XP Internet Security 2016 (XPInternetSecurity2011) Virus Removal Guide

Virus Type: Rogue Security Application
Threat Level: 8 / 10

The following programs are similar to XP Internet Security 2016 -

XP Security 2016, Win 7 Internet Security 2016, Win 7 Antimalware 2016, Vista Antispyware 2016, Vista Antispyware, Win 7 Antimalware, Vista Guard, Vista Internet Security, XP Internet Security 2016, Win 7 Guard, Win 7 Security 2016, XP Security, XP Antispyware 2016, Vista Internet Security 2016, Vista Antimalware 2016, Vista Antimalware, Win 7 Security, XP Antispyware, XP Antimalware, XP Internet Security, Win 7 Antispyware 2016, XP Antimalware 2016, Vista Security, XP Guard, Vista Security 2016, Win 7 Internet Security, and Win 7 Antispyware.

XP Internet Security 2016, also known as XPInternetSecurity 2016, is a fake antivirus application. XP Internet Security 2016 can infect Windows XP, Windows Vista, and Windows 7; however, the name of the program and the look of the program will change from operating system to operating syste. For example, XP Internet Security 2016 will change to Vista Internet Security 2016 if it infects a computer on Windows Vista. Also, XP Internet Security 2016 will change to Win 7 Internet Security 2016 if it infects a computer on Windows 7. XP Internet Security 2016 is a clone of XP Antispyware 2016. XP Internet Security 2016 is generally installed through the use of a trojan horse without user permission. The trojan horse will generally enter the computer without user permission through a security flaw. XP Internet Security 2016 main executable is PW.exe, which is similar to AV.exe and AVE.exe. However, XP Internet Security 2016 may instead have a executable file which is three random letters; the executable file will depend on which version of the computer virus the computer has been infected with. XP Internet Security 2016 will modify the registry; therefore, the registry must be fixed before removing PW.exe. The comments here and comments here may provide insight. The main executable for XP Internet Security 2016 (PW.exe or [random three letters].exe) is generally a hidden file. In order to enable hidden files, go to folder options in the file manager and look under “Hidden files and folders.”

Below is our recommended removal tool for XP Internet Security 2016. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

If you are unable to run the removal tool, or are unable to run any programs in general, you may need to stop the processes associated with XP Internet Security 2016 with task manager. If task manager has been blocked by XP Internet Security 2016, try using Process Explorer.

XP Internet Security 2016 will create a series of warnings in order to scare the user into purchasing XP Internet Security 2016. Below is an example of a warning created by XP Internet Security 2016.

“XP Internet Security 2016 Firewall Alert!
XP Internet Security 2016 has blocked a program from accessing the internet.
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen. Private data can be stolen by third parties, including credit card details and passwords.

Name: Windows Internet Explorer
Location: C:\Program Files\Internet Explorer\iexplore.exe
Company: Microsoft Corporation
Version: 8.0.6001.18702

Windows recommend Activate XP Internet Security 2016.

Click “Yes, Activate…” to register your copy of XP Internet Security 2016 and perform threat removal on your system.”

It is recommended to use safe mode when removing the virus because XP Internet Security 2016 will generally not be able to load in safe mode. To enter safe mode, restart the computer and press F8 multiple times before the Windows screen to bring up the boot options.

Boot Menu

The safe mode with networking option will allow the user to be able to use the internet in safe mode. XP Internet Security 2016 can be removed by using the

or by manually removing the virus.

View XP Internet Security 2016 Files
View XP Internet Security 2016 Keys

Common symptoms and characteristics of XP Internet Security 2016 and other rogue security programs include:
1. XP Internet Security 2016 is generally installed without user permission.
2. XP Internet Security 2016 uses pop ups and fake virus scans to scare the user.
3. Various antivirus and system programs on the user’s computer will stop functioning.

Manual XP Internet Security 2016 Removal – In order to manually remove XP Internet Security 2016, the processes associated with XP Internet Security 2016 must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before XP Internet Security 2016 entered the computer.

Important: Before attempting to manually remove Vista Internet Security 2016, we recommend that the user read through comments posted by other users on how they removed specific fake antivirus programs since many fake antivirus programs are similar. These comments can be found by clicking here. These comments may provide additional information which may be useful in removing Vista Internet Security 2016. However, please use discretion since these specific comments pertain to other fake antivirus programs.

The comments here for XP Antispyware 2016 and the comments here for Total Vista Security may provide insight into the successful removal of XP Internet Security 2016 since the viruses are similar. As previously mentioned, we recommend that you view the comments here for AV.exe and the comments here for AVE.exe before attempting to remove the executable file for XP Internet Security 2016. From reading through the comments, it may also allow you to develop a strategy in order to successfully remove XP Internet Security 2016.

