HomepageDefender

By CagedTech in Trojans

Threat Scorecard

Ranking:	789
Threat Level:	80 % (High)
Infected Computers:	110,546

First Seen:	April 11, 2016
Last Seen:	January 22, 2025
OS(es) Affected:	Windows

The HomepageDefender application is marked as a Trojan with browser hijacking capabilities that is designed to alter the properties of .LNK files and point the user to a corrupted executable. The HomepageDefender Trojan is known to make modifications to the shortcuts of Web browsers and redirect users to potentially infected pages. Reports reveal that the HomepageDefender Trojan can alter the target parameter in .LNK files and trick users into loading unsigned executable.

The HomepageDefender application is programmed to access the DeviceloControl and LdrGetDllHandle APIs in Windows as well as your Registry to modify your Web clients. The HomepageDefender Trojan is not as sophisticated as the Rovnix Trojan, but it will prevent users from loading pages in a secure environment. The HomepageDefender Trojan is likely to load advertisements from Traffic-media.co that is a legitimate advertising network. The HomepageDefender Trojan may load a corrupted copy of Google Chrome, Mozilla Firefox, Opera and Yandex Browser, and inject code in Internet Explorer to show advertisements. It is possible that the coders responsible for the HomepageDefender Trojan are using it to earn a quick profit from pay-per-click revenue. Keep in mind that the ads on your screen may feature links to harmful software and phishing pages.

Security experts reveal that the HomepageDefender Trojan may install its files in the Program Files and AppData directories, as well as create several Registry keys under HKEY_LOCAL_MACHINE. Skilled PC users may be able to remove the HomepageDefender manually, but they miss residual data in the Temp folder. You might want to install a reliable anti-malware instrument designed to eliminate threats like the HomepageDefender Trojan.

