XP Defender virus removal

XP Defender, as you know, is a fake antispyware application that acts very aggressively. Its primary aim is to make people waste their funds. The hoax enters systems that are poorly protected or not protected at all with security applications. It additionally tunes up your system in order to be started automatically together with every system startup. The malware then runs the fake scan of your system and reports the multitude of infections that are also fake. Please do not ever purchase XP Defender, since this program will not assist you in virus removal. It can only remove “fake” infections that are invented by it. In order to get rid of XP Defender fake anti-spyware please follow the guidelines below.

XP Defender removal sequence of steps:

  1. Download the installer of GridinSoft Trojan Killer from the direct link http://trojan-killer.net/download.php from some different clean (uninfected computer), for example, available at your work or with your friends or relatives
  2. Copy the installer of GridinSoft Trojan Killer onto your USB/Flash drive
  3. Transfer the USB/Flash drive to the PC infected with Win7 Defender
  4. Copy the installer of GridinSoft Trojan Killer to the desktop of the infected PC
  5. Right-click the installer of GridinSoft Trojan Killer with your mouse and click “Run as…”. Uncheck the box “Protect my computer and data from unauthorized program activity” and click OK.
  6. Install GridinSoft Trojan Killer, make sure to uncheck the box “Start Trojan Killer” at the end of installation process
  7. Right-click the desktop icon of GridinSoft Trojan Killer with your mouse and click “Run as…”. Uncheck the box “Protect my computer and data from unauthorized program activity” and click OK.
  8. Update GridinSoft Trojan Killer, run the scan and remove all infected items found during the scan with Trojan Killer
  9. Restart your computer to apply the changes after malware removal
  10. Additionally, make sure to scan your system with Kaspersky’s TDSS Killer downloadable here.

XP Defender screenshot:

XP Defender virus

XP Defender direct removal video:

XP Defender removal tool:

XP Defender manual removal guide:

Associated iles:

%commonappdata%\pcdfdata\[rnd].exe
%comonappdataW%\pcdfdata\app.ico
%commonappdata%\pcdfdata\config.bin
%commonappdata%\pcdfdata\defs.bin
%commonappdata%\pcdfdata\support.ico
%commonappdata%\pcdfdata\uninst.ico
%commonappdata%\pcdfdata\vl.bin
%commondesktopdir%\XP Defender.lnk
%commonprograms%\XP Defender\XP Defender.lnk
%commonprograms%\XP Defender\XP Defender Help and Support.lnk
%commonprograms%\XP Defender\XP Defender.lnk

Associated registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\pcdfsvc %commonappdata%\pcdfdata\[rnd].exe /min
HKCU\Software\Classes\.exe
HKCU\Software\Classes\.exe\ [rnd_2]
HKCU\Software\Classes\.exe\Content Type application/x-m
HKCU\Software\Classes\.exe\DefaultIcon
HKCU\Software\Classes\.exe\DefaultIcon\ %1
HKCU\Software\Classes\.exe\shell
HKCU\Software\Classes\.exe\shell\open
HKCU\Software\Classes\.exe\shell\open\command
HKCU\Software\Classes\.exe\shell\open\command\ “%commonappdata%\pcdfdata\[rnd].exe” /ex “%1” %*
HKCU\Software\Classes\.exe\shell\open\command\IsolatedCommand “%1” %*
HKCU\Software\Classes\.exe\shell\runas
HKCU\Software\Classes\.exe\shell\runas\command
HKCU\Software\Classes\.exe\shell\runas\command\ “%1” %*
HKCU\Software\Classes\.exe\shell\runas\command\IsolatedCommand “%1” %*

Leave a Comment


*