XP Defender Pro is new clone of XP Internet Security 2010, which is a rogue antispyware program. The fake security program only looks like a real antispyware application, but unlike it, can not remove viruses and trojans, as well as protect your computer from possible infections.
XP Defender Pro is installed onto your computer through the use of trojans completely invisible, it does not output any warnings and requests to install. During installation, the rogue configures itself to run every time when you run any program (files with .exe extension) on your computer. Once started, it begins to scan your computer and in the process finds a lot of infected files, trojans, viruses, and so on. These results are nothing but deception, XP Defender Pro uses the results of scanning as a method designed to scare you into thinking that your computer in danger.
In order to create the fully simulation that you computer is infected, XP Defender Pro will display various fake security warnings and hijack Internet Explorer and Firefox, so it will display fake warnings when you opening a web site. However, all of these alerts and warnings are a fake and like false scan results should be ignored!
If you get infected with XP Defender Pro, please do not be fooled into buying it. Instead of doing so, follow the XP Defender Pro removal guide below in order to remove this malware, and any other clones of XP Internet Security 2010.
Use the following instructions to remove XP Defender Pro (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Method 1
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
Double Click fix.reg and click YES for confirm.
Reboot your computer.
Method 2
Click Start, Run. Type command and press Enter. Type notepad and press Enter.
Notepad opens. Copy all the text below into Notepad.
[Version]
Signature="$Chicago$"
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,"""%1"" %*"
HKCR, .exe,,,"exefile"
HKCR, .exe,"Content Type",,"application/x-msdownload"
Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad.)
Right click to fix.inf and select Install. Reboot your computer.
Step 2. Remove XP Defender Pro associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for XP Defender Pro infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove XP Defender Pro. MalwareBytes Anti-malware will now remove all of associated XP Defender Pro files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
XP Defender Pro creates the following files and folders
%AppData%\ave.exe
XP Defender Pro creates the following registry keys and values
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1″ %*”
Thanks so much. I thought this was another fake site asking people to do this and that and leading to purchasing of a product.
However I have the notepad method a try and it worked.
Again, thanks for taking the time to make this– Bookmarked!:)
Another success story here. Method 1 and the subsequent steps worked flawlessly.
The scan took 40 minutes, most of which was spent looking through my “Temporary Internet Files” folder. I would recommend thinking about cleaning this folder out before the scan, if you want to resume browsing as quickly as possible.
Patrik and everyone who put this together are a tremendous resource. Let me add my sincere thanks to the pile.
XP Defender Pro, RIP.
some things i noticed that were effected by xp defender pro was when u go to start>run> services.msi i believe it had all my services disabled i didn’t know which ones were important but i turned them all back on my stuff seems to be running a lot better, but maybe you could look into things more and find out which ones are core system services might help people in the future thanks for all your help xp defender pro is 100% gone now just making sure i got no dns changers or tdss
thx again for all the help saved my @$$
Your solution worked great for a few days, until it came back once again! I also noticed while doing a google search on firefox, some sites would be redirected to a spam site. I’m sure it was caused by XP defender or whatever alias. I thought that maybe my firefox browser was bringing the virus back everytime I opened it, so I downloaded Google Chrome. Sadly, Chrome doesn’t want to load any pages, not even the home page! This thing is ruining my life slowly. Please help!
method 1 worked in seconds! I had to look this up on my blackberry and email to myself to read in Outlook as the XP virus would not let me connect to the internet. thank you, thank you!
Phil, probably your PC is infected with TDSS trojan. Try the instructions.
Ok! So it seems that the XP virus is gone (for now), and Malwarebytes found the TDSS trojan, however Firefox still has the same problems of redirecting to other sites. Should I run a full scan on Malwarebytes this time? Would that make a difference? I even ran it in Safemode with networking. I uninstalled Firefox and still have the same problems. Also Chrome will still not load any pages at all. Your solutions have been great so far, so do you have anything else up your sleeve? Thanks.
Phil, open a new topic in our Spyware removal forum. I will help you.
Absolutely brilliant. I used #2 and it worked a treat. thanks guys.
Thanks very much for this fix, the defender pro bug has been driving me mad today. Method 1 seems to have done the trick (touch wood)
Again, the fix is much appreciated.
Worked great on my first try. Used Method 1.
BIG THANKS!!!!!
Method 1 worked fine for me. Rebooted the system and things look good now.I scanned the system with Norton Anti virus but it didn’t help, your method worked though. Thanks a lot 🙂
I think I finally got it fixed but I cant access internet now. no browser I am using works. Any thoughts?
Thanks guys, got rid of the damn virus in 10mn.
Cheers lads step two worked for me straight after reboot,much appreciated
Used method one…seeem to have worked… THANKS!!!!
Hey everyone, I just got rid of this virus. Ran into a few bugs along the way that you might be having trouble with.
1- step 1 of the first method worked like a charm. After this I was able to start programs and such normally, even though XP defender was still hijacking most of the actual things I could do with them.
2- because Defender still had my browser by the balls, I downloaded the suggested anti-malware program (MBAM) suggested onto a flash drive on another computer (tip: don’t use a drive that has been in your computer just in case. I had just bought a new one, but any drive you don’t mind formatting after and which you have not used with the infected computer is ok). I then copied MBAM onto my infected computer and had to run fix.inf again (XP Defender was still not dead and had taken over .exe files again) and reboot.
3- I installed the MBAM from my desktop. It required an update to work and was clashing with my antivirus (AVG), so I turned AVG off while updating.
4- this is where it gets tricky. The virus was still interrupting MBAM. I used the task manager to kill all processes that made CPU usage go up during suspicious behaviour. It took some guesswork but I found I could kill a few processes and buy myself a few minutes of time beore it came back (ave.exe seemed to be the main exe file, but maybe not). I did crash my computer once doing this, and it takes some guesswork, but it was the only way I could get MBAM working.
5- MBAM took about 1 hour to scan my computer. During this time AVG was running but wifi was off. I had to close AVG to quarantine all malware, and it worked perfectly. An AVG scan right after turned up 3 more Trojans, got rid of them, and now all seems good.
I hope that was clear, I know very little about computers and I’m sure there are more efficient ways to do things. I tried to convey 48 hours of trial and error as best I could. Good luck.
-Nick
ken, try the following steps:
Click Start, Run, type regedit and press Enter.
Registry editor opens.
Navigate in the left panel to HKEY_LOCAL_MACHINE \ SOFTWARE \ Clients \ StartMenuInternet \ IEXPLORE.EXE \ shell \ open \ command
I the right part of window click twice to “@”. You will see a screen with the contents like below: “C:\Documents and Settings\user\Local Settings\Application Data\ave.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
Remove left part, leave only “C:\Program Files\Internet Explorer\iexplore.exe”.
Reboot your PC and try Internet Explorer to open any site.
ooppps…number one did not work… our friend came back…used spybot search and destroy… lrts see what happens
Oh my gosh. Method #2 worked perfectly! I’m in shock that it was really that easy! Thank you!
legend!!!!!!!!!!!!! Method 1 worked for me………….
Ok so I tried this and it seems to have worked but the next day I have a nearly identical program installed called “Antispyware Soft”. It seems to be even meaner becuase I cannot open a command prompt or install an inf file. Everything seems to be blocked. Any ideas.
Derek, try the instructions.
I’ve gotten this virus once before, and it was a pain to get rid of. This is my second time getting it….really annoying. Does anyone know of any good software that can prevent me from getting this again?
Shayna, you should have:
1. good antivirus
2. good antispyware with autoprotection module
Many of the exploits are directed to users of Internet Explorer. Use only an alternate browser – Firefox or Opera.
Update Java, Windows, Adobe Flash Player and Adobe Acrobat Reader
You guys rock!!! Let me add my name to the long list of thankful people. I couldn’t get my browser to work but was able to access your site with my iphone. I used Wordpad (notepad issues) and typed in Step 1 Method 2. I was able to install and it worked perfectly. I was then able to get online and download MBAM. Wonderful! I even ran the full scan just to be safe(r). Your services are very much appreciated!!!
Tried method 1, seemed to have worked. Restarted teh computer and needed to do it again. I hope this doesn’t continue…Trying to find the .exe now. This website has been the most help by far. Thanks.
The registry fix and config.sys file worked wonders on the computer that I was removing this infection from. It had blocked access to both the system folder in control panel as well as hijacked windows security center installing itself onto the list alongside the firewall and giving fake warnings that both the firewall and the antivirus was not on.
The PC was also infected with Your PC Protector. Once it was disabled, then XP Defendor appeared. I spent hours attempting to install Malwarebytes in which the rogue software blocked every attempt to do so. After running the fix to the registry it was disabled and I was able to continue with the installations.
Thanks for the great assistance.
hi
thanks you saved me from buying that software called XP Defender
the no 1 option worked first time once again many thanks
Barry
ps will keep an eye on your sight cheers
Method 1 worked for me. I don’t see those annoying popups anymore. None of the other websites I went to worked, so I’m really happy. Thanks so much!