I just spent some time helping someone get rid of XP Antivirus 2011 from their XP machine. This method worked, so I thought it was worthwhile reaffirming the process.
First, several online posts suggest using Malwarebytes to get rid of this fake antivirus scam infection. This is great advice except for one small problem. Many cannot even open the Malwarebytes application because this malicious infection blocks it from starting. Even in Safe Mode, Malwarebytes will not start. For those who have not already downloaded Malwarebytes, downloading it from the Internet might also be a problem if the user cannot get beyond being blocked from opening a browser.
Meanwhile, the XP Antivirus 2011 (also found as variants Vista Antivirus 2011, Windows 7 Antivirus 2011, Windows 7 AntiSpyware 2011, etc.) continues to pop up warnings the computer is infected (of course, it is… with this insidious so-called antivirus app, but possibly nothing else). The solution is to get this app shut down so it cannot continue its interference with what we need to do.
Thanks to the guys over at My AntiSpyware, there is a short registry edit that allows us to stop the rogue app from running long enough for us to get Malwarebytes to install, run, and clean up the mess. Go to their site for complete, detailed instructions if you are not sure how to download, install, or run Malwarebytes. If this method does not work, they have a second registry edit that you can try that also works for some.
The first registry edit is just a few lines you will type into Notepad, found in Accessories (You are forewarned that mistakes in your registry editing can toast your system… don’t yell at me if you don’t do it right):
Windows Registry Editor Version 5.00
You will save this file to your desktop, named as “fix.reg” (without quotes) and as “All files” under file type (not a text file). Find the file on your desktop and double click it. Follow the prompts to accept the registry edits. Reboot your computer and you should be able to get to work with Malwarebytes or get online so you can download it.
While you can type the edit in manually, I would recommend using a flash drive or something else to transfer the code. If you have to type it manually, just be careful and make sure the line breaks and spaces are correct before you save it.
Last, I would recommend you make sure Malwarebytes and your REAL antivirus applications are updated. Run scans again and get rid of anything else they find.