Table of Contents

SpyHunter Detects & Remove HomepageDefender

File System Details

HomepageDefender may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	HPWhaleSrv.exe	4ab9c645d98e4dd5e4d45d9d089fa402	108
Name: HPWhaleSrv.exe MD5: 4ab9c645d98e4dd5e4d45d9d089fa402 Size: 1.87 MB (1870336 bytes) Detections: 108 Type: Executable File Path: %PROGRAMFILES%\HPWhale Group: Malware file Last Updated: January 2, 2020
2.	mineApplication.exe	417ac3024f4f6ce485af790a1396abf5	107
Name: mineApplication.exe MD5: 417ac3024f4f6ce485af790a1396abf5 Size: 195.58 KB (195584 bytes) Detections: 107 Type: Executable File Path: %APPDATA%\MinesweeperApp Group: Malware file Last Updated: May 20, 2024
3.	WhaleStarter.exe	d4ab59ac5bdb133408d91530bc1fe8ce	105
Name: WhaleStarter.exe MD5: d4ab59ac5bdb133408d91530bc1fe8ce Size: 855.55 KB (855552 bytes) Detections: 105 Type: Executable File Path: %PROGRAMFILES%\HPWhale Group: Malware file Last Updated: August 11, 2017
4.	hwmonitorapp.exe	71eb1980a5e029a5e1a596963c489868	62
Name: hwmonitorapp.exe MD5: 71eb1980a5e029a5e1a596963c489868 Size: 160.76 KB (160768 bytes) Detections: 62 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\hwmonitorapp Group: Malware file Last Updated: January 9, 2023
5.	archApplication2.exe	e999b1aebd875b22ce84ec4cd5a80618	48
Name: archApplication2.exe MD5: e999b1aebd875b22ce84ec4cd5a80618 Size: 147.45 KB (147456 bytes) Detections: 48 Type: Executable File Path: %APPDATA%\ArchiverApp Group: Malware file Last Updated: April 18, 2020
6.	AkelPadApp4.exe	cdb5e9c94e70177d431eefa8a1021f01	45
Name: AkelPadApp4.exe MD5: cdb5e9c94e70177d431eefa8a1021f01 Size: 179.71 KB (179712 bytes) Detections: 45 Type: Executable File Path: %APPDATA%\AkelPadApp4 Group: Malware file Last Updated: December 17, 2016
7.	HPMonkeySrv.exe	84d80aad8e4a12dcf416ff1c74c27d57	35
Name: HPMonkeySrv.exe MD5: 84d80aad8e4a12dcf416ff1c74c27d57 Size: 1.11 MB (1117184 bytes) Detections: 35 Type: Executable File Path: %APPDATA%\HPMonkey Group: Malware file Last Updated: December 17, 2016
8.	MediaPlayerApplication.exe	1685858a07e77816e1116282dde30d41	23
Name: MediaPlayerApplication.exe MD5: 1685858a07e77816e1116282dde30d41 Size: 172.54 KB (172544 bytes) Detections: 23 Type: Executable File Path: %APPDATA%\MediaPlayerApplication2 Group: Malware file Last Updated: February 3, 2017
9.	HPLionSrv.exe	37f3f14a58d90e20f28888f7c51818ce	23
Name: HPLionSrv.exe MD5: 37f3f14a58d90e20f28888f7c51818ce Size: 1.8 MB (1800704 bytes) Detections: 23 Type: Executable File Path: %PROGRAMFILES(x86)%\HPLion Group: Malware file Last Updated: August 10, 2017
10.	QIPApp.exe	9299e7757cfa5d4c9904a50115371bd5	21
Name: QIPApp.exe MD5: 9299e7757cfa5d4c9904a50115371bd5 Size: 381.95 KB (381952 bytes) Detections: 21 Type: Executable File Path: %APPDATA%\QIPApp Group: Malware file Last Updated: July 28, 2017
11.	SIVApp.exe	ee4fd15552eb199af839d73b6d17a0a5	17
Name: SIVApp.exe MD5: ee4fd15552eb199af839d73b6d17a0a5 Size: 286.72 KB (286720 bytes) Detections: 17 Type: Executable File Path: %APPDATA%\SIVApp Group: Malware file Last Updated: June 14, 2017
12.	HPReyosSrv3.exe	1f88cdac186e05bfed6f07bf656d1413	16
Name: HPReyosSrv3.exe MD5: 1f88cdac186e05bfed6f07bf656d1413 Size: 436.22 KB (436224 bytes) Detections: 16 Type: Executable File Path: %APPDATA%\HPReyos Group: Malware file Last Updated: November 29, 2019
13.	HPZebraSrv.exe	15bad7bb29ae5db00c837b995ba8981a	13
