Home Malware Programs Rogue Anti-Virus Programs XP Defender 2010

XP Defender 2010

Posted: April 9, 2010

XP Defender 2010 is a rogue antivirus program that reports false threats and displays fake security alerts on your PC. XPDefender2010 does this to convince you that the system is infected with malware. XP Defender 2010 is promoted and installed through the use of Trojans and may come with other malicious software. XPDefender2010 is part of a blatant scam used to con you into paying for removal of infections which don't exist. Remove XP Defender 2010 and all associated threats using an updated antivirus program.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AppData%\ave.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exeHKEY_CURRENT_USER\Software\Classes\.exe | @ = "secfile"HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = "application/x-msdownload"HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIconHKEY_CURRENT_USER\Software\Classes\.exe\shellHKEY_CURRENT_USER\Software\Classes\.exe\shell\openHKEY_CURRENT_USER\Software\Classes\.exe\shell\open\commandHKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = "%AppData%\ave.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = "%1" %*HKEY_CURRENT_USER\Software\Classes\.exe\shell\runasHKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\commandHKEY_CURRENT_USER\Software\Classes\.exe\shell\startHKEY_CURRENT_USER\Software\Classes\.exe\shell\start\commandHKEY_CURRENT_USER\Software\Classes\secfileHKEY_CURRENT_USER\Software\Classes\secfile\DefaultIconHKEY_CURRENT_USER\Software\Classes\secfile\shellHKEY_CURRENT_USER\Software\Classes\secfile\shell\openHKEY_CURRENT_USER\Software\Classes\secfile\shell\open\commandHKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = "%AppData%\ave.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = "%1" %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\runasHKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\commandHKEY_CURRENT_USER\Software\Classes\secfile\shell\startHKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
Loading...