Severity scale:  

XP Anti-Virus 2011. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as XP AntiVirus 2011, XP Anti-Virus | Type: Rogue Antispyware

XP Anti-Virus 2011 is a rogue anti-spyware program which applies the basic tricks of scams from this category. Though it declares to be a powerful virus remover, keep in mind that this program is the only one that needs to be eliminated because it reports invented viruses. The rogue program will pretend to scan your computer and immediately will report numerous viruses. Some of its alerts may state about Trojan-BNK.Win32.Keylogger.gen threat for making you scared and push into purchasing its license which will be offered additionally. Pay attention to the fact, that XP Anti-Virus is dangerous and has nothing to do with system security!

XP Anti-Virus 2011 program has been manipulating people into believing it is useful software. However, this rogue anti-spyware mostly penetrates into a random computer system without the user’s knowledge and approval and opens the backdoor of the system to let more threats or allow the scammers to reach your personal information. All this is done with a help of Trojans that infect vulnerable systems through fake online scanners. As you can see, you should not believe XP Anti-Virus 2011 and its spyware detection reports as they are fabricated and have in fact nothing to do with the true condition of machine. Don’t buy this software though it will definitely promise to fix your computer, but remove XP Anti-Virus 2011.


1. Firstly, type this registry code into its manual registration section to disable alerts interrupting when trying to remove malware: 1147-175591-6550 .

2. If this fails, reboot machine into Safe Mode with networking with a help of F8, launch task manager and stop all 3-letter named processes, also processes named like garbage.

3. Search for malware files on hard disk and delete them, edit registry. You can also use automatic removal program or STOPzilla for the last action.

4. Reboot, update your antivirus programs (preferably to internet security versions) and scan again. Make sure you got all the trojans out

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove XP Anti-Virus 2011 you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall XP Anti-Virus 2011. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.
Press mentions on Reimage
XP Anti-Virus 2011 snapshot
XP Anti-Virus 2011

XP Anti-Virus 2011 manual removal:

Kill processes:

Delete registry values:
HKEY_CURRENT_USERSoftwareClasses.exe "(Default)" = 'exefile'

HKEY_CURRENT_USERSoftwareClasses.exe "Content Type" = 'application/x-msdownload'

HKEY_CURRENT_USERSoftwareClasses.exeDefaultIcon "(Default)" = '%1' = '"%UserProfile%Local SettingsApplication Data[random].exe" /START "%1" %*'

HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "IsolatedCommand" = '"%1" %*'

HKEY_CURRENT_USERSoftwareClasses.exeshellrunascommand "(Default)" = '"%1" %*'

HKEY_CURRENT_USERSoftwareClasses.exeshellrunascommand "IsolatedCommand" = '"%1" %*'

HKEY_CURRENT_USERSoftwareClassesexefile "(Default)" = 'Application'

HKEY_CURRENT_USERSoftwareClassesexefile "Content Type" = 'application/x-msdownload'

HKEY_CURRENT_USERSoftwareClassesexefileDefaultIcon "(Default)" = '%1'

HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand "(Default)" = '"%UserProfile%Local SettingsApplication Data[random].exe" /START "%1" %*'

HKEY_CURRENT_USERSoftwareClassesexefileshellopencommand "IsolatedCommand" = '"%1" %*'

HKEY_CURRENT_USERSoftwareClassesexefileshellrunascommand "(Default)" = '"%1" %*'

HKEY_CURRENT_USERSoftwareClassesexefileshellrunascommand "IsolatedCommand" - '"%1" %*'

HKEY_CLASSES_ROOT.exeDefaultIcon "(Default)" = '%1'

HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = '"%UserProfile%Local SettingsApplication Data[random].exe" /START "%1" %*'

HKEY_CLASSES_ROOT.exeshellopencommand "IsolatedCommand" = '"%1" %*'

HKEY_CLASSES_ROOT.exeshellrunascommand "(Default)" = '"%1" %*'

