XP Defender
Posted: June 18, 2008
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 9 |
| First Seen: | July 24, 2009 |
|---|---|
| Last Seen: | January 9, 2019 |
| OS(es) Affected: | Windows |
Instead of defending your PC from malware and other dangers, XP Defender is itself, a form of malware that's identified as a rogue anti-malware program. Like the other members of its family (identified by SpywareRemove.com malware experts as WinPC Defender), XP Defender displays pop-up alerts with fraudulent security information, system scans that detect nonexistent infections and even browser redirects to fake warning pages, all to make you want to purchase its registered version to remove these threats. However, the purchased version of XP Defender is just as lacking in security features as the unpurchased version, and you should use an actual anti-malware product to get rid of XP Defender for free after your computer displays any of the symptoms noted here.
XP Defender: Windows XP's Version of an Ancient Recurring Scam
XP Defender acts like an individual and reputable product that tends to your computer's overall safety and, in particular, malicious software-related attacks, but XP Defender actually has been identified as a minor variant of very similar rogue anti-malware scanners from the FakeRean family. Other fake anti-malware programs that are associated with XP Defender's family include examples like Ultimate Defender, SystemDefender, IE Defender, Advanced XP Defender, WinDefender2008, PCTotalDefender, PC Defender 2008, Personal Defender 2009, WinDefender 2009, Perfect Defender 2009, Total Defender, Malware Defender 2009, WinPC Defender, PC Privacy Defender, Smart Defender Pro, Rogue.UltimateDefender, FraudTool.LastDefender.b and Security Defender Pro 2015. Other than minor aesthetic differences, SpywareRemove.com malware researchers consider these members of FakeRean to be close to identical to each other, particularly in terms of their major malicious functions.
After being installed by any of several methods (spam e-mail links, Blackhole Exploit Kit attacks and fake online scanners are favored delivery strategies), XP Defender adds an auto-start entry to the compromised PC's Registry and launches its attacks as soon as Windows starts. Besides faking system-scanning features, XP Defender also may create multiple types of fake system alerts and pop-ups, all of which will warn you about attacks that aren't taking place, as well as malicious software that's not installed on your PC.
The major drive of XP Defender's attack plan is to make you think that buying XP Defender will save your PC from the many imaginary PC threats that XP Defender warns you about, although SpywareRemove.com malware analysts strongly discourage spending any money on XP Defender whatsoever. XP Defender also may be accompanied by other forms of malware and is especially often included alongside Trojans with downloading capabilities.
How XP Defender Lays into Your PC with Its Idea of Preemptive Defense
XP Defender's defining traits may be its fraudulent security functions, but SpywareRemove.com malware analysts also have seen reasons to be concerned over XP Defender's secondary functions, which can cripple your PC's security as XP Defender attempts to prevent itself from being removed. Such attacks can include:
- Web browser hijacks that force you to view a fake warning page in lieu of a legitimate website. XP Defender may make particular efforts to redirect your browser away from PC security-themed sites.
- Program-blocking attacks that force all other executable files to be filtered through XP Defender, which may deny them or allow them at its leisure. In most cases, XP Defender will block the other program and display a fake damage/infection alert.
- System changes that disable basic security functions, particularly the Windows Firewall, update manager and UAC.
These attacks cause your computer to be more vulnerable to attacks from other types of malware than it would be under ordinary circumstances. Consequentially, SpywareRemove.com malware experts recommend deleting XP Defender with a tried and true anti-malware program as soon as you can do so.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:XPdefender.exe
File name: XPdefender.exeSize: 1.37 MB (1376256 bytes)
MD5: d899a7ea0342fe74cc8db09edef4963d
Detection count: 82
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
XPdefender_Installer[1].exe
File name: XPdefender_Installer[1].exeSize: 164.68 KB (164685 bytes)
MD5: 946adae281b06bb971536004fa91b60e
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
9eRroX92aY.exe
File name: 9eRroX92aY.exeSize: 3.79 MB (3793862 bytes)
MD5: 88d6e030eeac28b85f1f5b87c12a0899
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
%AllUsersProfile%\Desktop\XP Defender.lnk
File name: %AllUsersProfile%\Desktop\XP Defender.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Documents and Settings%\[UserName]\Application Data\ave.exe
File name: %Documents and Settings%\[UserName]\Application Data\ave.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CommonAppData%\pcdfdata\.exe
File name: %CommonAppData%\pcdfdata\.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CommonAppData%\pcdfdata\app.ico
File name: %CommonAppData%\pcdfdata\app.icoMime Type: unknown/ico
Group: Malware file
%CommonAppData%\pcdfdata\config.bin
File name: %CommonAppData%\pcdfdata\config.binFile type: Binary File
Mime Type: unknown/bin
Group: Malware file
%CommonAppData%\pcdfdata\defs.bin
File name: %CommonAppData%\pcdfdata\defs.binFile type: Binary File
Mime Type: unknown/bin
Group: Malware file
%CommonAppData%\pcdfdata\support.ico
File name: %CommonAppData%\pcdfdata\support.icoMime Type: unknown/ico
Group: Malware file
%CommonAppData%\pcdfdata\uninst.ico
File name: %CommonAppData%\pcdfdata\uninst.icoMime Type: unknown/ico
Group: Malware file
%CommonAppData%\pcdfdata\vl.bin
File name: %CommonAppData%\pcdfdata\vl.binFile type: Binary File
Mime Type: unknown/bin
Group: Malware file
%CommonStartMenu%\Programs\XP Defender\Remove XP Defender.lnk
File name: %CommonStartMenu%\Programs\XP Defender\Remove XP Defender.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonStartMenu%\Programs\XP Defender\XP Defender Help and Support.lnk
File name: %CommonStartMenu%\Programs\XP Defender\XP Defender Help and Support.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonStartMenu%\Programs\XP Defender\XP Defender.lnk
File name: %CommonStartMenu%\Programs\XP Defender\XP Defender.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "av.exe" /START "%1? %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "av.exe" /START "firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "av.exe" /START "firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)" = "av.exe" /START "iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1?HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1?HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "ave.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "ave.exe" /START "%1" %*HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "ave.exe" /START "%1" %*HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "ave.exe" /START "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "ave.exe" /START "firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "ave.exe" /START "firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "ave.exe" /START "iexplore.exe"
Additional Information
| # | Message |
|---|---|
| 1 | System Security Alert Unknown program is scanning your system registry right now! Identity theft detected. |
| 2 | System Security Alert Vulnerabilities found Background scan for security breaches was finished. Serious issues were detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defense. |
| 3 | XP Defender Firewall Alert Iexplore.exe is infected with Hoax.HTML.Agent.i. Private data can be stolen by third parties, including credit card details and passwords. |
Related Posts
- Win7/XP Defender
- XP Defender Plus 2013
- Win 7/Vista/XP Defender 2013
- XP Defender 2013
- XP Defender 2010
if everybody knows this is a xpdefender i a scam why doesnt somebody find these people and shoot them
xpdefender just cost me two days of work, lost files, and a big headache. I ended up having to reload everything, with a somewhat old backup. How come this scam continues to be allowed ? There h as got to be a money trail, can't some Attorney Generals or BBBs do something about this ? I could never find an physical address or phone for this bunch of jerks. Likewise, I think a couple of the "fixes" that are advertised for this are also scams.
Any thoughts ?