Severity scale  
  (68/100)

XP Defender. How to Remove? (Uninstall Guide)

removal by - -   Also known as XPDefender | Type: Rogue Antispyware
12

XP Defender is a rogue security program that reports false scan results and displays fake security alerts to convince you that your computer is infected with malware. This fake program is a clone of Vista Defender, XP Internet Security 2010 and XP Defender Pro. Once active, XP Defender will supposedly scan your computer and will additionally display a variety of infections. It will additionally claim that those security threats can be removed only with a registered version of XP Defender. Don't buy it!. This is a scam.

HOW CAN I GET INFECTED WITH XP DEFENDER?

Usually, XPDefender is promoted through the use of Trojans and fake online anti-malware scanners as well as various misleading websites. In order to trick you, these Trojans are disguised as video codecs required to view certain online videos. Once XP Defender is downloaded, it will constantly display fake security alerts. These fake alerts may appear like every minute or two. For example:

System Security Alert!
Vulnerabilities found
Background scan for security breaches has been finished. Serious problems have been detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defence.

XP Defender Firewall AlertI
explore.exe is infected with Hoax.HTML.Agent.i. Private data can be stolen by third parties, including credit card details and passwords.

This program may also try to impersonate Windows Security Center and display counterfeit notifications form Task bar claiming that anti-virus protection is disabled or that your computer is under attack. Last, but not least, XP Defender will hijack your Internet browser and redirect you to various misleading websites full of ads. You should remove this parasite from the system upon detection. Please use the removal instructions below to remove XP Defender from your computer either manually or with an automatic removal tool.

UPDATE: There is a new XP Defender's version spreading around! If you see it on your computer, the guide, which is given below, may not be working for you. Run a full system scan with PlumbytesWebroot SecureAnywhere AntiVirus or Reimage if you see a new version of XP Defender on your computer. If you can't launch any of these programs, follow these steps:

1. Reboot your computer to Safe Mode with Networking. Just reboot your PC and, as soon as it starts booting up, start pressing F8 repeatedly.
2. Loggin as the same user as you were in normal Windows mode
3. Now click on IE or other browser and select 'Run As' or 'Run As administrator', enter your Administrator account password (if needed).
4. Enter this link to your address bar: http://www.2-spyware.com/download/hunter.exe and download a program on your desktop. Launch it to kill the malicious processes of XP Defender and remove its files.

HOW CAN I REMOVE XP DEFENDER?

1. Click Start->Run (or WinKey+R). Input: "command". Press Enter or click OK.


2. Type "notepad" as shown in the image below and press Enter. Notepad will open.


3. Copy and past the following text into Notepad:


Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand]
[-HKEY_CURRENT_USERSoftwareClassessecfileshellopencommand]
[-HKEY_CLASSES_ROOT.exeshellopencommand]

[HKEY_CLASSES_ROOT.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOTsecfile]


4. Save file as "exefix.reg" (without quotation-marks) to your Desktop.
NOTE: choose Save as type: All files


5. Double-click to open exefix.reg. Click "Yes" for Registry Editor prompt window.

6. Download Spyware Doctor or an automatic removal tool below. Update Spyware Doctor and run a full system scan.

If you can't complete the above steps then please use another PC to download an automatic removal tool and exefix.reg (Right Click (Save Target As)) to download file. Copy these files to USB flash drive or any other external media and transfer them to infected computer. Launch exefix.reg file first and then install Spyware Doctor.

Related files: av.exe

XP Defender properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall XP Defender. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall XP Defender. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
STOPzilla
Tested and Confirmed! STOPzilla removes XP Defender (2012-12-20 02:46:33)
Malwarebytes Anti Malware
Tested and Confirmed! Malwarebytes Anti Malware removes XP Defender (2012-12-20 02:46:33)
Plumbytes
We are testing Plumbytes's efficiency (2012-12-20 02:46)
Hitman Pro
STOPzilla
Tested and Confirmed! STOPzilla removes XP Defender (2012-12-20 02:46:33)
Malwarebytes Anti Malware
Tested and Confirmed! Malwarebytes Anti Malware removes XP Defender (2012-12-20 02:46:33)
Webroot SecureAnywhere AntiVirus
XP Defender screenshot

XP Defender manual removal

Kill processes:
[random].exe
Delete registry values:
HKEY_CLASSES_ROOT\.exe "(Default)" = "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pcdfdata
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = ""%CommonAppData%\pcdfdata\[random].exe" /ex "%1" %*"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "pcdfsvc" = "%CommonAppData%\pcdfdata\[random].exe /min
Delete files:
%CommonAppData%\pcdfdata\
%CommonAppData%\pcdfdata\[random].exe
%CommonAppData%\pcdfdata\app.ico
%CommonAppData%\pcdfdata\config.bin
%CommonAppData%\pcdfdata\defs.bin
%CommonAppData%\pcdfdata\support.ico
%CommonAppData%\pcdfdata\uninst.ico
%CommonAppData%\pcdfdata\vl.bin
%AllUsersProfile%\Desktop\XP Defender.lnk
%CommonStartMenu%\Programs\XP Defender\
%CommonStartMenu%\Programs\XP Defender\Remove XP Defender.lnk
%CommonStartMenu%\Programs\XP Defender\XP Defender Help and Support.lnk
%CommonStartMenu%\Programs\XP Defender\XP Defender.lnk

Geolocation of XP Defender

Map reveals the prevalence of XP Defender. Countries and regions that have been affected the most are: United States, Canada, Netherlands, Italy and United Kingdom.

Removal guides in other languages


Information updated:

Comments on XP Defender

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)