XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010

Updated: October 28, 2011 Rogue 0 Comment

XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010 may look like a legit security program created for Windows XP operating system. However, security experts already categorized these programs as rogue. The category includes any computer program that pretends to be useful, where in fact the sole purpose is to mislead users into paying for the full version of the software.

XP Antivirus Pro can trick users in so many ways. One of this is by producing virus scan results that shows manufactured presence of infection. An imaginary threat displayed after the virus scan of XP Antivirus Pro aims on deceiving users. To remind victim about security risks, this virus will constantly display numerous pop-up alerts. This action will lead user into purchasing of the registered version of XP Antivirus Pro.

For a number of occasions while this malware is still inside the computer, XP Antivirus Pro insists to register the product before it can remove any detected threats. In fact, you must eliminate the rogue program first by having a legit and effective solution. Continue browsing to lower part of this page for a recommended removal tool. Follow the procedure to remove XP Antivirus Pro and all of its associated files.

Screen Shot Image:

Image of XP Antivirus Pro

Antispyware XP Image

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Characteristics (Analysis)
XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010 are rogue programs. Unlike Trojans and viruses, rogue anti-virus program will not replicate on itself once loaded inside the PC. These unwanted application typically spreads over the Internet is several methods including fake online virus scanner, bogus multimedia web sites, file-sharing networks, shareware and cracked programs.

When the main executable file is launch, rogue anti-virus instantly alters system settings. Modifications to Internet browser may result to browser redirects that hijack any requested web addresses. Lastly, it will alter registry and create the following entry to run the program when Windows starts.
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\ave.exe” /START “%1″ %*

[cf]regis[/cf] [cf]files[/cf]

How to Remove XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010

This guide requires a tool called Malwarebytes' Anti-Malware. It is a free tool designed to eradicate various computer infections. MBAM scanner is distributed for free.

Boot Windows in Safe Mode With Networking

1. First thing to do is to reboot the computer in Safe Mode with Networking to avoid XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010 from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Please select Safe Mode with Networking.
- Windows will now start in Safe Mode.

Remove XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010 with MalwareBytes' Anti-Malware

2. Download removal tool from this page and save it on your Desktop or any location on your PC.
3. When finish downloading, double-click on the file to install the application.
4. Follow the prompts and install with default configuration.
5. Before the installation completes, you need to update the database.

6. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
7. When finished updating, the tool will run. Select Perform full scan on main screen to check your computer thoroughly.
8. When scanning is finished click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010.
10. Restart your computer.

Note: If XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010 prevents mbam-setup.exe from downloading. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.

Alternative Removal Method for XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010

Option 1 : Use Windows System Restore to return Windows to previous state

If XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010 enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010 infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

Option 2 : XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010 manual uninstall guide

IMPORTANT! Manual removal of XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010 requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010 files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

Associated Files and Folders:Added Registry Entries:

HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKLM\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKLM\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKCU\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKCU\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKCR\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKCR\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKCU\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKCU\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKCR\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKCR\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*

Comments and Suggestions

On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to XP Antivirus Pro, XP AntiMalware 2010, Antispyware XP, XP Defense 2010 and XP Security 2010 payment refund or lost serial key, kindly check the FAQ for rogue program first.