XP Defender is a rogue security program that reports false scan results and displays fake security alerts to convince you that your computer is infected with malware. This fake program is a clone of Vista Defender, XP Internet Security 2010 and XP Defender Pro. Once active, XP Defender will supposedly scan your computer and will additionally display a variety of infections. It will additionally claim that those security threats can be removed only with a registered version of XP Defender. Don't buy it!. This is a scam.
HOW CAN I GET INFECTED WITH XP DEFENDER?
Usually, XPDefender is promoted through the use of Trojans and fake online anti-malware scanners as well as various misleading websites. In order to trick you, these Trojans are disguised as video codecs required to view certain online videos. Once XP Defender is downloaded, it will constantly display fake security alerts. These fake alerts may appear like every minute or two. For example:
System Security Alert!
Background scan for security breaches has been finished. Serious problems have been detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defence.
XP Defender Firewall AlertI
explore.exe is infected with Hoax.HTML.Agent.i. Private data can be stolen by third parties, including credit card details and passwords.
This program may also try to impersonate Windows Security Center and display counterfeit notifications form Task bar claiming that anti-virus protection is disabled or that your computer is under attack. Last, but not least, XP Defender will hijack your Internet browser and redirect you to various misleading websites full of ads. You should remove this parasite from the system upon detection. Please use the removal instructions below to remove XP Defender from your computer either manually or with an automatic removal tool.
UPDATE: There is a new XP Defender's version spreading around! If you see it on your computer, the guide, which is given below, may not be working for you. Run a full system scan with PlumbytesWebroot SecureAnywhere AntiVirus or Reimage if you see a new version of XP Defender on your computer. If you can't launch any of these programs, follow these steps:
1. Reboot your computer to Safe Mode with Networking. Just reboot your PC and, as soon as it starts booting up, start pressing F8 repeatedly.
2. Loggin as the same user as you were in normal Windows mode
3. Now click on IE or other browser and select 'Run As' or 'Run As administrator', enter your Administrator account password (if needed).
4. Enter this link to your address bar: http://www.2-spyware.com/download/hunter.exe and download a program on your desktop. Launch it to kill the malicious processes of XP Defender and remove its files.
HOW CAN I REMOVE XP DEFENDER?
1. Click Start->Run (or WinKey+R). Input: "command". Press Enter or click OK.
2. Type "notepad" as shown in the image below and press Enter. Notepad will open.
3. Copy and past the following text into Notepad:
Related files: av.exe
4. Save file as "exefix.reg" (without quotation-marks) to your Desktop.
NOTE: choose Save as type: All files
5. Double-click to open exefix.reg. Click "Yes" for Registry Editor prompt window.
6. Download Spyware Doctor or an automatic removal tool below. Update Spyware Doctor and run a full system scan.
If you can't complete the above steps then please use another PC to download an automatic removal tool and exefix.reg (Right Click (Save Target As)) to download file. Copy these files to USB flash drive or any other external media and transfer them to infected computer. Launch exefix.reg file first and then install Spyware Doctor.
XP Defender properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background
XP Defender manual removal
Delete registry values:
HKEY_CLASSES_ROOT\.exe "(Default)" = "[random]"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = ""%CommonAppData%\pcdfdata\[random].exe" /ex "%1" %*"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "pcdfsvc" = "%CommonAppData%\pcdfdata\[random].exe /min
%CommonStartMenu%\Programs\XP Defender\Remove XP Defender.lnk
%CommonStartMenu%\Programs\XP Defender\XP Defender Help and Support.lnk
%CommonStartMenu%\Programs\XP Defender\XP Defender.lnk
Geolocation of XP Defender
Removal guides in other languages
Comments on XP Defender
Post a comment
Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.