HKEY_CLASSES_ROOT.exeshellrunascommand "IsolatedCommand" = '"%1" %*'

HKEY_CLASSES_ROOTexefile "Content Type" = 'application/x-msdownload'

HKEY_CLASSES_ROOTexefileshellopencommand "IsolatedCommand" = '"%1" %*'

HKEY_CLASSES_ROOTexefileshellrunascommand "IsolatedCommand" = '"%1" %*'

HKEY_CLASSES_ROOTexefileshellopencommand "(Default)" = '"%UserProfile%Local SettingsApplication Data.exe" /START "%1" %*'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = '"%UserProfile%Local SettingsApplication Data[random].exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = '"%UserProfile%Local SettingsApplication Data[random].exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode'

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = '"%UserProfile%Local SettingsApplication Data[random].exe" /START "C:Program FilesInternet Exploreriexplore.exe"'

Delete files:

Delete directories:



About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions



  • jim

    Thanks much, but if only it were so simple…

    Just got hit with this on our Dell today and Ive got hundreds of rkr.exe processes running. Tried running < taskkill /f /im rkr.exe > from cmd without success.

    Now the malware doesnt even launch providing the opportunity to enter the reg key provided. Safe mode or not, machine is just hijacked with blank windows flashing. Any thoughts greatly appreciated.

  • simon

    Help how can i do a system restore after this virus, think it has disabled the restore wizard.

  • simon

    I think i have got rid of this sick virus as far as i can see but has certenly left its mark. Most of my programs wont run, windos media, word etc, when i try to open such programs an “open with” box pops up but that dont work either.
    Thought i would try a system restore but it seems to have disabled the restore wizard, or is there another way?
    Thanking you in advance

  • lawrence

    Put the reg key no in as printed above and hopefully has solved problem
    Thank You

  • Goutham

    wowww…. Thank u so much …… Its help me like awesome

  • Catherine

    Thank you , Thank you, Thank you!!!!!! Its good to know there are good people out there like you!!!!!!!!!

  • merckz

    this definitely saved my hubbys computer! awesome, u guys!

  • Shanique B.

    Thank you guys SO much! I thought for sure my laptop was a goner!

  • dchappell128

    Wow i was worried i wouldnt be able to sort this out, thanks alot man. Just one thing, should I buy some antivirus now?

  • Joe

    I had this virus on Windows XP and did the following to get rid of it:

    1. Start – Run – Type “Regedit”
    2. “Edit” – “Find” (search for the 3 letter random exe file)
    3. Delete every entry that had the 3 letters and “.exe”
    4. Example mine was “ipk.exe” so I deleted all that had that in the string. there were about 5-6 entries.
    5. Download “MalwareBytes” and run a Full Scan (TWICE).
    6. One scan will removed the virus code, but it will try to come back.
    7. Run again until its clean.

    Note: It could take hours to run

  • Hallie

    Thats way the betsest answer so far!

  • CAT

    This junk got into my computer and would not let me run my virus scan or malwarebytes program. It then locked me out of my computer altogether. I am having my windows XP reinstalled as I write this on my desk top. I have had flashing warnings and popups on this desk top about the same virus. I guess it got into both of them. I was searching google for images of tropical pictures to use for my photo site when it showed up on one. I was searching for step by step instructions on google on how to highlight hair and then it popped up on this one. Darn this sucks. It is not that easy to just get rid of. I also did not buy the program that it was trying to get me to do. I ran my virus and malware just before it locked me up and it said all was fine.

  • saby

    I found that the executable that was triggering the xp antivirus 2011 pop-ups are epy.exe . I opened registry (by putting regedit in the “Run”), searched for epy.exe and removed all the entries. I found 4-6 entries. After that I do not have the menace in my laptop.
    The people who create such malicious program are mentally sick.

  • Dz4/12/11

    Thanks. It helped me a lot.

  • babu

    great solution ra