Severity scale:  

XP Guardian. How to remove? (Uninstall guide)

removal by Linas Kiguolis - -   Also known as XPGuardian | Type: Rogue Antispyware

XP Guardian is a fake anti-spyware program that is distributed through the use of Trojans or comes bundled with other malware. Once a Trojan virus is installed, it will impersonate an Automatic Windows Updates window and download the rogue program onto your computer. When the rogue program is active, it will imitate a system scan and report false system security threats. What is more, XPGuardian will constantly display fake security alerts and impersonate Windows Security Center to make the scam look more realistic. Finally it will ask you to pay for a full version of the program to remove the infections which don’t even exist. Don’t purchase it and remove XP Guardian virus from your computer upon detection.

XP Guardian graphical user interface
[Figure 1. XP Guardian graphical user interface]

The worst thing about XP Guardian is that it actually protects itself quite well. It blocks legitimate security software and hijack web browsers. In some cases it blocks all programs, not only anti-virus or anti-spyware software. Furthermore, it will detect many of well known and reputable websites as harmful and display fake security alert stating that you may infect your PC if you open a particular website. And of course, it disables certain Windows functions such as Task Manager or Regedit. It’s possible to remove it manually, but you have to re-enable those Windows functions at first. You may also download an automatic removal tool, but again have to fix some registry entries and terminate the main process of XPGuardian which is AV.exe to be able to run the removal tool.

XP Guardian removal instructions:

1. Click Start->Run (or WinKey+R). Input: “command”. Press Enter or click OK.

2. Type “notepad” as shown in the image below and press Enter. Notepad will open.

3. Copy and past the following text into Notepad:

Windows Registry Editor Version 5.00


“Content Type”=”application/x-msdownload”


4. Save file as “exefix.reg” (without quotation-marks) to your Desktop.
NOTE: choose Save as type: All files

5. Double-click to open exefix.reg. Click “Yes” for Registry Editor prompt window.

6. Download STOPzilla or an automatic removal tool below. Update STOPzilla and run a full system scan.

If you can’t complete the above steps then please use another PC to download an automatic removal tool and exefix.reg (Right Click (Save Target As)) to download file. Copy these files to USB flash drive or any other external media and transfer them to infected computer. Launch exefix.reg file first and then install STOPzilla.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove XP Guardian you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall XP Guardian. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

XP Guardian manual removal:

Kill processes:

Delete registry values:
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*

HKEY_CURRENT_USERSoftwareClassessecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*

HKEY_CLASSES_ROOT.exeshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*

HKEY_CLASSES_ROOTsecfileshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "%1" %*

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe"

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode

HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand "(Default)" = "%UserProfile%Local SettingsApplication Dataav.exe" /START "C:Program FilesInternet Exploreriexplore.exe"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "AntiVirusOverride" = "1"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center "FirewallOverride" = "1"

Delete files:
%UserProfile%\Local Settings\Application Data\av.exe

%UserProfile%\Local Settings\Application Data\WRblt8464P

About the author

Linas Kiguolis
Linas Kiguolis - Expert in social media

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Linas Kiguolis
About the company Esolutions

  • Guest

    OMG thank you, it worked!
    i can open stuff again

  • Captain Morgan


    If you follow the manual removal instructions don't just delete values, replace it with “%1” %* otherwise you will not be able to open any applications.

  • Guest

    thank you, it worked

  • Guest

    The death penalty for whoever wrote XP Guardian

  • Guest


  • Guest

    I clicked Regedit down and forgot the “%1” %* what do i do?
    cant open anything got nod32 and Mozilla started.

  • Guest

    thanx… it works…. mannual… 🙂

  • Guest

    Many thanks. I've added this site to my security collection in favourites.

  • Guest

    Many thanks. It's great to have sites like yours who help out desparate users!

  • Chicken

    Had to do it manually but now I think it is gone for good. I don't know much about computers and this helped me a lot. Also, like Captain Morgan said DO NOT DELETE THE VALUES. It stops you from opening things and can be a real b***h when you already have XP Guardian on your hands.

  • Guest

    i almost purchased it to make the pop-ups go away, thank god for this website do i have to keep spyware doctor on my computer now or can i uninstall it when all is back to normal?

  • Wait..
    I have to pay for spyware doctor to remove the threats?
    What the hell?

  • Guest

    You don't need to do the sixth step… once you've finished the fifth you can reboot your computer and run a scan on your own security system if you want.

