XP Defender 2013 - How to remove it from your computer?
XP Defender 2013 is a rogue antivirus program which imitates a real security program - it pretends to scan your computer for security infections and after the imaginary scan this bogus software generates a fake list of supposedly detected security threats. All of the processes which imitates a legitimate security program are displayed with a purpose of tricking unsuspecting PC users into purchasing a licence key for XP Defender 2013. This malicious software originates from a family of fake antivirus programs called Braviax, previously released rogue programs from this family were named XP Security 2012, XP Antivirus 2012 and many other. This family or rogues were inactive for about 6 months, but apparently Cyber criminals decided to renew the development and distribution or fake antivirus programs from this family.
When XP Defender 2013 infiltrates your computer it will modify your operating system and will set itself to start automatically every time you boot Windows, furthermore this malicious software will limit your Internet browsing - every time your start your Internet Explorer you will get an error stating that "Visiting this site may pose a security threat to your system!". Notice that your other Internet browsers (Mozilla FireFox, Google Chrome etc.) will be blocked together with all of the other installed software. As the previous rogue antivirus programs from Braviax family XP Defender 2013 is quite complicated to remove, Cyber criminals have put a lot of time while developing this rogue program to make it hard to eliminate.
XP Defender 2013 is distributed by Cyber criminals who uses malicious websites and drive-by downloads to infect Internet users all over the world. Criminals who are responsible for releasing this scam are hoping the computer user's who gets their machines infected with this rogue program will believe the fake security scans and warning messages and will purchase it's licence key to remove the non existent security threats. You shouldn't trust XP Defender 2013, it's a useless program which shows fake information in order to scare you into thinking that your PC is infected with malware and viruses, don't buy it's licence - you will send your money to Cyber criminals and your PC will still be infected. Use the provided removal guide and eliminate this scam from your computer.
Fake security warning messages generated by XP Defender 2013:
Alert! System scan for spyware, adware, Trojans and viruses is complete. XP Defender 2013 detected 31 critical system objects. These security breaches may be exploited and lead to the following:
Your system becomes a target for spam and bulky, intruding ads
Browser crashes frequently and web access speed decreases
Your personal files, photos, document and passwords get stolen
Your computer is used for criminal activity behind your back
Bank details and credit card information gets disclosed"
"Click Register to register your copy of XP Defender 2013 and perform threat removal on your system. The list of infections
and vulnerabilities detected will become available after registration"
"Computer security is at risk! Your PC is still under malware attack. Dangerous programs were found to be running in the background. System
crash and identity theft are likely. Remove malware now and get real time intrusion protection?"
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan"
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for an anti-spyware scan"
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card
details and passwords. Click here to perform a security repair"
System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan"
"XP Defender 2013 ALERT
System integrity threat!
Warning! Sensitive data may be sent over your Internet connection right now!
Details Attack from 252.211.92.28 port: 20928
Attacked port: 35268
Do you want to block this attack?"
Don't trust this program.This is a fake antivirus software. Remove it. Use this removal guide to completely remove XP Defender 2013 from your computer.
Automatic XP Defender 2013 rogue removal:
IMPORTANT! Before downloading: Click "Registration" button which is located on the top right corner of the XP Defender 2013 program window, and when registration window opens enter this registration key in the "Reg key" field and click "Activate":
When the registration key is entered, XP Defender 2013 will think, that you've purchased it and will stop generating fake warnings. It will also allow you to run programs and removers. Note, that registering this program will not remove it from your PC. It will just disable fake warnings. After you entered this key, you can now download recommended anti-spyware software (use the button below) and get rid of this fake security software.
NOTE: If installation of spyware remover fails, or you can't open .exe files you can try our Customized installer, built by our technicians to bypass spyware infections and install removers anyway. It is a DOS program, that most of spyware doesn't block.
If after or before removal you cannot run any program, this means XP Defender 2013 has modified your .exe file associations. When you try to run any executable, Windows opens "select program" dialog and doesn't execute program. To fix it, download registry fix (link below). Save it to your computer, double click it, click yes and then OK. Reboot your PC and file associations should work normally.
If You Can't open your browser (Internet explorer, FireFox, Opera):
XP Defender 2013 rogue hijacks web browsers. This rogue program generates fake messages that almost every site you visit is infected. This is not true. If you can't use your browser, please follow these steps to remove this infection from infected PC:
IMPORTANT: You must perform these steps on infected computer. If you are using another computer to view this page, you don't need to do fixes, just download installer using download button, transfer it to infected computer via USB flash drive or other storage device and run it.
At first, we need to fix execution of .exe files. XP Defender 2013 is known to disable executing of programs. To do this click Start then click Run.
When the Run dialog appears enter this link: www.pcrisk.com/xp-fix and then press ENTER.
File download dialog will appear saying you are downloading file xp_av_fix.reg. Click Run then click YES and OK. Registry should now be fixed and you will be able to run .exe files. XP Defender 2013 will generate fake warning, please ignore it and click "stay unprotected". Do not restart your computer after this step!
Now when execution of programs is fixed, we need to download spyware removal software to remove this infection from your PC. To do this click Start then click Run. (same as on Step 1)
When the Run dialog appears enter this link: www.pcrisk.com/download-spyware-remover and then press ENTER.
File download dialog of spyware remover will appear. Click Run and follow the on-screen instructions and scan your computer. XP Defender 2013 will generate fake warning again, please ignore it and click "stay unprotected".
That's it. Your computer should now be clean.