Name: HPZebraSrv.exe MD5: 15bad7bb29ae5db00c837b995ba8981a Size: 4.82 MB (4824248 bytes) Detections: 13 Type: Executable File Path: %PROGRAMFILES%\HPZebra Group: Malware file Last Updated: August 10, 2017
14.	BearStarter.exe	d27b734104dd51eb77e7bfafa1482486	11
Name: BearStarter.exe MD5: d27b734104dd51eb77e7bfafa1482486 Size: 2.13 MB (2133784 bytes) Detections: 11 Type: Executable File Path: %PROGRAMFILES(x86)%\HPBear Group: Malware file Last Updated: July 19, 2017
15.	HPTurtleSrv.exe	62554456dc123d3bdb1e8c12646121e6	11
Name: HPTurtleSrv.exe MD5: 62554456dc123d3bdb1e8c12646121e6 Size: 5.44 MB (5441984 bytes) Detections: 11 Type: Executable File Path: %PROGRAMFILES%\HPTurtle Group: Malware file Last Updated: August 10, 2017
16.	CpuzApp.exe	c45ce49c6da37a57a765fdd76f18f2f9	9
Name: CpuzApp.exe MD5: c45ce49c6da37a57a765fdd76f18f2f9 Size: 829.44 KB (829440 bytes) Detections: 9 Type: Executable File Path: %APPDATA%\CpuzApp4 Group: Malware file Last Updated: September 12, 2017
17.	HPWombatSrv.exe	448c8e296935047b51648416f8c59761	8
Name: HPWombatSrv.exe MD5: 448c8e296935047b51648416f8c59761 Size: 4.95 MB (4956768 bytes) Detections: 8 Type: Executable File Path: %PROGRAMFILES%\HPWombat Group: Malware file Last Updated: August 10, 2017
18.	Mp3tagApp.exe	0739a1a6e49fd9127a6d2325062a1b7e	7
Name: Mp3tagApp.exe MD5: 0739a1a6e49fd9127a6d2325062a1b7e Size: 755.71 KB (755712 bytes) Detections: 7 Type: Executable File Path: %APPDATA%\Mp3tagApp Group: Malware file Last Updated: April 7, 2017
19.	LionStarter.exe	2a12c807be21c2e061d5a17520bd09c5	7
Name: LionStarter.exe MD5: 2a12c807be21c2e061d5a17520bd09c5 Size: 1.16 MB (1162240 bytes) Detections: 7 Type: Executable File Path: %PROGRAMFILES%\HPLion Group: Malware file Last Updated: August 11, 2017
20.	CoreTempApp.exe	9bc4d1eb4f0421c950402912e48ec0d6	7
Name: CoreTempApp.exe MD5: 9bc4d1eb4f0421c950402912e48ec0d6 Size: 429.05 KB (429056 bytes) Detections: 7 Type: Executable File Path: %APPDATA%\CoreTempApp Group: Malware file Last Updated: October 28, 2017
21.	DjvuApp.exe	f90b3c910364025c02098db108144c0f	6
Name: DjvuApp.exe MD5: f90b3c910364025c02098db108144c0f Size: 548.35 KB (548352 bytes) Detections: 6 Type: Executable File Path: %APPDATA%\DjvuApp Group: Malware file Last Updated: April 7, 2017
22.	HPBearSrv.exe	ad4ec15ddd6f7b8827cf615174b95914	6
Name: HPBearSrv.exe MD5: ad4ec15ddd6f7b8827cf615174b95914 Size: 2.74 MB (2743528 bytes) Detections: 6 Type: Executable File Path: %PROGRAMFILES%\HPBear Group: Malware file Last Updated: August 11, 2017
23.	TablacusApp.exe	0ed47bed91b768278b544faa448e9712	5
Name: TablacusApp.exe MD5: 0ed47bed91b768278b544faa448e9712 Size: 1.65 MB (1653664 bytes) Detections: 5 Type: Executable File Path: %APPDATA%\TablacusApp2 Group: Malware file Last Updated: August 12, 2017
24.	ciZqUa.exe	3c2d83d37dc776b9ef6c5a90eec8eaca	1
Name: ciZqUa.exe MD5: 3c2d83d37dc776b9ef6c5a90eec8eaca Size: 213.08 KB (213088 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES(x86)%\Sersoft Group: Malware file Last Updated: October 20, 2017
25.	CgjaG9.exe	0fd78a741a7c5ad9c4820a0ae189e962	1
Name: CgjaG9.exe MD5: 0fd78a741a7c5ad9c4820a0ae189e962 Size: 171.61 KB (171616 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES(x86)%\Sersoft Group: Malware file Last Updated: October 20, 2017
26.	qQTqsk.exe	bfd7be3ccca459854e3d1f4a7d7e09e9	1
Name: qQTqsk.exe MD5: bfd7be3ccca459854e3d1f4a7d7e09e9 Size: 234.52 KB (234528 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\Sersoft Group: Malware file Last Updated: October 20, 2017

