How can I remove the XP Total Recovery 2011 virus from my Windows XP machine?

Ari Kashton April 12, 2011
Pinterest Stumbleupon Whatsapp

My eight year old told me our computer was going “wonkey”. He was on the Teletoon website. Apparently, our computer has been infected by the XP Total Recovery 2011 Virus. Unfortunately, we only have one user account on Windows XP, so we cannot switch to an uninfected user account. The virus also seems to prevent any downloading of anti-virus updates for anti-virus programs.

Do you know how one can manually remove the virus or, even better, what program(s) can safely remove it without crashing or locking up the computer? Many thanks.

Ads by Google

  1. Rambupalreddy
    February 10, 2012 at 12:33 pm

    this time is very super wok

  2. FIDELIS
    April 13, 2011 at 3:24 am

    Hello, the most important thing you can do everytime you restart your computer is not to run the scan that pops up in order to boot up completely. Some of these new fake antiviruses infect you more the more you scan. Try to close fake antivirus program windows if possible. Here are the steps that work 100 % with these kind of infections. I would recommend not to reformat because on my experience these kind of fake antiviruses are a pain but no really hard to get rid off.

    Go to the following site and download Rkill. Rkill is a tool specifically coded to stop the malware executable files from working. When you run Rkill and it finishes shutting down the malware files, you can use your computer normally until the next restart.

    http://www.bleepingcomputer.com/download/anti-virus/rkill

    If you are using a different computer, try to download the iExplore.exe version to a flash drive and run it from there by double clicking on the file. If you are using the infected computer, downloaded to your desktop. This version of the program is almost never stopped from running by malware because it imitates the explorer.exe file on your computer. Once the program is on flash drive, plug your flashdrive and run the program by double clicking on the file. Let the program do its thing and you will know that it stopped the malware when you see no icons on your desktop and your computer is behaving normally.

    Ok, after you run Rkill, malware will not stop you from downloading antivirus updates or antivirus programs. Take advantage of this, and go to http://www.malwarebytes.org/ and download the free version to your desktop or a flash drive. Also go to http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE and download the portable version of the file. It should have a .com extension. Malwarebytes and SuperAntiSpyware are two of the best antimalware tools available nowadays and best of all, the free versions are more than enough to fix malware problems.

    Now, in order for you to completely clean your computer, it is better if you disable the system restore and its restore points. It is important you do this because if not, malware might reinstall next time you restart your computer. Remember that if you use
    rkill, you will have no icons on your desktop, you will have to use the task manager to access programs. In order for you to access system restore, follow the next steps:

    -- press Ctrl + Alt +Del to launch Task Manager or Ctrl + Shift + Esc
    -- on menu, click on File
    -- select new Task
    -- enter the following command:

    %systemroot%system32restorerstrui.exe

    -- click on Ok
    -- click on System Restore Settings
    -- put a checkmark on Turn off System Restore on all drives
    -- click on ok

    When the steps above are done, restart your computer and access safemode. It would be optimal to select safemode with networking because then you will be able to update your antivirus software and SuperAntiSpyware. Here is a link explaining different ways of reaching safemode:

    http://bertk.mvps.org/html/safemode.html

    Once you are on safemode with networking you can either, copy the programs you downloaded from your flashdrive to your computer, or run the programs from your flashdrive. Double click on the SuperAntiSpyware program, select updates, and then run a full scan. When program is finished scanning delete any entries found and if asked to restart computer, choose no.

    Now, execute the Malwarebytes program, check for updates and run a complete scan. When scan is finished, delete any entries found. By now, your computer should be clean or almost clean. To make sure, update your antivirus if you have one installed, and/or download a antivirus program and run a full scan. Here are two good free options:
    avast free: http://www.avast.com/en-ca/free-antivirus-download
    security essentials: http://www.microsoft.com/security/pc-security/mse.aspx

    After you run all the complete scans for the softwares mentioned above, and your system is reported clean, restart computer on normal mode and to make sure, run complete scans of the two spyware fighting softwares and also a complete scan with your antivirus software. If nothing is found and system is clean, go back to system restore and enable it. Make sure that you create a system restore when system is clean. Hope it helps;

  3. Oron Joffe
    April 12, 2011 at 10:48 pm

    I would suggest using a bootable anti-virus disc (CD or USB), such as Kaspersky (KAV) or AVG. You can download an 'ISO image' of the software, and there is information on their sites abou how to make the bootable discs. You can then boot up the PC from the disc and let it do a thorough cleanup job. Depending on how much data there is on the computer, it may take up to a few hours to clean the machine, but at least you'll have a clean machine.

  4. Roy
    April 12, 2011 at 6:31 pm

    This appears to be a difficult one to remove. There are a few methods I've seen posted but they are not always effective. Even after removing the malware some users aren't able to use System Restore, even to create a restore point. There is a guide available that you may want to try, though it involves quite a bit of tinkering with your Registry:
    http://remove-malwares.blogspot.com/2011/04/xp-total-security-rogue-how-to-get-rid.html

    The same post also recommends using Trojan Killer, which they say removes the infection automatically. I can't really speak for Trojan Killer because I've never used it.

    My advice is to wipe the computer and reinstall Windows. Usually I just tell people that's a good idea; in this case I would actually suggest it as the solution. If important functions like System Restore may no longer work, it's probably time to reinstall the OS.

    If the malware won't allow you to backup your important files first, try using a Linux live CD and accessing them that way so you can copy them to a flash drive. (Easier than it sounds! If you need any more specifics on how to do that just ask, I and probably many others on MUO can assist you!)