HomepageDefender

By CagedTech in Trojans

Threat Scorecard

Ranking:	989
Threat Level:	80 % (High)
Infected Computers:	108,965

First Seen:	April 11, 2016
Last Seen:	February 28, 2024
OS(es) Affected:	Windows

The HomepageDefender application is marked as a Trojan with browser hijacking capabilities that is designed to alter the properties of .LNK files and point the user to a corrupted executable. The HomepageDefender Trojan is known to make modifications to the shortcuts of Web browsers and redirect users to potentially infected pages. Reports reveal that the HomepageDefender Trojan can alter the target parameter in .LNK files and trick users into loading unsigned executable.

The HomepageDefender application is programmed to access the DeviceloControl and LdrGetDllHandle APIs in Windows as well as your Registry to modify your Web clients. The HomepageDefender Trojan is not as sophisticated as the Rovnix Trojan, but it will prevent users from loading pages in a secure environment. The HomepageDefender Trojan is likely to load advertisements from Traffic-media.co that is a legitimate advertising network. The HomepageDefender Trojan may load a corrupted copy of Google Chrome, Mozilla Firefox, Opera and Yandex Browser, and inject code in Internet Explorer to show advertisements. It is possible that the coders responsible for the HomepageDefender Trojan are using it to earn a quick profit from pay-per-click revenue. Keep in mind that the ads on your screen may feature links to harmful software and phishing pages.

Security experts reveal that the HomepageDefender Trojan may install its files in the Program Files and AppData directories, as well as create several Registry keys under HKEY_LOCAL_MACHINE. Skilled PC users may be able to remove the HomepageDefender manually, but they miss residual data in the Temp folder. You might want to install a reliable anti-malware instrument designed to eliminate threats like the HomepageDefender Trojan.

