XP Defender. How to remove? (Uninstall guide)

removal by Ugnius Kiguolis - -   Also known as XPDefender | Type: Rogue Antispyware
12

XP Defender is a rogue security program that reports false scan results and displays fake security alerts to convince you that your computer is infected with malware. This fake program is a clone of Vista Defender, XP Internet Security 2010 and XP Defender Pro. Once active, XP Defender will supposedly scan your computer and will additionally display a variety of infections. It will additionally claim that those security threats can be removed only with a registered version of XP Defender. Don't buy it!. This is a scam.

HOW CAN I GET INFECTED WITH XP DEFENDER?

Usually, XPDefender is promoted through the use of Trojans and fake online anti-malware scanners as well as various misleading websites. In order to trick you, these Trojans are disguised as video codecs required to view certain online videos. Once XP Defender is downloaded, it will constantly display fake security alerts. These fake alerts may appear like every minute or two. For example:

System Security Alert!
Vulnerabilities found
Background scan for security breaches has been finished. Serious problems have been detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defence.

XP Defender Firewall AlertI
explore.exe is infected with Hoax.HTML.Agent.i. Private data can be stolen by third parties, including credit card details and passwords.

This program may also try to impersonate Windows Security Center and display counterfeit notifications form Task bar claiming that anti-virus protection is disabled or that your computer is under attack. Last, but not least, XP Defender will hijack your Internet browser and redirect you to various misleading websites full of ads. You should remove this parasite from the system upon detection. Please use the removal instructions below to remove XP Defender from your computer either manually or with an automatic removal tool.

UPDATE: There is a new XP Defender's version spreading around! If you see it on your computer, the guide, which is given below, may not be working for you. Run a full system scan with Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Reimage if you see a new version of XP Defender on your computer. If you can't launch any of these programs, follow these steps:

1. Reboot your computer to Safe Mode with Networking. Just reboot your PC and, as soon as it starts booting up, start pressing F8 repeatedly.
2. Loggin as the same user as you were in normal Windows mode
3. Now click on IE or other browser and select 'Run As' or 'Run As administrator', enter your Administrator account password (if needed).
4. Enter this link to your address bar: http://www.2-spyware.com/download/hunter.exe and download a program on your desktop. Launch it to kill the malicious processes of XP Defender and remove its files.

HOW CAN I REMOVE XP DEFENDER?

1. Click Start->Run (or WinKey+R). Input: “command”. Press Enter or click OK.

2. Type “notepad” as shown in the image below and press Enter. Notepad will open.

3. Copy and past the following text into Notepad:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand]
[-HKEY_CURRENT_USERSoftwareClassessecfileshellopencommand]
[-HKEY_CLASSES_ROOT.exeshellopencommand]

[HKEY_CLASSES_ROOT.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”

[-HKEY_CLASSES_ROOTsecfile]

4. Save file as “exefix.reg” (without quotation-marks) to your Desktop.
NOTE: choose Save as type: All files

5. Double-click to open exefix.reg. Click “Yes” for Registry Editor prompt window.

6. Download STOPzilla or an automatic removal tool below. Update STOPzilla and run a full system scan.

If you can't complete the above steps then please use another PC to download an automatic removal tool and exefix.reg (Right Click (Save Target As)) to download file. Copy these files to USB flash drive or any other external media and transfer them to infected computer. Launch exefix.reg file first and then install STOPzilla.

do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove XP Defender you agree to our privacy policy and agreement of use.
Reimage is recommended to uninstall XP Defender. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing XP Defender (2012-12-20)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing XP Defender (2012-12-20)
Hitman Pro
We have tested Hitman Pro's efficiency in removing XP Defender (2012-12-20)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing XP Defender (2012-12-20)
XP Defender snapshot
XP DefenderXP Defender snapshot

XP Defender manual removal:

Kill processes:
[random].exe

Delete registry values:
HKEY_CLASSES_ROOT.exe "(Default)" = "[random]"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallpcdfdata

HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = ""%CommonAppData%pcdfdata[random].exe" /ex "%1" %*"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "pcdfsvc" = "%CommonAppData%pcdfdata[random].exe /min

Delete files:
%CommonAppData%pcdfdata

%CommonAppData%pcdfdata[random].exe

%CommonAppData%pcdfdataapp.ico

%CommonAppData%pcdfdataconfig.bin

%CommonAppData%pcdfdatadefs.bin

%CommonAppData%pcdfdatasupport.ico

%CommonAppData%pcdfdatauninst.ico

%CommonAppData%pcdfdatavl.bin

%AllUsersProfile%DesktopXP Defender.lnk

%CommonStartMenu%ProgramsXP Defender

%CommonStartMenu%ProgramsXP DefenderRemove XP Defender.lnk

%CommonStartMenu%ProgramsXP DefenderXP Defender Help and Support.lnk

%CommonStartMenu%ProgramsXP DefenderXP Defender.lnk

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

Removal guides in other languages