Home Malware Programs Rogue Anti-Spyware Programs XP Defender Pro

XP Defender Pro

Posted: March 18, 2010

XP Defender Pro is a rogue anti-spyware program which uses a Trojan infection to enter the targeted system. Once active, XP Defender Pro performs fake system scans displaying bogus results. XP Defender Pro (or XPDefenderPro) bombards your computer with multiple popups or alert messages that claim the PC is infected with parasites. Hackers behind this scam use these tactics to scare computer users into purchasing a full version of XPDefenderPro. XP Defender Pro is not a malware remover. Do not give this rogue any leeway to try and trick you, instead remove XPDefenderPro using a legitimate antispyware program.

Aliases

XP Defense Pro
XP Defense 2010

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\AppData\Local\ave.exe
    2 ave.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1? %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1? %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files%\Internet Explorer\iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1?HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1?HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1? %*HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1? %*

One Comment

  • Roger O\'Brien says:
    March 19, 2010 at 3:29 pm

    Thanks for your help. I got rid of the XP Defender Pro. What a mess that is!

Loading...