XP Security 2016 (XPSecurity2011) Virus Removal Guide

Virus Type: Rogue Security Application
Threat Level: 8 / 10

The following programs are similar to XP Security 2016 -

XP Security 2016, Win 7 Internet Security 2016, Win 7 Antimalware 2016, Vista Antispyware 2016, Vista Antispyware, Win 7 Antimalware, Vista Guard, Vista Internet Security, XP Internet Security 2016, Win 7 Guard, Win 7 Security 2016, XP Security, XP Antispyware 2016, Vista Internet Security 2016, Vista Antimalware 2016, Vista Antimalware, Win 7 Security, XP Antispyware, XP Antimalware, XP Internet Security, Win 7 Antispyware 2016, XP Antimalware 2016, Vista Security, XP Guard, Vista Security 2016, Win 7 Internet Security, and Win 7 Antispyware.

XP Security 2016, also known as XPSecurity 2016, is a fake antivirus application. XP Security 2016 generally infects systems running Windows XP. XP Security 2016 is a clone of XP Defender Pro. XP Security 2016 is generally installed through the use of a trojan horse. XP Security 2016 main executable is PW.exe, which is similar to AV.exe and AVE.exe. XP Security 2016 will modify the registry; therefore, the registry must be fixed before removing PW.exe. The comments here and comments here may provide insight. PW.exe is generally a hidden file.

Below is our recommended removal tool for XP Security 2016. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

If you are unable to run the removal tool, or are unable to run any programs in general, you may need to stop the processes associated with XP Security 2016 with task manager. If task manager has been blocked by XP Security 2016, try using Process Explorer.

It is recommended to use safe mode when removing the virus because XP Security 2016 will generally not be able to load in safe mode. To enter safe mode, restart the computer and press F8 multiple times before the Windows screen to bring up the boot options.

Boot Menu

The safe mode with networking option will allow the user to be able to use the internet in safe mode. XP Security 2016 can be removed by using the

or by manually removing the virus.

View XP Security 2016 Files
View XP Security 2016 Keys

Common symptoms and characteristics of XP Security 2016 and other rogue security programs include:
1. XP Security 2016 is generally installed without user permission.
2. XP Security 2016 uses pop ups and fake virus scans to scare the user.
3. Various antivirus and system programs on the user’s computer will stop functioning.

Manual XP Security 2016 Removal – In order to manually remove XP Security 2016, the processes associated with XP Security 2016 must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before XP Security 2016 entered the computer.

Stop XP Security 2016 Processes (Learn How To Do This)
PW.exe

Remove XP Security 2016 Files (Learn How To Do This)
C:\Documents and Settings\[username]\Local Settings\Application Data\PW.exe

Remove XP Security 2016 Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER\Software\XP Security 2016
HKEY_LOCAL_MACHINE\SOFTWARE\XP Security 2016
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP Security 2016

Remove XP Security 2016 Startup Entry (Learn How To Do This)
PW.exe

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What is a rogue security application? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

If you have any questions or comments, please don’t hesitate to comment below. If you need any help with any of the steps, please don’t hesitate to comment below. We recommend that you follow our safety tips so that you can keep your computer clean Please Click Here to View Our Safety Tips.

Your feedback is very highly valued by others so please feel free to comment below. Please feel free to share a solution that you may have used to remove Vista Antispyware 2016.

This entry was posted on Monday, November 15th, 2016 at 2:56 am and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “XP Security 2016 (XPSecurity2011) Virus Removal Guide”

Junior April 1st, 2016 at 11:37 am

I had xp security 2011 version of this virus and none of the file names or registry keys matched any of the info I could find.

The execution file in this case was nau.exe and was found in several different forms. While remembering to uncheck “hide protected operating system files” in Tools -> Folder Options. They were all found in a file search. Some files were write protected but by simply moving them to the desktop was able to delete them.

And the registry keys were
HKEY_USERS\S-1-5-21-blah blah blah_Classes\exefile
Had to remove the entire folder.

Everything seems to be working fine now.

concept April 6th, 2016 at 10:07 pm

I got this virus earlier today and it hit my computer with a vengence. It kept popping up the stupid fake “scanning” thing, and it would not let me open pretty much anything.

First I restarted in safe mode (with and without networking) a few times and the program STILL was able to run and block me from running things.

Here’s what worked for me:
1. Restarted in safe mode with no command prompt
2. Chose my personal login name (not administrator — not saying that administrator wouldnt have worked though… I simply don’t know)
3. When Windows first started loading I got a pop up message from Windows talking about Safe Mode which basically said something like (paraphrasing): “Press YES to continue in Safe Mode, Press NO to use the system restore to restore your computer to a previous period”. I chose NO.
4. The System Restore thing DID load at that point, even though the stupid virus was loaded too and running a fake scan as usual.
5. I chose to restore the system to 2 days ago, before I got the virus.
6. When it was done I let it restart in normal mode (not safe mode) and to my surprise the virus appeared to be gone.
7. I ran a Quick Scan with Malwarebytes Anti-Malware. It detected 3 malicious things, a trojan, a data stealing thing, and something else, I forgot. I removed them all. Not sure if they were related to that virus or if they were on there previously (I hadn’t run a scan in like a week)
8. I rebooted as per Malwarebytes’ instructions.
9. I ran Malwarebytes Anti-Malware again. First I updated my database, which was outdated. Then I ran another scan and it found nothing. Problem seems to be solved, thank god.

Good luck people.

trumpet guy April 8th, 2016 at 3:54 am

Used the same fix as “Concept” described in the above post. So far so good. Thanks a lot “Concept.” Much appreciated

Jackson April 17th, 2016 at 5:41 am

Thanks for all the help, i think i’ve been able to clear it from my laptop.

instead of PW.exe, it was fvn.exe
Had to uncheck “hide protected operating system files” (cheers to Junior for that one)

also, i searched the regisrty keys, CNTRL F, for “xp security 2001″ found a couple of occurrences so deleted them along with a couple of others, PW.exe, fvn.exe, nau.exe

not sure about doing it in Safe Mode as posted. seems to find more stuff in normal mode.

seems to be back up and running.

thanks again!

Jackson

Brian Himmler April 21st, 2016 at 2:21 pm

Thank You for the above comments regarding utilizing Windows Restore followed by running Malwarebytes Anti-Malware. After following these steps I have not experienced the XPSecurity 2016 issue.

Leave a Reply