XP Defender Pro is new clone of XP Internet Security 2010, which is a rogue antispyware program.

more info on this virus at

http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=242x30877

I know so many people that put a fake anti-virus program on their computers not knowing that the program itself is a virus. Most of the time it's youngins that download stuff from limewire all the time.

And I love malwarebytes BTW, I use that for scanning the computer more than Avast!

Thank goodness...

Is to use one or two reputable anti-virus programs, and never toutch anything else! But yeah in your case, the name of that program nearly fooled you for a moment.

If this is written the same as the previous versions, people should be aware that any action, including clicking the cancel button, or closing the pop-up window, will start the download process for this bug. If you happen to have this window pop-up while you are browsing, the safest thing to do is just a hard shutdown of the computer. For most new pc's just hold down the power button until the computer turns completely off.

I had my PC on..stepped away for a mintue and there were allt hese screaming warnings and alerts and lists of Trojans and viruses and crap.

I had no idea where it all came from. Still do not know how it got on my machine. I NEVER download anything unless I know where it came from....but obviously that is not enough

My husband didn't believe that I didn't click on SOMETHING but I didn't even close a pop-up, not by hitting the X in the corner, not by hitting "close," nothing; I turned off my computer right away, which has usually done the trick in the past. (Even the NY Times got hacked a few months ago so visitors got a virus pop-up; a similar thing had popped up occasionally over the previous year and turning off the computer had always worked before.) This time, even though I didn't click on anything, I still got a virus, and when he looked it up, he found that I was without sin :) and that you don't need to click on anything to get this one.

In a nutshell, a browser based Java applet generates a popup window that appears almost indistinguishable from a regular application window. It doesn't look like a browser popup, but it is. The application then precaches several applications, including a trojan exe file, into your cache folder. When you click any buttons on the window, the exe is activated and a stealth installer inserts itself into your system.

All of those screaming warnings are actually a part of the virus itself, designed to freak you out so you'll click on it.

The brilliant thing about this particular attack is that it actually doesn't exploit a security hole, but instead relies on user gullability. This particular attack works on all Windows browsers, but would also work on Mac or even Linux if the writers wanted to target those platforms. The application "plays by the rules" in the sense that it limits itself to acting as a safe browser process until the user activates the program locally on their system. It's a social engineering hack more than a computer hack.

The virus is capable of popping up without actually installing itself on the system, and can't initiate that installation until you click on it. If you are running IE8 with Protected Mode on (and ALL IE users should be running IE8 with Protected Mode at this point), the virus CANNOT install itself until you interact with it.

So...

When the virus window pops up, right click on your Task Bar and choose Start Task Manager. Highlight every instance of iexplore.exe and click End Process. Now reopen IE, click Safety, and Delete Browsing History (to clear the cached version of the installer from your temp folder). Because the virus is initially running as an Internet Explorer web application, killing IE will kill the virus. It's incredibly important that this be done before clicking ANYTHING else though. Once you click on the window and the virus installs itself, you will need to go through the full removal procedure.

The procedure is much the same for Firefox users (and no, Firefox isn't immune to this particular attack).

Powering down the computer accomplishes the same thing, but performing a hard shutdown is never recommended if there are other options.

susceptible as well.

Restart in safe mode without networking. If you have previously installed either CCleaner or Hijack this (here are their websites, both free by the way http://www.piriform.com/ccleaner/download
http://free.antivirus.com/hijackthis/ )

when the system starts in safe mode, fire up either one of these puppies. What you will find will be in the start up menu tool listed in the c:\user (you)\application data tree is a file with random numbers with a .exe multiple times waiting to be loaded when you start the computer. By deleting those start commands you will prevent them from reloading the next time you restart. Then you can delete the folders and restart, running malwarebytes or A-Squared or Super Anti-Spyware to get rid of registry entries.


Done it on a half a dozen computers at work over the past month or so.


ALSO, IF IT STARTS, KEEP HITTING CTRL AND F4 AT THE SAME TIME TO STOP IT THEN YOU CAN DELETE THE FILES YOU FIND VIA CCLEANER OR HIJACKTHIS

I use my IT knowledge to download trusted and proven software.

Many of them I know I can get for free if a little time of research is done.

:thumbsup: :hi: