XP Defender Pro is new clone of XP Internet Security 2010, which is a rogue antispyware program. The fake security program only looks like a real antispyware application, but unlike it, can not remove viruses and trojans, as well as protect your computer from possible infections.
XP Defender Pro is installed onto your computer through the use of trojans completely invisible, it does not output any warnings and requests to install. During installation, the rogue configures itself to run every time when you run any program (files with .exe extension) on your computer. Once started, it begins to scan your computer and in the process finds a lot of infected files, trojans, viruses, and so on. These results are nothing but deception, XP Defender Pro uses the results of scanning as a method designed to scare you into thinking that your computer in danger.
In order to create the fully simulation that you computer is infected, XP Defender Pro will display various fake security warnings and hijack Internet Explorer and Firefox, so it will display fake warnings when you opening a web site. However, all of these alerts and warnings are a fake and like false scan results should be ignored!
If you get infected with XP Defender Pro, please do not be fooled into buying it. Instead of doing so, follow the XP Defender Pro removal guide below in order to remove this malware, and any other clones of XP Internet Security 2010.
Use the following instructions to remove XP Defender Pro (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Defender Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Defender Pro infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Defender Pro. MalwareBytes Anti-malware will now remove all of associated XP Defender Pro files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Defender Pro creates the following files and folders
%AppData%\ave.exe
XP Defender Pro creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
thats not free you have to pay just to remove the fucking virus
Read comments here. It is really free method to remove this malware.
Click on the link to remove XP Defender instructions within the text above “XP Defender Pro removal”. READ next time!
It’s not free you f*ckers you have to register and pay for it to remove XP defender – lies don’t waster your time!
Dave, read comment by Nat above.
Just have updated the instructions above.
People that invent viruses should be made to die by them…
Worked like a charm. Thanks!
After a week of dealing with this pain in the ass and trying to find a way without giving $89.00 to McAfee I tried #2 (#1 didn’t work) and rebooted. Icon for the virus are gone and I can do all the things that were locked up. THANKS!
Thank you so much. It is working so far. I am so thankful to your site for helping people get rid of these fake programs that take over computers!!
Thanks again. Worked the first time and hopefully it won’t come back.
Worked great so far. Thanks so much!
I’m unable to complete the Method 1 or 2 from Step 1. I get this error “Cannot import c:\Documents and Settings\Grippostadt\Desktop\fix.reg: The file is not a registry script. You can only import binary registry files from within the registry editor.”
I skiped step one and was able to finally get Malwarebytes installed and it found some things- when I removed them adn went to reboot I got the blue screen once I started up again. I was able to close “ave.exe” in task manager and get windows to open up but I’m still having pop-ups. Any idea of what I could have done wrong?
Thanks!
oh my god i literally can’t believe this worked. so far i’ve only rebooted but it seems to be fine (i was able to open firefox no problem). used method 2. really hoping this is a permanent fix and it’s not hiding somewhere. thanks again!!!
Taryn, try method 2.
First, I am okay with computers but I am not a computer savvy guy when it comes to “fixing” things. I followed your instructions regarding method #2 and it worked the first time; then I downloaded the MalwareBytes antimalware software. It found three infected files and they were removed quickly. Thank you, thank you, thank you. Oh, by the way, the problem was on my wife’s computer so my fixing this scores BIG points.
I have tried methods 1 2 and 3. nothing is working and xp denfender takes over my computer even in safe mode. I already had malwarebytes anti malware installed, should I delete this and start from beginning. I have also tried re naming file. Suggestions? thanks fro the help.
Tried method 1. Worked like a charm. Thanks!
Hopefully it is not hiding some where 🙂
I GOT THIS AFTER DOING WINDOWS UPDATE DOWNLOAD. AFTER MANY ATTEMPTS TO REMOVE, I FINALLY FOUND YOU GUYS, METHOD #1 DID NOT WORK FOR ME, BUT METHOD 2 DID. THANKS , SO FAR SO GOOD.
thank you thank you thank you!!!! at this point i didn’t even have to run the mbam, just the registry fix and it worked like a charm… i still have it just in case this bs shows up again… but at least my hubby thinks im a genius!! lol
Hey I tryied step 1 didnt do @#$% and when I hit install for step 2 nothing happens what the #@$ are you all thinking this crap dosnt work go somewhere else for the answer!!!!
My sincere thanks to whoever posted this fix. I somehow got this virus while surfing the web for myspace editing tutorials.
I ran Ad-Aware, which quarantined the virus but also knocked-out my ability to open programs directly from the start menu or desktop. A “what program should we open this with” prompt window would appear instead.
Method 1 worked for me, I just rebooted and everything is opening as it should again.
I did method 1, but after rebooting, my system will not start. After the Windows XP logo loads, the screen stays black, with only the mouse cursor. How do I get around this?
Kim, try update malwarebytes and perform a scan.
Kyle, if the instructions above does not help you, then ask for help in our Spyware removal forum.
Eddie, read the instructions and try boot your PC in Last good configuration.
Thank you so much for this fix, worked perfectely on serveral of my clients machines. very interesting stuff. i would reccommend performing the INF install as the REG mod didnt work for me. And for any loser who states this article is bullshit and you just need to pay to remove, you seriously need to grow a brain. and some manners for matter. Thanks again.
Thanks, method 1 worked and wow that was almost too easy after all the other stuff I had tried. It’s pretty sad that I paid 50 bucks for mcafee and somehow I still got that stinking virus. Anyway thanks again.
I found your article a little too late. I ran Malwarebytes’ Anti-Malware first in safe mode, but now the registry is messed up and my PC doesn’t know what to do with .exe files.
Can I fix the registry after the fact as described here in this article?
Thanks!
A great fix! It’s finally gone, PTL!!! thank you so much for the info. I’ve needed this for weeks. I’ve purchased and ran multiple anti-virus/malware packages and this package along with your instructions beat out MS solutions, AVG, Bit Defender, and many others. I’m gonna buy it just ’cause. Great work!!!
Jeff
PS…it was option #2 that worked.
jas
Eric, yes, use the first step above to fix your problem.