XP Defender 2013 Description
XP Defender 2013 is a fake anti-virus program. This fake security application is part of a very large family of malware that has been around for several years. There are many variants and clones of XP Defender 2013. These include fake security programs with names like Win 7 Antivirus 2013, XP Internet Security 2013 and Windows 7 Defender 2013. ESG security researchers have dealt with this family of malware in the past, and there are versions of XP Defender 2013 dating to previous years, with names such as XP Defender 2012 and XP Defender 2011. All of these are the same fake security program with a different name and slight changes to the program’s graphic interface. XP Defender 2013 and its variants are all malicious and should be dealt with using a reliable anti-malware program.
Fake security software in XP Defender 2013’s family of malware is characterized by its ability to change in order to match the infected computer’s operating system. XP Defender 2013 is the variant of this threat that attacks computers with the Windows XP operating system. However, computers with the Windows 7 or Windows Vista operating systems will be infected by Windows 7 Defender 2013 or Vista Defender 2013 respectively. This happens because the Trojan that installs XP Defender 2013 first detects the victim’s computer’s operating system and then installs a version of XP Defender 2013 that will match that operating system.
There are few differences between XP Defender 2013 and most other fake security programs. Basically, XP Defender 2013 will try to trick the PC user into believing that their machine has become infected with malware. It will harass the victim with numerous error messages and fake system alerts, all designed to convince the victim to ‘upgrade’ to a premium version of XP Defender 2013, but upgrading is expensive and just as useless. Both the ‘full version’ and the ‘free’ version of XP Defender 2013 have no way of detecting or removing malware in the victim’s computer. Even worse, these fake security programs use malicious scripts, associated Trojans and other malware techniques in order to cause problems deliberately on the victim’s computer in order to gain access to the victim’s credit card information and steal the victim’s money.
Type: Rogue Anti-Virus Program
How Can You Detect XP Defender 2013?
XP Defender 2013 Technical Report
As new XP Defender 2013 details are reported by our customers and findings from our Threat Research Center, we will update this section.
Fake message for XP Defender 2013:
The following fake error message(s) appears for XP Defender 2013:
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card
details and passwords. Click here to perform a security repair
Click Register to register your copy of XP Defender 2013 and perform threat removal on your system. The list of infections and vulnerabilities detected will become available after registration
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan
Beware! Spyware infection was found. Your system security is at risk. Private information may get stolen, and your PC activity may get monitored. Click for an anti-spyware scan
Computer security is at risk! Your PC is still under malware attack. Dangerous programs were found to be running in the background. System crash and identity theft are likely. Remove malware now and get real time intrusion protection?
XP Defender 2013 ALERT
System integrity threat!
Warning! Sensitive data may be sent over your Internet connection right now!
System security was found to be compromised. Your computer is now infected. Attention, irreversible system changes may occur. Private data may get stolen. Click here now for an instant anti-virus scan
Alert! System scan for spyware, adware, Trojans and viruses is complete. Win 7 Defender 2013 detected 31 critical system objects. These security breaches may be exploited and lead to the following:
Your system becomes a target for spam and bulky, intruding ads
Browser crashes frequently and web access speed decreases
Your personal files, photos, document and passwords get stolen
Your computer is used for criminal activity behind your back
Bank details and credit card information gets disclosed
‘How XP Defender 2013 Infects Your Computer’ Video
XP Defender 2013 Removal Details
XP Defender 2013 creates the following files in the system:
- %LocalAppData%\[RANDOM CHARACTERS_2]
- %Temp%\[RANDOM CHARACTERS_2]
- %CommonApplData%\[RANDOM CHARACTERS_2]
- %UserProfile%\Templates\[RANDOM CHARACTERS_2]
XP Defender 2013 creates the following registry entries:
- HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon\ %1
- HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\Content Type application/x-msdownload
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\ “%1″ %*
- HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open
- HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas
- HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\ “[RANDOM CHARACTERS_1].exe” -a “%1″ %*
- HKEY_CURRENT_USER\Software\Classes\.exe\ [RANDOM CHARACTERS_0]
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\IsolatedCommand “%1″ %*
- HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\ Application
- HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon\ %1
- HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell
- HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\IsolatedCommand “%1″ %*
- HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command
- HKEY_CURRENT_USER\Software\Classes\.exe\Content Type application/x-msdownload
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command\ “[RANDOM CHARACTERS_1].exe” -a “%1″ %*
- HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]
- HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\DefaultIcon
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command\IsolatedCommand “%1″ %*
- HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\runas\command\ “%1″ %*
- HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command
- HKEY_CURRENT_USER\Software\Classes\[RANDOM CHARACTERS_0]\shell\open\command\IsolatedCommand “%1″ %*