XP Defender virus. How to remove

XP Defender is a fake antispyware application that has in mind to scare and trick users with the wide range of faulty security reports originated by it during the fake scan of attacked system. This generation of malwares is a brand new virus family, and technical details and features of this program are very similar to those of FakeRean malware clan representatives. However, the design of this application has been changed substantially. Nevertheless, the evil motives and intentions of this utility remained unchanged. This scam still has in mind to push users into buying its fake license that is not able to render the desired level of defense against real malwares and system vulnerabilities. Hence, XP Defender is a useless program that cannot keep its promises.

XP Defender virus

XP Defender acts pretty much like all other rogue anti-spyware programs. It doesn’t use legitimate methods of entering your workstation. The installation of this malware may take place after users are required to download some video codec supposedly necessary for viewing some online videos. However, there might be various other methods of illegal entry of this malware into your system. Whatever the case might be, XP Defender will never warn users about its exact installation. The hoax appears on the compromised machine immediately, unexpectedly and unpredictably.

While XP Defender is being installed without user’s approval the scam also modifies your system in order to be launched automatically together with every system startup. This means that as soon as you turn your computer on this scam will appear and will immediately begin imitating “defending” of your machine. The fake system scan is initiated each time you turn your computer on. Immediately after the scan is completed the program gives a long report about fake viruses, infections and threats supposedly identified by it. The only reason why such faulty information is presented is because the malware plans to actually persuade you to buy its fake and helpless license, which is not able to remove real threats from your computer.

Buying XP Defender scam is therefore a serious mistake. The only right solution in this case is to get rid of it using certain powerful security program. It is also a good idea to first restart your computer into safe mode with networking, in order to facilitate the removal process and avoid all kinds of blockages on the part of XP Defender virus that prevent your attempts to uninstall it. Below please find our simple and clear malware removal instructions that explain very well how XP Defender fake antivirus can be removed from your system with the help of GridinSoft Trojan Killer.


XP Defender removal tool:

XP Defender similar removal video:

XP Defender manual removal guide:

Associated iles:

%commonappdata%\pcdfdata\[rnd].exe
%comonappdataW%\pcdfdata\app.ico
%commonappdata%\pcdfdata\config.bin
%commonappdata%\pcdfdata\defs.bin
%commonappdata%\pcdfdata\support.ico
%commonappdata%\pcdfdata\uninst.ico
%commonappdata%\pcdfdata\vl.bin
%commondesktopdir%\XP Defender.lnk
%commonprograms%\XP Defender\XP Defender.lnk
%commonprograms%\XP Defender\XP Defender Help and Support.lnk
%commonprograms%\XP Defender\XP Defender.lnk

Associated registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\pcdfsvc %commonappdata%\pcdfdata\[rnd].exe /min
HKCU\Software\Classes\.exe
HKCU\Software\Classes\.exe\ [rnd_2]
HKCU\Software\Classes\.exe\Content Type application/x-m
HKCU\Software\Classes\.exe\DefaultIcon
HKCU\Software\Classes\.exe\DefaultIcon\ %1
HKCU\Software\Classes\.exe\shell
HKCU\Software\Classes\.exe\shell\open
HKCU\Software\Classes\.exe\shell\open\command
HKCU\Software\Classes\.exe\shell\open\command\ “%commonappdata%\pcdfdata\[rnd].exe” /ex “%1” %*
HKCU\Software\Classes\.exe\shell\open\command\IsolatedCommand “%1” %*
HKCU\Software\Classes\.exe\shell\runas
HKCU\Software\Classes\.exe\shell\runas\command
HKCU\Software\Classes\.exe\shell\runas\command\ “%1” %*
HKCU\Software\Classes\.exe\shell\runas\command\IsolatedCommand “%1” %*

Leave a Comment


*