Stop XP Internet Security 2016 Processes (Learn How To Do This)
PW.exe
[random three letters].exe

Remove XP Internet Security 2016 Files (Learn How To Do This)
C:\Documents and Settings\[username]\Local Settings\Application Data\PW.exe
C:\Documents and Settings\[username]\Local Settings\Application Data\[random three letters].exe

Remove XP Internet Security 2016 Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER\Software\XP Internet Security 2016
HKEY_LOCAL_MACHINE\SOFTWARE\XP Internet Security 2016
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP Internet Security 2016

Remove XP Internet Security 2016 Startup Entry (Learn How To Do This)
PW.exe
[random three letters].exe

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What is a rogue security application? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

If you have any questions or comments, please don’t hesitate to comment below. If you need any help with any of the steps, please don’t hesitate to comment below. We recommend that you follow our safety tips so that you can keep your computer clean Please Click Here to View Our Safety Tips.

Your feedback is very highly valued by others so please feel free to comment below. Please feel free to share a solution that you may have used to remove Vista Antispyware 2016.

This entry was posted on Monday, November 15th, 2016 at 3:55 am and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

8 Responses to “XP Internet Security 2016 (XPInternetSecurity2011) Virus Removal Guide”

silvia March 11th, 2017 at 1:50 am

can i download to a cd? because when i turn off the computer and turn back on with f8 it wont let me go to safe mode, it will go directly to regular.

John March 13th, 2017 at 12:51 am

“Stop XP Internet Security 2016 Processes (Learn How To Do This)
PW.exe”

Great, except I do not have a pw.exe running to stop…..

Hopelessly Lost April 3rd, 2016 at 2:36 am

Also have the XP Internet Security 2016 virus, and I can confirm that it is no longer PW.exe which is associated with the program. I do not know where the program is truly originating from, but it seems to be generating new .EXE’s at random every time I re-start my machine. At first it was nfl.exe, then changed to dgr.exe, then cul.exe, ad nauseum. There are also no registry entries as listed above. Please. Help.

t April 3rd, 2016 at 11:33 pm

ive went to the task manager and stopped the task….
the filename is rii.exe
but when i do the second step..
locate the file in
C:\Documents and Settings\[username]\Local Settings\Application Data\[random three letters].exe
i cannot find the file…i searched ‘rii’ in My Computer…and there wasn’t any named rii.exe
please help

Ian MacDonald April 4th, 2016 at 11:29 am

1. The virus did infect Safe Mode – I had to go to safe mode with DOS to remove it

2. I found fgo.exe _and_ ccy.exe in the quoted folder, plus two other files (IconCache.db and a random long filename) with the exact same creation timestamp. The exe’s were flagged as hidden system files so didn’t show up (unless I did dir /a) and wouldn’t delete. I used attrib to reset the flags.

3. Stopped the process with Task Manager and deleted all.

4. It had hijacked rundll so I couldn’t run anything. Eventually managed to get msconfig to run by getting an ‘Open With…’ dialog on something and browsing to msconfig.

5. Then got everything back to normal by restoring the system state to the day before. Again I had to browse to rstrui.exe from ‘Open with…’ to do this.

6. Phew! It looks from the timestamp like it was my antivirus program update that delivered the virus! I’ve now changed to another one!

Steve April 5th, 2016 at 12:14 am

The virus is toi.exe on my system –
In the middle of the battle to remove it, thank goodness we have other computers to use in our household!

Could Be Homicidal April 5th, 2016 at 3:09 pm

Well, I got it licked. I had to say “no” before Safe Mode loaded and activate System Restore that way. I guess I didn’t have quite all the features possible of Avira installed (funnily enough I had to reinstall after the Restore). To clarify, seems it was the rootkit acting through Safe Mode, preventing stuff from being opened; the program itself did not act though.

Neehko April 27th, 2016 at 8:14 am

My son got this virus, here’s what I did. Virus works in safe mode, but I could see it was called var.exe but the name may change. Open TASK MANAGER crt/alt/del now open explorer or some other program and watch for it in the processes tab. Kill it (end process), run antivirus, it will start again, kill it again, hopefully your antivirus (I have Avast) will block it. The serial number posted elsewhere seems to end it but then it does something nasty to your programs, ie they wont run. You then need to find ‘regfix’ on the web, run that through the CMD prompt and all should be fine. Hope that helps

Leave a Reply