XP Defender Pro (also known under the names XPDefenderPro, XP DefenderPro or XPDefender Pro) is not a legitimate anti-spyware which can be trusted. Xp Defender Pro is inventively designed to use ave.exe executable which launches the malware instead of any other process user starts. However, additionally program applies the same bored methods trying to sell its commercial variant, so pay your attention to the symptoms written below to notice any malicious activity of XP Defender Pro.
Xp Defender Pro appears on the desktop with its fake system scanners and bogus security warnings trying to make people worried about their PCs security. Xp Defender Pro displays numerous boring pop-up ads and also redirects its victims to its affiliated malicious domains. The reaction expected from its victims’ is to make them start thinking about how these “detected” viruses can be stopped. Of course, the program offers for its victims to purchase the “full” its variant which is promised to fix everything. Do NOT spend your money on this badware because it is useless just as the trialware of XP Defender Pro.
In fact, having XP Defender Pro is quite dangerous because program usually makes system performance malfunction, dramatically slows computer, not mentioning the Internet connection troubles. Keep in mind that this malware neither performs real scans nor announces real threats “detected”. It only pretends to check the compromised computer for viruses, so keeping it on your computer is useless. It should be clear that after being found installed on your PC, XP Defender Pro must be removed as soon as possible. So remove XP Defender Pro before it goes further and totally disrupts your system.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
After following the instructions above, the spyware was successfully removed. Only some of the indicated registry entries were present. However, on the system I was working with, the .exe file type association was also damaged and had to be re-created.
Symptoms:
After initially stopping the .ave process and using (then closing) RegEdit to make registry changes, the system would no longer run regedit. The system instead popped a Windows system error that there was no file type associated with the extension when attempting to run RegEdit. Other programs also would not run, such as FireFox and Internet Explorer, with the same error message on attempts.
Action:
System reboot did not change symptoms. I had to re-create the file type association by opening the My Documents folder and selecting (from the menu bar): Tools/ Folder Options
Select the tab for File Types
EXE is not present in the list; select New.
In the File Extension box, type EXE, then click Advanced
In the Associated File Type drop-down box, scroll down and select “Application”
Click OK
A warning message pops up asking if you are sure; click OK again.
Test:
Internet Explorer, RegEdit, and Mozilla started successfully, no other system issues noted in normal operations over the next hour or so. I will endeavor to update this comment if the test proves false and XP Defender Pro, or any other malicious program, makes a reappearance.
To be safe, I ran a hard drive search for ave.exe; in one of the internet folders there was a file called ave.exe.pf- I deleted this.
Then ran a search in the registry (HEED ALL WARNINGS ABOUT BEING CAREFUL IN THE REGISTRY- YOU CAN DO IRREPARABLE SYSTEM DAMAGE HERE AND YOU ARE OPERATING AT YOUR OWN RISK).
Use the Find/ Find Next dialog to search for ave.exe
I did find one other entry with a value referencing ave.exe and deleted that entry. Regrettably, I did not note the specific key.
Restarted computer to force registry reload.
I did not have any additional problems with this abortion of a program (yet).
The user, a person whom I believe should know better than to install stray software and whom I believe was not lying to me, indicated XP Defender Pro installed itself while said user was engaged in other website browsing, with no permission requests, no anti-virus warnings, and no anti-spyware notifications prior to the XP Defender Pro popups starting. So, don’t be too hard on your users (but check their browsing history, because the source will probably be obvious and some counseling or other action might be necessary).
On a personal note, the asshat that wrote XP Defender Pro should be put in a glass box with fire ants and fed/ watered through a tube until he’s a skeleton. Hopefully it will take a very, very long time. Good luck to anyone who is up against this piece of work.
Thank you to http://www.2-viruses.com for a solid procedure on eliminating this particular nuisance.
Just wanted to thank 2-viruses.com. The removal instructions actually helped. Thanks.
And another thanks to Steve Rozick. After removal, I had the same exact problem with the EXE missing from the File Types. But you’re instructions helped me back to recovery. Thanks man.
Thanks a ton, I am not a techie, and in fact went to college to avoid a desk and computer, but I was able to follow the directions on this site to the T. Windows Defender XP has been successfully removed, and I was able to add back the .exe file. So far it is running smoothly. Now if only contacting any computer support company was this easy.
Thanks a bunch, the instructions really worked and now my system is not popping up that annoying xp defender screens. It was very helpful. I appreciate the effort of everyone involved in this.
Thanks man, I’ve not seen a malware bug this bad in some years! I also had to manually search for “AVE.EXE” in the registry and rebuild the EXE extension on the infected computer. Hopefully more applications come out to deal with this thing!
Have the xp defender pro and can’t get on internet explorer to download fix . Get internet expl,orer page saying internet explorer alert. Any ideas
John
Is this program legitimate?
Thanks to http://www.2-viruses.com and to Steve Rozick.
I had the same pattern, and the instructions were extremely useful.
I consider this virus to be a surprise of the the April Fool’s Day.
Bryan: XP Defender Pro is not legitimate.
I recommend Avast, Avira, Nod32, Kaspersky as antiviruses and full versions of Malwarebytes/spyware doctor as antimalware for PC protection.
In order to avoid problems with executable files following need to be changed in removal procedure:
Instead of Removing:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\ave.exe” /START “%1? %*
It need to be edited. Double click on string “(Default)” = “%UserProfile%\Local Settings\Application Data\ave.exe” /START “%1? %*
replace it with “%1” %*
make sure you type quotation marks and space after “%1”
@Steve Rozick
See my comments about executable problem
Thanks for the instructions guys. Followed all the steps, thenused Steve Rozick’s instructions to restore EXE extension. Worked like a charm. I have the same feelings about the XP Pro Defender maker.
