XP Defender: how to remove this virus fake AV [SOLVED]

1 Star2 Stars3 Stars4 Stars5 Stars (18 votes, average: 5.00 out of 5)
loadingLoading...

XP Defender fake AV description

XP_defender_fake_av

XP Defender is not a real defender. Instead of actually protecting your PC it only imitates the traits of some security program for your computer. In Windows 7 operating system it appears as ‘Win 7 Defender

 

It can find tons of ‘threats’ even on a 100% clean PC with fresh installed Windows XP, threatening you with messages like:

ATTENTION: DANGER!

ALERT! System scan for spyware, adware, trojans and viruses has been finished. XP Defender detected 47 critical system objects. These security breaches may be exploited and lead to the following: [list of threats]

COMPUTER SECURITY AT RISK!

Your computer is still under attack.

Dangerous programs were found to be running in the background. System crash and identity theft detected. Remove malware now and get real time intrusion protection?

SYSTEM SECURITY ALERT!

Vulnerabilities found\Background scan for security breaches has been finished, Serious problems have been detected, Safeguard your system against exploits, malware and viruses right now by activating Proactive Defence

Actually, XP Defender is a representative of a family of rouge anti-virus software, like PC Defender Plus, Win 7 Defender 2013, and other.

XP Defender fake AV screenshots

XP_defender

attention_danger

system_security_alert

computer_security_at_risk

XP Defender fake AV removal

Please follow the steps of this removal guide to remove the XP Defender virus:

https://trojan-killer.net/pc-defender-virus-remove-effectively/

XP Defender fake AV Manual Clean-up

%commonappdata%\pcdfdata\[rnd].exe
%commonappdata%\pcdfdata\app.ico
%commonappdata%\pcdfdata\config.bin
%commonappdata%\pcdfdata\defs.bin
%commonappdata%\pcdfdata\support.ico
%commonappdata%\pcdfdata\uninst.ico
%commonappdata%\pcdfdata\vl.bin
%commondesktopdir%\XP Defender.lnk
%commonprograms%\XP Defender\Remove XP Defender.lnk
%commonprograms%\XP Defender\XP Defender Help and Support.lnk
%commonprograms%\XP Defender\XP Defender.lnk

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\pcdfsvc %commonappdata%\pcdfdata\[rnd].exe /min

HKCU\Software\Classes\.exe
HKCU\Software\Classes\.exe\ [rnd_2]
HKCU\Software\Classes\.exe\Content Type application/x-m
HKCU\Software\Classes\.exe\DefaultIcon
HKCU\Software\Classes\.exe\DefaultIcon\ %1
HKCU\Software\Classes\.exe\shell
HKCU\Software\Classes\.exe\shell\open
HKCU\Software\Classes\.exe\shell\open\command
HKCU\Software\Classes\.exe\shell\open\command\ “%commonappdata%\pcdfdata\[rnd].exe” /ex “%1” %*
HKCU\Software\Classes\.exe\shell\open\command\IsolatedCommand “%1” %*
HKCU\Software\Classes\.exe\shell\runas
HKCU\Software\Classes\.exe\shell\runas\command
HKCU\Software\Classes\.exe\shell\runas\command\ “%1” %*
HKCU\Software\Classes\.exe\shell\runas\command\IsolatedCommand “%1” %*

Leave a Comment

*