NOTE: In some cases, depending of computer and operating system configuration, methods described above can not always work. In such case our developers made custom installer. It is useful when you can't browse The Internet and can't execute .exe files. It starts like MS-Dos program, runs some registry fixes and rootkit scans then initiates execution of spyware remover installer. As we tested this installer worked on Windows 7, Windows Vista and XP, infected with most common spyware infections.
To use this installer click Start then click Run.
When the Run dialog appears enter this link: www.pcrisk.com/installer.com and then press ENTER.
XP Defender 2013 will generate fake warning after pressing ENTER. please ignore it and click "No, stay unprotected (Not recommended)"
File download dialog will appear saying you are downloading file installer.com. Click Run, wait for download to finish then follow the on-screen instructions. Windows may warn you that this file may be unsafe, please ignore these warnings.
If your browser works, you can use this button to download customized installer.
If something goes wrong removing XP Defender 2013 using automatic removal method, you can try entering Reg Key to activate this spyware and disable fake warnings using the instructions below:
When XP Defender 2013 finishes it's fake scan, click the "register" button on the top-right corner of this program. And when the registration window is opened, click "Manual Activation"
When XP Defender 2013 opens a Manual Activation window, enter this key 3425-814615-3990 into the "Reg key:" field and click "Activate Now" button. After doing this XP Defender 2013 will thank you for the registration and will start removing all the "infections" it found. Don't worry, these infections are not real. When it removes the infections, another Update window appears. This rogue program will imitate downloading of updates.
When the imitation of updates downloading is complete, your Internet browser should work normally and now you can download and install spyware remover to remove this infection (download button below). Note that activation does not remove XP Defender 2013. It only removes fake warnings, but not infection itself. It still runs in background and needs to be removed as soon as possible.
Now You can download recommended spyware removal utility to fully remove this infection.
If installation or downloading fails:
If you still cannot run or download removal tool, download registry fix file. It enables normal execution of applications and fixes web browser errors. click on the link below, when download completes click run, click yes and then OK.
If the installation of spyware remover fails, you can try our Customized installer, built by our technicians to bypass infections and install removers anyway.
Manual XP Defender 2013 removal instructions
Some spyware can block downloading spyware removers. If You can't download it using default location, try one of the alternative download locations below:
- Location 1 (The file is renamed to "iexplore.exe" because most of spyware doesn't block this file)
- Location 2
If installation of the remover fails, please try downloading customized installer, which was built by our technicians to bypass spyware infections. Download customized installer
If you still can't download or can't run spyware removing software, please perform these steps:
Download registry fix for XP Defender 2013 malware. This fix removes registry entries, that disallows executing of programs in some variants of this spyware, to download it, click the link below. After downloading double click xp_av_fix.reg file, click Yes when asked and then click OK.
Some variants of this spyware modifies system proxy settings and you can't access Internet or website addresses is redirected to malicious or phishing websites. To reset proxy settings to default, download and run this tool:
XP Defender 2013 modifies system hosts file. It is used to resolve some canonical names of websites to ip addresses. When it is changed, the user may be redirected to malicious site still seeing good URL in address bar. It is very hard to find out if the site is genuine or not, when hosts file is modified. To fix this, please download Microsoft FixIt tool, that restores your hosts file to windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
That's It! You can now try to download Spyware remover or install and run it if already downloaded. In most cases this leads to a success, if not, please describe your problem in our FORUM and our technicians will try to help you.
XP Defender 2013 manual removal instructions (advanced users):
If you are unable to remove XP Defender 2013 automatically , you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)
1. Load your computer in safe mode with networking. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.
2. Download registry fix file After saving the file to your desktop - double click fix.reg and then click YES to confirm.
3. Open Internet explorer, click Tools and select Internet Options. Select "Connections".
4.Click LAN settings, if a Use a proxy server for your LAN is checked, uncheck it and press OK.
End these XP Defender 2013 processes:
Remove these XP Defender 2013 registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1? = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1?
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1? %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1? %*’
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%1? %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[random].exe” /START “%Program Files%\Internet Explorer\iexplore.exe”‘
Delete these XP Defender 2013 files:
5. Download Spyware Doctor or other tool to fully remove XP Defender 2013 from your computer.
Other tools known to remove XP Defender 2013:
General tips on removing XP Defender 2013:
*If you can't download anti-spyware software: Click on the download link, when the save dialog opens change the file name (example: when downloading mbam-setup.exe rename it to iexplore.exe).
*If you have installed anti-spyware program but you can't run it: Click Run, type %ProgramFiles% and press Enter. Open folder of your anti-spyware program, search for executable file and rename it. (example: Open Malwarebytes’ Anti-Malware folder, right-click on the main executable file (mbam.exe) then click rename. Rename the mbam.exe file to iexplore.exe, winlogon.exe firefox.exe ...
*If you can't access your anti-spyware software, try creating a new user account:
Click Start -> Settings -> Control panel.
Click User Accounts and create a new account.
Reboot your computer and login using a newly created user account.
*After this procedure you should be able to access your anti-spyware programs. Update and run a full system scan.
Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.
If you can't access Internet:
Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.
Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.
Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, uncheck it and press OK.
After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program. Then run a full system scan.
- FBI Your Computer Has Been Locked scam
- System Care Antivirus
- Department of Justice MoneyPak Virus
- Win 7 Antivirus 2013
- SweetIM Toolbar (Search.sweetim.com Virus)
- Department of Justice scam
- FBI Cybercrime Division - Your PC is Blocked (MoneyPak Virus)
- Metropolitan Police ransomware (PCeU) virus
- Police Central E-Crime Unit Virus
- Internet Security "designed to protect" Scam - Fake Antivirus Program