2 years. What gets me is that our security software vendors as well as Microsoft seem oblivious to this. If they can’t take action with such a well known virus how do we know they are doing anything to protect us from other less known threats?

  105. Avatarnitram

    how i got rid of xp essentials. i unpluged my pc for 2 hours to cool off. then pluged it in and turned it on. as soon as it booted up i clicked on start all programs and got to system restoreas soon as system restore window pops up don,t waste time their widow poped up but i got restore in time before their pop up took over my pc. once you restore to a earlier date your aggravation will be gonebelieve this works don,t download what others are telling you you might just end up with more problems

  106. AvatarBear

    A big thanks to all. And especially Bob31

    I used system restore. It seemed the simplest way to start out.
    And it worked for me.

    Now if we could just get the creator of this piece of work alone in a room for a minute. I have a baseball bat I’d like to introduce to him.

    Have a good day all.

  107. AvatarCoco

    Hey guys I got this nasty thing like 4 days ago and it started to scare me because I thought those were a lot of viruses that it scanned so I just shut it down and left the battery and hard drive out. Do you guys thing I’ll still be able to system restore it to fix the problem?

  108. Avatarhoneyrose

    I have this virus. I was running MS Security Essentials when it got in but it somehow turned that off. I looked in Processes and could not see any rogue .exe files. Then I tried to run System Restore but it seems to have disabled that too as it will not run (although I have not tried Rubios suggestion to run it twice.) Nor can I go into Safe Mode to fix it as the Virus also appears when I log into SafeMode. It blocks me from downloading malwarebytes and similar fixes. I did manage at one stage to find some of my hidden files before it cut in again so I am hoping they are just hidden. I assume it mutates into different forms. Now about to seek professional help as I cannot afford to lose some of my work files.(Had these backed up on an ext HD but of course it broke the week beforehand. Sod’sLaw). Thinking of installing MS Home Server for future backup of my home network.

  109. Avatarjesse

    I want to know who made this virus, it has cost me thousands of dollars and many hours, my work computer is on the verge of crashing.
    I have tried everything, including Rkill, but it didn’t stop it.
    I want to meet the guy who made this, I will pay 100 thousand dollars to the person who catches this guy and brings him to me.

  110. AvatarBeachlover46

    I got this virus 5 months ago and everything was corrupted including my anti virus software. I could not install Malwarebytes as the Internet explorer was infected. System Restore did not work as I didn’t have an earlier enough date prior to infection. Starting in safe mode didn’t work as the virus got into that too.

    So I gave up and left my laptop off considering what to do about it. A few days ago I turned it on after 5 months and no fake alerts or any sign of the virus was noticed. I uninstalled the corrupt anti virus software I had and installed Malwarebytes and Avast and ran scans until all corrupt files were detected and deleted. Avast does a special reboot scan and this was very thorough. The only issue I have is that automatic updates won’t turn on.

    But certainly leaving the computer in hibernation for 5 months must have disabled the virus and I was able to install software to remove it.

    Hope this information helps someone.

  111. AvatarDemonownz

    I just encountered that virus recently and it was easy to remove. Access the task manager by pressing ctrl+alt+delete and it came up. Malwarebytes deleted it and worked fine. Until the next day when everything started opening as notepad form, it’s a separate issue.

  112. Avatarsfoeur

    I downloaded a new developed antivirus Anvi Smart Defender yesterday. Not sure if Anvi Smart Defender can scan new virus on computer.

Leave a Comment

Your email address will not be published. Required fields are marked *