XP Defender Pro is new clone of XP Internet Security 2010, which is a rogue antispyware program. The fake security program only looks like a real antispyware application, but unlike it, can not remove viruses and trojans, as well as protect your computer from possible infections.
XP Defender Pro is installed onto your computer through the use of trojans completely invisible, it does not output any warnings and requests to install. During installation, the rogue configures itself to run every time when you run any program (files with .exe extension) on your computer. Once started, it begins to scan your computer and in the process finds a lot of infected files, trojans, viruses, and so on. These results are nothing but deception, XP Defender Pro uses the results of scanning as a method designed to scare you into thinking that your computer in danger.
In order to create the fully simulation that you computer is infected, XP Defender Pro will display various fake security warnings and hijack Internet Explorer and Firefox, so it will display fake warnings when you opening a web site. However, all of these alerts and warnings are a fake and like false scan results should be ignored!
If you get infected with XP Defender Pro, please do not be fooled into buying it. Instead of doing so, follow the XP Defender Pro removal guide below in order to remove this malware, and any other clones of XP Internet Security 2010.
Use the following instructions to remove XP Defender Pro (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Defender Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Defender Pro infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Defender Pro. MalwareBytes Anti-malware will now remove all of associated XP Defender Pro files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Defender Pro creates the following files and folders
%AppData%\ave.exe
XP Defender Pro creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Same as Lchmast, I was locked out my security center, internet and basically all of control panel. Method 2 did the trick. Many thanks.
thanks you saved me from buying that software called XP Defender. I really want to thank you, thank you, thank you……wow it worked. Thanks for the great assistance.
Thanks for fix I use #1. It removed the Trojan XP Defender, which took me unaware. My you have got to hand it to these guys; this is smart but very nasty software.
This is the only PC that I don’t run \No Script\ addin on Firefox, which once set up (a bit of a pain) provides all the protection you need against this stuff.
After removal my PC would not reboot BTW and got stuck in a loop by the Daemon driver \SPTD.SYS\ – I don’t use Daemon tools. I managed to get into Safe mode, remove the driver (rename to a .Poo file lol) and then run MBAM. My Trojan file was called a.exe FYI.
Many thanks
Phil
SO I tried method 1 and then did method 2 after without restarting….then restarted my computer and got a screen saying launch in Safe Mode, a couple other options, or just boot normally. Any option I choose it just gos to the blue welcome screen and restarts the computer…keeps doing this. I tried booting with my windows CD and doing the chkdsk /r along with fixboot….to no avail…still keeps restarting…any idea what i should do? thanks
DJ, you have tried boot your PC in the last good configuration ?
Yeah, any of the options I choose the computer just restarts. I took it to Geeksquad and I guess theyre convinced its the XP Defender virus doing it, but a diagnostic+repair will cost me 199 :S
teknostuff.blogspot.com/2009/09/windows-xp-crash-recovery-when-all-else.html
^I was considering doing this but still am not set on what to do..thanks
How can you remove it permanently? I have removed this annoying thing about 10 times now. How can I get to the point that I don’t have to worry about it?
DJ, you can try it.
Jamie, probably your computer infected with a trojan that reinstalls this malware. Start a new topic in our Spyware removal forum, I will check your PC.
Hi, please help me. All programs in my laptop are locked. What should I do to remove it? Even to browse or listen to music or look pictures. PLEASE help me.
Olive, try the steps above.
OK so i tried both 1 and 2 and neither work
THe run command has been disabled in option 1
In option 2 the * function is not recognised……aaargh !!!
Çok Teşekkürler. Sizin gibi insanlar oldukça sanal alem çok daha güzel…
I can’t get into any files i.e. regedit, can’t open any internet to download anything…the xp virus just keeps popping up. Unable to find anyway to get into anything w/o that damn msg popping up…any1 else have this issue??? Plz help!