XP Defender Pro is new clone of XP Internet Security 2010, which is a rogue antispyware program. The fake security program only looks like a real antispyware application, but unlike it, can not remove viruses and trojans, as well as protect your computer from possible infections.
XP Defender Pro is installed onto your computer through the use of trojans completely invisible, it does not output any warnings and requests to install. During installation, the rogue configures itself to run every time when you run any program (files with .exe extension) on your computer. Once started, it begins to scan your computer and in the process finds a lot of infected files, trojans, viruses, and so on. These results are nothing but deception, XP Defender Pro uses the results of scanning as a method designed to scare you into thinking that your computer in danger.
In order to create the fully simulation that you computer is infected, XP Defender Pro will display various fake security warnings and hijack Internet Explorer and Firefox, so it will display fake warnings when you opening a web site. However, all of these alerts and warnings are a fake and like false scan results should be ignored!
If you get infected with XP Defender Pro, please do not be fooled into buying it. Instead of doing so, follow the XP Defender Pro removal guide below in order to remove this malware, and any other clones of XP Internet Security 2010.
Use the following instructions to remove XP Defender Pro (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Defender Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Defender Pro infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Defender Pro. MalwareBytes Anti-malware will now remove all of associated XP Defender Pro files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Defender Pro creates the following files and folders
%AppData%\ave.exe
XP Defender Pro creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Andrew, the message shows Chrome when you trying open any site ?
chris, ask for help in our Spyware removal forum.
Patrik, yes, that message comes up in chrome no matter which site I try. It is the same message I got when Xp Defender was blocking internet acess, but now that I used your method #2 I can use Mozzilla, Skype, and anything else that needs internet. Could I have messed up something in the system registry?
I opened an apparently rogue website and got this virus. I could only close the XP Defender window using task manager. However, I was unable to run any programs. I rebooted in Safe Mode and did a system restore to a previous day.
Apparently everything is now OK. None of the registry entries are there, and search for ave.exe turns up nothing.
cheers guys 5* help 😀
Malwarebytes is a great piece of free software. I manage 40+ pc’s and have a few of these virus’s…..Works everytime. I do need to clean registries every now and then but Malwarebytes works like a charm…
Peace!
brill – option 1 worked a treat – so good to reboot and have the rubbish gone! all worked exactly as it should – if ever there was a case for having a computer and a laptop so one can go online and find this solution while the other is down then this was it – thanks again
Hey thx a lot for the fix problem 85% solved, rents went to mexico i was watching american dad when i picked up the virus this is day three and i finally figured out what i was doing. so virus is gone used 3 different programs to find problems all clear now but two things are still messed up and seeing as how your really good with computers i figured u could help me out. i can’t use task manager on my mother account which is secondary already made sure she wasn’t a limited user, also i cannot connect or use the internet at all… i got till Saturday morning hopefully u can help me out by tomorrow so i can have this fixed after work THX a lot Patrik. i have xp home edition just in case it matters but yea hopefully u can help me out i don’t feel like spending another couple of hours trying to get this to work.
also just read Andrews comment chrome IE explorer and any form of update program all non working thx again 🙂
also did step one and 2 several times in between scans and reboots ect.
Thank you … the second one worked for me. I was a bit wary as I have had one of these before and the help was no help at all, but having feedback from people really helped my decision to try it.
Thanking you once again xxx
but it didn’t stop the pop-ups … think that must be from another virus … grrrr
this worked perfectly on method 2.. i love that this information was available to save the day i was about to blow a head gasket realizing some retard made this phony bs to put onto a computer in the first place. many thanks to helping me out
Andrew, try reinstall Chrome.
Ryan, if updates are blocked, then probably your computer is infected with TDSS/DNSChnager trojan. Ask for help in our Spyware removal forum.
Michelle, open a new topic in or Spyware removal forum. I will check your PC.
Patrik, I reinstalled Chrome, still no luck. Itunes no access to net either for some reason.
Thank you soo much!! it works!!!!
Andrew, looks like your computer is infected with TDSS trojan. Try the instructions.
I just got this XP Defender Pro on my computer last night out of no where and I freaked out and restored my computer to an earlier date. Does this mean my computer still has this program and is infected? I did a full virus scan after I restored it, but I’m still worried to use my computer.
I used method 1 and it worked for me! Thank you so much!
No luck.
Another set of instructions I found for Xp Defendero removal involved altering the registry. Could this be the problem?
THANK YOU SO MUCH! IT IS FREE IDIOTS!!!
WORKED PERFECTCALLY TAHANK YOU THANK YOU THANK YOU!!!!!
omfg thankyou the second method worked!!!!!!!!!
no more fucking defender xp shit im free 🙂
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Necy, anyway you need scan your PC with Malwarebytes.
Dear Sir, thank you so much for your problem solution. My computer was infected 2 days ago. I stumble upon many websites and had downloaded 2 spyware software whereby after scanning I found out it wasn’t free. My computer had registry problem yesterday and I spent whole day finding free registry cleaner and fortunately I found AML registry cleaner which was free, worked like a charmed. Today I found your website, the reason was I still had several problems like some icon would not appear. I don’t know how I found your website, am thankful I found it. I’ve followed your instruction carefully and it works oh so well. You’re an angel. You made my day. Thank you again!!!
Thank you so much. I used the first method under Step 1 and it worked brilliantly. Thank God there are good people willing to share their expertise. You are a knight.
Absolutly fantastic this worked and it is totally free, well done Guy’s
Thank you very much whoever posted this! My computer is running great now. 😀
Method 1 using “fix.reg” copied into notepad worked perfectly. I’m going to look for your tip jar now if you have one. I am very grateful for your knowledge and the time you took to post this remedy. Xp Defender is one annoying piece of malware.