Too late the hero
Don't ever connect?
I discovered at least one XP machine in the extended family running last week. To date, it hasn't been compromised by anything, or at least anything immediately apparent.
It may well be a lovely node on a botnet, but no ransomware encryption nasties have infected it, and the operators have not had entire lifesavings sucked out their banks, or online accounts hijacked.
Bizarre, but true. You'll be asking "May be part of a botnet? Don't you know - haven't you nuked it from orbit!?" Well, I haven't bothered to look at it any further than a brief perusal out of morbid curiosity. A day, or a week is going to make not a blind bit of difference at this juncture, whether I take it out the back and shoot it, or not - besides I'm meant to be retired from all that nonsense.
Security is hard, and you'll never patch all the holes in anything. My time in IT gave me PTSD, and the understanding that the advice is: 'never connect anything to the internet' - never mind WinXP. It's naive to think 'Hey I'm all patched up today - no vulns for me"
Hell, even an airgapped machine will get royally screwed the minute a grunt gets a hold of it - there is absolutely, unequivocally, zero defence against stupidity.
Best you can ever do is have backups, and go home for a pint. Some survive the battle for a while, in the same way a dandelion survives the mower - dumb chance. You can swerve around all you want, heroically running from the treeline every day, if you feel it helps. 'He killed 15 zero-days single handed...30, if you like'
Yeah, that XP machine has to die, of course it does, though some twisted part of me wants to leave it operational, and to snoop the bejeezus out it, just to see what myriad nasties are operating in there - and if there are none - how in the seven hells there aren't.