How to remove XP Defender
Monday, March 29th, 2010 at 5:59 amHome » Rogue Antispyware » XP Defender
XP Defender description
XP Defender annoys its victims with numerous fake security alerts till they decide to buy the program. Purchasing XPDefender doesn’t change a thing since XP Defender is designed to load pop-ups but it’s not able to function as a security program. XP Defender may look like it was made by the Microsoft Corp.; keep in mind that it’s a scam. XP Defender may also present itself as XP Defender Pro.
XP Defender pretends to be a functional tool by displaying scan reports and infection warnings. The real functions of XPDefender are blocking antispyware programs and redirecting web browser to deceptive sources.
Here are some examples of the counterfeit alerts loaded by XP Defender:
Severe system damage!
Spyware and viruses detected in the background. Sensitive system components under attack! Data loss, identity theft and system corruption are possible. Act now, click here for a free security scan.
XP Defender ALERT
System integrity threat!
Warning! Sensitive data may be sent over your internet connection right now!
Details
Attack from: 235.91.44.40 port: 6301
Attacked port: 4637
Threat: Macro.PPoint.ShapeShift
Do you want to block this attack?
Get rid of XP Defender
XP Defender is a Rogue Antispyware software
How to manually remove XP Defender
To remove XP Defender spyware you must block XP Defender sites, stop and remove processes, unregister DLL files, search and delete all other XP Defender files and registry utility. Follow the XP Defender detection and removal instructions below.
The most typical software removal method is to remove XP Defender by using "Add or Remove Programs" service. However there may be hidden XP Defender files, running processes and registries in your computer, so XP Defender may recreate all other files after reboot.
XP Defender manual removal instructions
Block XP Defender sites:
bestpathsecurity.com
Read more how to block XP Defender sites
Stop and remove XP Defender processes:
ave.exe
Read more how to kill XP Defender processes
Locate and delete XP Defender registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\secfile\shell
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = "%AppData%\ave.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = "%1" %*
HKEY_CURRENT_USER\Software\Classes\.exe | @ = "secfile"
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = "application/x-msdownload"
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = "%AppData%\ave.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = "%1" %*
Read more how to delete XP Defender registry entries
Download RegistryBooster 2010 to scan errors caused by XP Defender
Detect and delete other XP Defender files:
%AppData%\ave.exe
We strongly recommend you to use spyware remover to track XP Defender and automaticaly remove XP Defender processes, registries and files as well as other spyware threats.
XP Defender
Trackbacks
Leave a Reply
Subscribe
Search
Categories
- Adware
- Backdoor
- Browser Helper Object
- Browser Hijacker
- Fake warning messages
- Keylogger
- Malicious domains
- Remote Administration Tool (RAT)
- Rogue Antispyware
- Tracking Cookie
- Trojan
- Worm
Latest spyware threats
- Windows 7 Antispyware 2012
- WinMaximizer
- Slow-PCFighter
- AV Security Essentials
- Smart Anti-Malware Protection
- Internet Security
- PC Clean Pro
- Windows Vista Antivirus 2012
- Malware Protection Center
- Antivirus Smart Protection
- Internet Security 2012
- Smart Internet Protection 2012
- Smart Protection 2012
- Internet Security Guard
- Home Security Essentials
Recently commented
- Antivirmore.com
- Webantispy.com
- Antivirsword.com
- Internet Security
- Security Shield 2011
- Net Protector AntiVirus 2010
- Internet Security Guard
- Vista Antivirus 2012
- Vista Home Security 2012
- Win 7 Anti-Virus 2011
- Vista Antispyware 2012
Malicious domains
- iCityFind
- Antivirsword.com
- Webantispy.com
- Antivirmore.com
- Antivirglass.com
- Oksave9.co.cc
- Smartsecadv.com
- AV-look.com
- Profantivir.com
- Customwebblacklist.com
Fake warning messages
- Kaspersky Internet Security 2011 Enhanced Protection Mode
- Comodo Enhanced Protection Mode
- Microsoft Security Essentials Enhanced Protection Mode
- McAfee Enhanced Protection Mode
- Norton Antivirus Enhanced Protection Mode
- ESET Smart Security Enhanced Protection Mode
- Microsoft Defender Enhanced Protection Mode
- Avast Enhanced Protection Mode
- Fake “Windows – No Disk” alert
- “Low Disk Space” counterfeit warning
Tutorials
- Contact Us
- How to block malicious websites using HOSTS file?
- How to delete registry entries?
- How to download and install Spyware Doctor
- How to kill malicious processes?
- How to recognize a rogue security program?
- How to recognize a rogue website?
- How to unregister DLL files?
- Signs of browser hijacker infection
Archive
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
April 2nd, 2010 at 2:33 am
The problem I am having, it tends to interrupt any type of action I want to do and I cannot open any browser to do anything (on my main pc).. Any suggestions?
Reply
Kevin Vilianos Reply:
April 5th, 2010 at 3:01 am
You can try booting in Safe Mode (Press f8 during bootup) and from there start the task manager as soon as possible. Kill the ave.exe process and try to use your computer to remove it from there.
Reply
Robert Reply:
April 8th, 2010 at 11:57 am
instead of clicking on an object, right click and open in new tab.
it worked for me
Reply