XP Defender 2013 virus. Video removal guide.

XP Defender 2013 is a new rogue that infects more and more systems through the web nowadays. Like any other rogue this one has its main aim and it wants it to be achieved. As soon as XP Defender 2013 rogue penetrates inside your system it automatically begins to scan it and provides you with the results of the scanning. You can see in front of you a lot of threats which were supposedly found by XP Defender 2013 program. But there is an interesting thing about these threats. All of them are totally fake.

XP Defender 2013
XP Defender 2013

The victim usually sees the warning alerts with the following content.

“Attention: Danger!
Alert! System scan for spyware, adware, Trojans and viruses is complete. XP Defender 2013 detected 31 critical system objects. These security breaches may be exploited and lead to the following:
Your system becomes a target for spam and bulky, intruding ads
Browser crashes frequently and web access speed decreases
Your personal files, photos, document and passwords get stolen
Your computer is used for criminal activity behind your back
Bank details and credit card information gets disclosed”
“Click Register to register your copy of XP Defender 2013 and perform threat removal on your system. The list of infections
and vulnerabilities detected will become available after registration”

“Computer security is at risk! Your PC is still under malware attack. Dangerous programs were found to be running in the background. System
crash and identity theft are likely. Remove malware now and get real time intrusion protection?”

“System hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan”

“Security breach!
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for an anti-spyware scan”

“Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card
details and passwords. Click here to perform a security repair”

“Virus infection!
System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan”

“XP Defender 2013 ALERT
System integrity threat!
Warning! Sensitive data may be sent over your Internet connection right now!
Details Attack from 252.211.92.28 port: 20928
Attacked port: 35268
Threat: Trojan-Proxy.Win32.Agent.x
Do you want to block this attack?”

XP Defender 2013 virus creates its own fake names of differenet rogues and malwares for you to believe that your system is really infected and needs to be repaired immediately. But think twice before you pay for such rogue like XP Defender 2013. If you do the purchase you will get nothing but lost time and money. And the virus will completely achieve its goal. We have prepared the video removal guide of XP Defender 2013 virus. Follow all the steps carefully.

Video removal guide of XP Defender 2013 virus:

Removal guide of XP Defender 2013 virus:

  1. Run GridinSoft Trojan Killer:
    Click Win+R and type the direct link for the program’s downloading. http://trojan-killer.net/download.php

  2. If your PC is totally blocked and any attemps to launch the computer in such manner are in vain, use this method:
    take your USB flash drive / Memory Stick and download GridinSoft Trojan Killer installation file from this site http://trojan-killer.net/download.php and save it to your USB flash drive / Memory Stick. Get back to your infected PC and insert the USB Drive / Memory Stick into the respective USB slot.

  3. Install GridinSoft Trojan Killer. (If you have Win 7 you need to click the right mouse button on the icon, pick “Run as” and choose with administrator
    rights.If your PC is totally blocked and any attemps to launch the computer in such manner are in vain, use this method:
    take your USB flash drive / Memory Stick and download GridinSoft Trojan Killer installation file from this site http://trojan-killer.net/download.php and save it to your USB flash drive / Memory Stick. Get back to your infected PC and insert the USB Drive / Memory Stick into the respective USB slot, install and launch GridinSoft Trojan Killer.
  4. IMPORTANT!

    Don’t uncheck the Start Trojan Killer checkbox at the end of installation!

    Checkbox
    Checkbox

    Manual removal guide of XP Defender 2013 virus:

    Delete XP Defender 2013 files:

    • %LocalAppData%\[rnd_2]
    • %Temp%\[rnd_2]
    • %UserProfile%\Templates\[rnd_2]
    • %CommonApplData%\[rnd_2]

    Delete XP Defender 2013 registry entries:

    • HKEY_CURRENT_USER\Software\Classes\.exe
    • HKEY_CURRENT_USER\Software\Classes\.exe\ [rnd_0]
    • HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload
    • HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
    • HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1
    • HKEY_CURRENT_USER\Software\Classes\.exe\shell
    • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
    • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
    • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ “[rnd_1].exe” -a “%1″ %*
    • HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand “%1″ %*
    • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
    • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
    • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ “%1″ %*
    • HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand “%1″ %*
    • HKEY_CURRENT_USER\Software\Classes\[rnd_0]
    • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\ Application
    • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\Content Type application/x-msdownload
    • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\DefaultIcon
    • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\DefaultIcon\ %1
    • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell
    • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open
    • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command
    • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command\ “[rnd_1].exe” -a “%1″ %*
    • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command\IsolatedCommand “%1″ %*
    • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas
    • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command
    • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command\ “%1″ %*
    • HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command\IsolatedCommand “%1″ %*

Leave a Comment

*