Thanks for the info, it worked like a charm! Note however that, as of 4/4/2010, the executable name has been changed to vma.exe. All the removal tips still work though.
After deleting the malicious registry entries, I was able to get rid of XP Defender Pro. I had the same problem getting my executable to work and Steve’s advice helped, but NOT for all my programs.
I can’t get IE to work. Any advice?
–Dave
XP Defender was a nightmare in waiting. Either way, I thought I was destined for the local PC-Fixit shop to get rid of it. Then I hopped on this website, and found the Fix.reg solution and then the .exe rebuild that Steve came up with. So far, so good. Going to bite the bullet and purchase a fully registered version of MalwareBytes which I hope is as good as Spyware Doctor. I typically don’t like to curse however all I can say is Steve Rozick you are the s&%t. Well done.
@Dave Smith
I had the same problem after the .exe rebuild that Steve came up with. I found my way over to the startup folder and found the IE shortcut symbol, clicked on it and IE came right up. This make work for you, I don’t know.
Instructions worked great,Thanks. Nasty little thing. And thanks to Tara as well…the .exe on my machine was indeed vma.exe.
@Eugene
Thanks Eugene. I was able to make the changes you suggested to the registry without blowing up my .exe functionality. Much appreciated.
-Lance
Thnx for the advice. I was able to remove it successfully. I still don’t know how it got past McAfee Security Center though. I was able to remove but now I can’t update my virus definition files for McAfee. It won’t connect to the website. I can ping it and access http://www.mcafee.com fine, but can’t do any updates. I thought I’d try to also download the real Defender from Microsoft but can’t connect to that site either. Do I still have some remnants of the virus that prevent me from updating my antivirus program or from downloading any anti spam program??? HELP!
Excellent walkthrough. Except for the association issue (which, thanks to Steve, was quickly resolved), everything was simple and straightforward. Thanks!
UPDATE: I removed McAfee and installed AVAST. While I was installing it, the ‘ave.exe” process resuscitated and I immediately killed it. This allowed me to finish the install. I tried to run and UPDATE and got the same results, “Error connecting to server”. Now I now it definitely blocks any type of antivirus updates. Help me out guys. What could be blocking this?
Juan : Check proxy server information and hosts file… They must be corrupted and thats the cause for avast to be blocked.
I’m stuck!! I need to remove xp security but it’s preventing me from opening up a web page? Any ideas how to get round this?! How can I download software to fix it if I can’t get online?!
Please help!
V
Thnx for the tip admin!
This damned thing changes your c:\windows\system32\drivers\etc\hosts file to prevent you from getting on line to download or update any type of antivirus program. You can set the hosts file back to default by going here
http://support.microsoft.com/kb/972034#LetMeFixItMyselfAlways
GOOD LUCK EVERYONE!
The other ave.exe entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
HKEY_USERS\S-1-5-21-2006566974-2856….-1006\Software\Microsoft\Search Assistant\ACMru\5603
@Steve Rozick
Steve, thank you so much for that comment.
I used to be an IT guy but got out of it for cars and so I’ve been out of the loop since early 2005 and have forgotten a lot. I ended up with the same association damage and have been going nuts trying to work about it. You probably just saved me another week of hair pulling at the end of my final semester in school when I don’t have time for my computer to be broken.
checked host files they were fine made a new one just incase got rid of all reg associated with ave.exe / vma.exe also went on other sites and found all reg problems possible did everything listed on this site but am still not able to connect to the internet ran internet diagnostics
network location detection
info Using Home Internet connection
Network adapter identification
error failed with error 0x80070422:the service cannot be started, either because it is disabled or because it has no enabled devices associated with it
all other lines just say error 12007 ect
any ideas?
thanx steve you are my hero !!!!!
thanks alot to 2-viruses.com and steve , you are heros
Hats off to 2-viruses.com and Steve for the solution to XP Defender Pro virus problem. Your solutions worked just fine.
Regards
thanks, thanks a lot. all is clean now. just little thing, when you create an association to exe file (for XP)you can’t select application and XP tells you an existing association is still present. clear it and make a new one. quit ; your exe files does’nt run more. go again in association file and delete exe file. all runs now. you have to reeboot to have again the goods icons.
sorry for my poor english.
regards from France
It took me over 8 hours to fix this one. after i did all the things you described it still came back. over and over again. Even after i deleted all the startup items of Windows XP.
I just found a simple an secure solution. i installed CCleaner and Malwarebytes both are free product and really solved this problem for me. Just run the scan and reset. This is not an advertisement for one of these progs, it really helped me fixing this one.
Thnx for the help guys,
P
oh yes and i renamed the setup files so i thought…it would stop it…not…i see no recourse but to reformat and i wish there wqas another way….believe me….
I made the mistake in ordering Pro defender on line and it has been hell. They took the money but could not download it and when I called their support team they could not also!! So I called the bank and I am in the process of trying to get the money back. I will get a lawyer also if I have to. DON’T, DON’T BUY DENFENDER PRO. It is a big ripe off.
this site was completely usless for removing defender pro from my system.. thanks for nothing
@earl
i think that spywaredoctor set this program up so you have to buy their weak and usless product..
Earl: I think you write without thinking. SD (full version, not antivirus one) scores really well in independent tests.