  • Guest

    100% efective! Just I removal XP Guardian thanks to this article.


  • Guest

    thanks it worked

  • cvoelcker

    I add my thanks. The process worked!

  • Guest

    Worked for me. One thing to try that worked for me to be able to use my browser was I kept shutting down “av.exe”. That seems to be the executable causing the problem.

  • oznerol

    When i try to open the exefix.reg file it tells me it can only open binary files . whats going on?

  • Guest

    Worked great! I followed the directions through step 5, then rebooted as one of the other posts suggested and I was back up and running within 5 minutes. Following that I ran the spyware scan in the background.

  • Guest

    Wonderful. Thank goodness for this information. Was a little concerned about downloading further programmes when I wasn't really sure what I was doing (not a computer expert). It certainly did the trick though. MANY THANKS !

  • Guest

    omg thank YOU SO MUCH

  • Kanth

    Please help me. I followed the manual steps above but didn't see Captain Morgan's suggestion until it's too late. I cannot open .exe files now. What should I do now?

    Thank you very much for such a wonderful site.

  • April

    What I'd like to know is how you can avoid these things. What kind of sites should you avoid going into? It seems whenever my daughter is on my computer I start getting these darn viruses! What can I do to stop it?

  • Guest

    I'm getting a “binary only” message upon using exefix.reg. Any suggestions?

  • Guest

    mine keeps sayin only binary my brother only just told me it was a freakin virus my pc bin like this for 3 dam days i was ready to kill my mate as i thought he had messed it up lol

  • Guest

    Awesome instructions! Had the whole computer fixed, up, and running in about 5 minutes. Thank you, Thank you, Thank you! 🙂

  • Andrew

    omg thank you sooooooooo much, this program almost had my buying it before i realized it was a viruse, and your instructions saved it. Thank you sooooo much!!!!=]

  • Guest

    too bad you have to pay for this service!!!!!!!!!!!!!

  • Guest

    For anyone having the “binary only” prompt, open the file again using Notepad and go to “save as” then make sure “file type” is set to “All Files” and not text.

  • Guest

    this just worked for me, brilliant

  • Guest

    This is amazing! Your steps totally helped me!
    I did all till step 5 and rebooted my computer and it;s gone!
    Currently running my scan now but it seems to be ok.
    Thank you!

  • Guest

    OMG i dont get it i did a scan and it worked but suddenly my computer shutted down for no reason then when i turned it on Guess what…IT CAME BACK 🙁 and now when i do a scan it wont work and it is still on my computer 🙁

  • Guest

    I dont get this it wont go away even if i do the steps 🙁

  • Guest

    Hi can you tell me if a system restore will also get rid of it. As i have done this and Guardian doesn't appear to be running but am concerned that it is still somewhere on my computer

  • Guest

    Thanks man, worked like a charm A++++++++

  • PR

    i did all the registry edits, up until the file that needs to be deleted “%UserProfile%\Local Settings\Application Data\av.exe %UserProfile%\Local Settings\Application Data\WRblt8464P ”

    how do i get rid of this one?

  • Guest

    im getting the binary code when i open it from the desktop even when saves under all files so then i tried to open it in the registry and it says some keys are open by the system or other process, any suggestions?

  • Guest

    thankyou, saved alot of time and effort

  • Guest

    Worked perfectly! I am so glad there is help against these terrible spyware programs that work and are free. THANK YOU!!

  • Guest

    worked perfectly fine. Another way is to
    Step 1: open registry file by Start – > Run -> type regedit
    Step 2: Go to Edit->Find and search “av.exe”
    Step 3: delete entry
    Step 4 : press F3 for find next and repeat step 3.
    Step 5 : restart system after all entries are removed.

  • Guest

    Help please i have followed all the instructions BUT when spy doctor is installing and there is only 32kb to go. I am getting an error message. and the guardian is still doing my head in. I'm no expert on computers need an idiots guide

  • Guest

    I also got the “binary only” error message when I created the regedit file myself. So I downloaded regedit and Windows Defender to another computer and transferred to the infected computer on a thumb drive and the procedure worked perfectly!

  • Guest

    Um.. i tried to edit my registry, but it said “editing registry is disabled by your admiistrator.” What to I do?

  • Guest

    I am also getting the message “editing registry is disabled by your admiistrator.” What to I do? HELP PLEASE