XP Defender 2013 removal tips

XP Defender 2013 is a form of a rogue antivirus program, which includes Win7 Defender 2013 and Vista Defender 2013. It imitates a real security program – it pretends to scan your computer for security infections and after the imaginary scan this bogus software generates a fake list of supposedly detected security threats. All of the processes which imitates a legitimate security program are displayed with a purpose of tricking unsuspecting PC users into purchasing a licence key for XP Defender 2013. This malicious software originates from a family of fake antivirus programs called Braviax, previously released rogue programs from this family were named Win7 Security 2012, Win7 Antivirus 2012 and many other. This family or rogues were inactive for about 6 months, but apparently Cyber criminals decided to renew the development and distribution or fake antivirus programs from this family.

XP Defender 2013 rogue removal:

Step 1. Download removal software

To download Trojan Killer from the infected machine, press [Win]+R (or click Start then click Run). In the dialog window that appears type ‘http://trojan-removal-guide.com/trojankiller.php’ and press ENTER.

XP Defender 2013 will generate fake warning after pressing ENTER. Please ignore it and click “No, stay unprotected (Not recommended)”. File download dialog will appear saying you are downloading file trojan_killer-setup.exe. Click Save, wait for download to finish.

If download does not start, you should download the installation file using this link on other computer and use a USB flash drive to move it to the infected PC. Step 2. Install Trojan Killer

To run the installation, right-click the file you’ve just downloaded, and choose Run as. In the dialog window that appeared uncheck the checkbox as displayed below:

Important! Don’t uncheck the ‘Start Trojan Killer’ checkbox at the end of installation!

Step 3. Remove the XP Defender 2013 files and fix the system

In the window that appeared click ‘Start scan’ and let the Trojan Killer program do its job. Unlike other anti-malware programs, it will not only remove the virus files. It will fix all the aftermathes of Win7 Defethe Windows Registry entries, fix Proxy Server settings and restore the ‘hosts’.

Technical Details

Registry entries, created or modified by XP Defender 2013: HKEY_CURRENT_USER\Software\Classes\.exe HKEY_CURRENT_USER\Software\Classes\.exe\ [rnd_0] HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1 HKEY_CURRENT_USER\Software\Classes\.exe\shell HKEY_CURRENT_USER\Software\Classes\.exe\shell\open HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ “[rnd_1].exe” -a “%1″ %* HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand “%1″ %* HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ “%1″ %* HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand “%1″ %* HKEY_CURRENT_USER\Software\Classes\[rnd_0] HKEY_CURRENT_USER\Software\Classes\[rnd_0]\ Application HKEY_CURRENT_USER\Software\Classes\[rnd_0]\Content Type application/x-msdownload HKEY_CURRENT_USER\Software\Classes\[rnd_0]\DefaultIcon HKEY_CURRENT_USER\Software\Classes\[rnd_0]\DefaultIcon\ %1 HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command\ “[rnd_1].exe” -a “%1″ %* HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\open\command\IsolatedCommand “%1″ %* HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command\ “%1″ %* HKEY_CURRENT_USER\Software\Classes\[rnd_0]\shell\runas\command\IsolatedCommand “%1″ %* Files, created by XP Defender 2013: %LocalAppData%\[rnd_2] %Temp%\[rnd_2] %UserProfile%\Templates\[rnd_2] %CommonApplData%\[rnd_2]