More files

Registry Details

HomepageDefender may create the following registry entry or registry entries:

File name without path

cpuz_x32.lnk

Hwmonitor2.lnk

mplayerc.lnk

qip 8.0.lnk

Qip 9.lnk

qipApp8.lnk

SIV32x.lnk

Tablacus.lnk

Regexp file mask

%APPDATA%\CpuzApp2\CpuzApp.exe

%APPDATA%\CpuzApp\CpuzApp.exe

%APPDATA%\Mp3tagApp\Mp3tagApp.exe

%PROGRAMFILES(x86)%\Homepage\instl.exe

%USERPROFILE%\Desktop\AkelPad.lnk

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\AkelPadApp

SOFTWARE\Akelsoft\AkelPad

Software\archApplication

Software\CoreTempApp

Software\CpuzApp

SOFTWARE\DjvuApp

SOFTWARE\HomePageDefender

SOFTWARE\HPLion

SOFTWARE\HPMammoth

SOFTWARE\HPPanda

SOFTWARE\HPRewriter

SOFTWARE\HPReyos

SOFTWARE\HPTurtle

SOFTWARE\HPWhale

SOFTWARE\HPWombat

SOFTWARE\HPZebra

Software\HwmonitorApp

SOFTWARE\KeePassApp

Software\MediaPlayerApplication

SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\notepad3k.exe

SOFTWARE\Microsoft\Tracing\notepad3k_RASAPI32

SOFTWARE\Microsoft\Tracing\notepad3k_RASMANCS

Software\Microsoft\Windows\CurrentVersion\Run\KeePassApp

Software\Microsoft\Windows\CurrentVersion\Run\QIPApp

Software\Microsoft\Windows\CurrentVersion\Run\SIVApp

Software\Mp3tagApp

Software\nppApplication

Software\QIPApp

SOFTWARE\SearchPageDefender

Software\SIVApp

Software\SpeccyApp

Software\TablacusApp

SOFTWARE\Wow6432Node\Akelsoft\AkelPad

SOFTWARE\Wow6432Node\HomePageDefender

SOFTWARE\WOW6432Node\HPLion

SOFTWARE\Wow6432Node\HPMammoth

SOFTWARE\Wow6432Node\HPPanda

SOFTWARE\Wow6432Node\HPRewriter

SOFTWARE\Wow6432Node\HPReyos

SOFTWARE\WOW6432Node\HPTiger

SOFTWARE\WOW6432Node\HPTurtle

SOFTWARE\Wow6432Node\HPWhale

SOFTWARE\Wow6432Node\HPWombat

SOFTWARE\WOW6432Node\HPZebra

SOFTWARE\Wow6432Node\Microsoft\Tracing\notepad3k_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\notepad3k_RASMANCS

SOFTWARE\Wow6432Node\SearchPageDefender

SYSTEM\ControlSet001\services\HomePageDefender Service

SYSTEM\ControlSet001\Services\HPPanda Service

SYSTEM\ControlSet001\services\HPReyos Service

SYSTEM\ControlSet001\Services\HPSewil Service

SYSTEM\ControlSet001\services\HPWriter Service

SYSTEM\ControlSet001\services\HSystem

SYSTEM\ControlSet002\services\HomePageDefender Service

SYSTEM\ControlSet002\Services\HPPanda Service

SYSTEM\ControlSet002\services\HPReyos Service

SYSTEM\ControlSet002\Services\HPSewil Service

SYSTEM\ControlSet002\services\HPWriter Service

SYSTEM\ControlSet002\services\HSystem

SYSTEM\CurrentControlSet\services\HomePageDefender Service

SYSTEM\CurrentControlSet\Services\HPPanda Service

SYSTEM\CurrentControlSet\services\HPReyos Service

SYSTEM\CurrentControlSet\Services\HPSewil Service

SYSTEM\CurrentControlSet\services\HPWriter Service

SYSTEM\CurrentControlSet\Services\HSystem

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

AkelPadApp

ArchiverApp

CoreTempApp

CpuzApp3

CpuzApp4

CpuzApp5

DjvuApp

HomePageDefender

HPBear

HPLion

HPMammoth

HPMonkey

HPPanda

HPRewriter2

HPReyos

HPSewil

HPTiger

HPTurtle

HPWhale

HPWombat

HPWriter

HPZebra

HwmonitorApp

KeePassApp

MediaPlayerApplication

MediaPlayerApplication2

Mp3tagApp

Mp3tagApp2

Mp3tagApp3

QIPApp

SearchPageDefender

SIVApp

SpeccyApp

TablacusApp

Directories

HomepageDefender may create the following directory or directories:

%APPDATA%\AkelPadApp

%APPDATA%\AkelPadApp3

%APPDATA%\AkelPadApp4

%APPDATA%\AnyDeskApp

%APPDATA%\ArchiverApp

%APPDATA%\CoreTempApp

%APPDATA%\Coretemp

%APPDATA%\CpuzApp3

%APPDATA%\CpuzApp4

%APPDATA%\CpuzApp5

%APPDATA%\Cust7z

%APPDATA%\DjvuApp

%APPDATA%\HPCurator

%APPDATA%\HPMonkey

%APPDATA%\HPPanda

%APPDATA%\HPRewriter

%APPDATA%\HPRewriter2

%APPDATA%\HPReyos

%APPDATA%\HPSalter

%APPDATA%\HPSewil

%APPDATA%\HPSoyer

%APPDATA%\HPStocker

%APPDATA%\HPWombat

%APPDATA%\HPWriter

%APPDATA%\HwmonitorApp

%APPDATA%\KeePassApp

%APPDATA%\MediaPlayerApplication

%APPDATA%\MediaPlayerApplication2

%APPDATA%\Microsoft\Windows\Start Menu\Programs\notepad3k

%APPDATA%\MinesweeperApp

%APPDATA%\MinesweeperApp2

%APPDATA%\Mp3tagApp2

%APPDATA%\Mp3tagApp3

%APPDATA%\NotepadPlusPlusApp

%APPDATA%\QIPApp

%APPDATA%\SIV

%APPDATA%\SIVApp

%APPDATA%\SpeccyApp

%PROGRAMFILES%\HPBear

%PROGRAMFILES%\HPGuard

%PROGRAMFILES%\HPHolder

%PROGRAMFILES%\HPKeeper

%PROGRAMFILES%\HPLion

%PROGRAMFILES%\HPMammoth

%PROGRAMFILES%\HPPanda

%PROGRAMFILES%\HPReserver

%PROGRAMFILES%\HPTiger

%PROGRAMFILES%\HPTurtle

%PROGRAMFILES%\HPWhale

%PROGRAMFILES%\HPWombat

%PROGRAMFILES%\HPZebra

%PROGRAMFILES%\HomePageDefender

%PROGRAMFILES%\HpDef

%PROGRAMFILES%\HpSec

%PROGRAMFILES%\Sersoft

%PROGRAMFILES(x86)%\HPBear

%PROGRAMFILES(x86)%\HPGuard

%PROGRAMFILES(x86)%\HPHolder

%PROGRAMFILES(x86)%\HPKeeper

%PROGRAMFILES(x86)%\HPLion

%PROGRAMFILES(x86)%\HPMammoth

%PROGRAMFILES(x86)%\HPPanda

%PROGRAMFILES(x86)%\HPReserver

%PROGRAMFILES(x86)%\HPSaver

%PROGRAMFILES(x86)%\HPTiger

%PROGRAMFILES(x86)%\HPTurtle

%PROGRAMFILES(x86)%\HPWhale

%PROGRAMFILES(x86)%\HPWombat

%PROGRAMFILES(x86)%\HPZebra

%PROGRAMFILES(x86)%\HomePageDefender

%PROGRAMFILES(x86)%\HpDef

%PROGRAMFILES(x86)%\HpSec

%PROGRAMFILES(x86)%\SearchPageDefender

%PROGRAMFILES(x86)%\Sersoft

%temp%\MyDiskPro

1 Comment

Michelle 8 years ago Reply

Hi, I have found HPSewil in my registry, at HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\HPSewil. Should I delete it? I am not an advanced user and am not sure what is but think it is part of a virus. I tried touninstall it through the control panel but it says that it cannot find the file.

EnigmaSoft's SpyHunter for Windows Has Achieved AV-TEST Certification

Search

Change Region

HomepageDefender

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove HomepageDefender

File System Details

Registry Details

Directories

1 Comment

Submit Comment

Trending

Contacto Ransomware

Protocolsafe.co.in

FireScam Mobile Malware

Most Viewed

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen

How To Fix 'Printer Driver is Unavailable' Error