XP Defender Pro
XP Defender Pro is a rogue anti-spyware program which uses a Trojan infection to enter the targeted system. Once active, XP Defender Pro performs fake system scans displaying bogus results. XP Defender Pro (or XPDefenderPro) bombards your computer with multiple popups or alert messages that claim the PC is infected with parasites. Hackers behind this scam use these tactics to scare computer users into purchasing a full version of XPDefenderPro. XP Defender Pro is not a malware remover. Do not give this rogue any leeway to try and trick you, instead remove XPDefenderPro using a legitimate antispyware program.
Aliases
XP Defense Pro
XP Defense 2010
XP Defense 2010
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\AppData\Local\ave.exe 2 ave.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1? %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1? %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files%\Mozilla Firefox\firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files%\Mozilla Firefox\firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%Program Files%\Internet Explorer\iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1?HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1?HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1? %*HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1? %*
Thanks for your help. I got rid of the XP Defender Pro. What a mess that is!