Table of Contents

SpyHunter Detects & Remove HomepageDefender

File System Details

HomepageDefender may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	HPWhaleSrv.exe	4ab9c645d98e4dd5e4d45d9d089fa402	108
Name: HPWhaleSrv.exe MD5: 4ab9c645d98e4dd5e4d45d9d089fa402 Size: 1.87 MB (1870336 bytes) Detections: 108 Type: Executable File Path: %PROGRAMFILES%\HPWhale Group: Malware file Last Updated: January 2, 2020
2.	WhaleStarter.exe	d4ab59ac5bdb133408d91530bc1fe8ce	105
Name: WhaleStarter.exe MD5: d4ab59ac5bdb133408d91530bc1fe8ce Size: 855.55 KB (855552 bytes) Detections: 105 Type: Executable File Path: %PROGRAMFILES%\HPWhale Group: Malware file Last Updated: August 11, 2017
3.	HPLionSrv.exe	008902cc8f664a4bb4125e52e1dbbcf2	84
Name: HPLionSrv.exe MD5: 008902cc8f664a4bb4125e52e1dbbcf2 Size: 1.8 MB (1800704 bytes) Detections: 84 Type: Executable File Path: %PROGRAMFILES(x86)%\HPLion Group: Malware file Last Updated: November 2, 2019
4.	HPLionSrv.exe	e211db3c47a2dfb778b1dd7a18e6fc5d	77
Name: HPLionSrv.exe MD5: e211db3c47a2dfb778b1dd7a18e6fc5d Size: 1.8 MB (1800704 bytes) Detections: 77 Type: Executable File Path: %PROGRAMFILES%\HPLion Group: Malware file Last Updated: August 10, 2017
5.	CpuzApp.exe	7dcdd010445b3be73e85a8b3b3a2a780	66
Name: CpuzApp.exe MD5: 7dcdd010445b3be73e85a8b3b3a2a780 Size: 570.36 KB (570368 bytes) Detections: 66 Type: Executable File Path: %APPDATA%\CpuzApp4 Group: Malware file Last Updated: September 12, 2017
6.	hwmonitorapp.exe	71eb1980a5e029a5e1a596963c489868	62
Name: hwmonitorapp.exe MD5: 71eb1980a5e029a5e1a596963c489868 Size: 160.76 KB (160768 bytes) Detections: 62 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\hwmonitorapp Group: Malware file Last Updated: January 9, 2023
7.	TablacusApp.exe	aac3f46f1975d927cf7cbd34e353cd69	45
Name: TablacusApp.exe MD5: aac3f46f1975d927cf7cbd34e353cd69 Size: 418.3 KB (418304 bytes) Detections: 45 Type: Executable File Path: %APPDATA%\TablacusApp2 Group: Malware file Last Updated: August 12, 2017
8.	CoreTempApp.exe	4210d4837a5617818edfb762da004d06	24
Name: CoreTempApp.exe MD5: 4210d4837a5617818edfb762da004d06 Size: 2.47 MB (2470344 bytes) Detections: 24 Type: Executable File Path: %APPDATA%\CoreTempApp Group: Malware file Last Updated: October 28, 2019
9.	HPLionSrv.exe	37f3f14a58d90e20f28888f7c51818ce	23
Name: HPLionSrv.exe MD5: 37f3f14a58d90e20f28888f7c51818ce Size: 1.8 MB (1800704 bytes) Detections: 23 Type: Executable File Path: %PROGRAMFILES(x86)%\HPLion Group: Malware file Last Updated: August 10, 2017
10.	QIPApp.exe	9299e7757cfa5d4c9904a50115371bd5	21
Name: QIPApp.exe MD5: 9299e7757cfa5d4c9904a50115371bd5 Size: 381.95 KB (381952 bytes) Detections: 21 Type: Executable File Path: %APPDATA%\QIPApp Group: Malware file Last Updated: July 28, 2017
11.	CpuzApp.exe	f553d991abd8eebbec5848e21d5bec3a	20
Name: CpuzApp.exe MD5: f553d991abd8eebbec5848e21d5bec3a Size: 2.87 MB (2878016 bytes) Detections: 20 Type: Executable File Path: %APPDATA%\CpuzApp3 Group: Malware file Last Updated: September 12, 2017
12.	CpuzApp.exe	52f93b1f65738aa2dbab9f21a8291bfc	15
Name: CpuzApp.exe MD5: 52f93b1f65738aa2dbab9f21a8291bfc Size: 707.58 KB (707584 bytes) Detections: 15 Type: Executable File Path: %APPDATA%\CpuzApp4 Group: Malware file Last Updated: September 7, 2018
13.	CpuzApp.exe	75f01fc7250d73b303a6db6f5db59e35	15
Name: CpuzApp.exe MD5: 75f01fc7250d73b303a6db6f5db59e35 Size: 680.44 KB (680448 bytes) Detections: 15 Type: Executable File Path: %APPDATA%\CpuzApp4 Group: Malware file Last Updated: September 12, 2017
14.	CpuzApp.exe	cb53776e8dd4b7ee7c1c69a7ddb83851	14
Name: CpuzApp.exe MD5: cb53776e8dd4b7ee7c1c69a7ddb83851 Size: 716.8 KB (716800 bytes) Detections: 14 Type: Executable File Path: %APPDATA%\CpuzApp4 Group: Malware file Last Updated: September 12, 2017
15.	CoreTempApp.exe	bb0c0c2bb80e164380aa5818c5e9a8ca	14
Name: CoreTempApp.exe MD5: bb0c0c2bb80e164380aa5818c5e9a8ca Size: 1.89 MB (1899768 bytes) Detections: 14 Type: Executable File Path: %APPDATA%\CoreTempApp Group: Malware file Last Updated: October 28, 2017
16.	HPZebraSrv.exe	15bad7bb29ae5db00c837b995ba8981a	13
Name: HPZebraSrv.exe MD5: 15bad7bb29ae5db00c837b995ba8981a Size: 4.82 MB (4824248 bytes) Detections: 13 Type: Executable File Path: %PROGRAMFILES%\HPZebra Group: Malware file Last Updated: August 10, 2017
17.	CpuzApp.exe	cc30369dd234f4f635047b18465274e4	12
Name: CpuzApp.exe MD5: cc30369dd234f4f635047b18465274e4 Size: 714.75 KB (714752 bytes) Detections: 12 Type: Executable File Path: %APPDATA%\CpuzApp4 Group: Malware file Last Updated: September 12, 2017
18.	CoreTempApp.exe	60760eac73874d4def94a9aeafa134c4	12
Name: CoreTempApp.exe MD5: 60760eac73874d4def94a9aeafa134c4 Size: 407.55 KB (407552 bytes) Detections: 12 Type: Executable File Path: %APPDATA%\CoreTempApp Group: Malware file Last Updated: December 15, 2019
19.	CpuzApp.exe	8ac936a8b9c4468f546ac7e9ee1c3d97	11
Name: CpuzApp.exe MD5: 8ac936a8b9c4468f546ac7e9ee1c3d97 Size: 3.37 MB (3373560 bytes) Detections: 11 Type: Executable File Path: %APPDATA%\CpuzApp3 Group: Malware file Last Updated: September 12, 2017
20.	CpuzApp.exe	c45ce49c6da37a57a765fdd76f18f2f9	9
Name: CpuzApp.exe MD5: c45ce49c6da37a57a765fdd76f18f2f9 Size: 829.44 KB (829440 bytes) Detections: 9 Type: Executable File Path: %APPDATA%\CpuzApp4 Group: Malware file Last Updated: September 12, 2017
21.	TablacusApp.exe	ba76f5f759e1d26225aecdfabbd63da4	8
Name: TablacusApp.exe MD5: ba76f5f759e1d26225aecdfabbd63da4 Size: 405.5 KB (405504 bytes) Detections: 8 Type: Executable File Path: %APPDATA%\TablacusApp Group: Malware file Last Updated: August 12, 2017
22.	LionStarter.exe	2a12c807be21c2e061d5a17520bd09c5	7
Name: LionStarter.exe MD5: 2a12c807be21c2e061d5a17520bd09c5 Size: 1.16 MB (1162240 bytes) Detections: 7 Type: Executable File Path: %PROGRAMFILES%\HPLion Group: Malware file Last Updated: August 11, 2017
23.	CoreTempApp.exe	18d6e60278638949553be17c0636e082	7
Name: CoreTempApp.exe MD5: 18d6e60278638949553be17c0636e082 Size: 540.67 KB (540672 bytes) Detections: 7 Type: Executable File Path: %APPDATA%\CoreTempApp Group: Malware file Last Updated: March 27, 2020
24.	CoreTempApp.exe	9bc4d1eb4f0421c950402912e48ec0d6	7
Name: CoreTempApp.exe MD5: 9bc4d1eb4f0421c950402912e48ec0d6 Size: 429.05 KB (429056 bytes) Detections: 7 Type: Executable File Path: %APPDATA%\CoreTempApp Group: Malware file Last Updated: October 28, 2017
25.	HPBearSrv.exe	ad4ec15ddd6f7b8827cf615174b95914	6
Name: HPBearSrv.exe MD5: ad4ec15ddd6f7b8827cf615174b95914 Size: 2.74 MB (2743528 bytes) Detections: 6 Type: Executable File Path: %PROGRAMFILES%\HPBear Group: Malware file Last Updated: August 11, 2017
26.	TablacusApp.exe	0ed47bed91b768278b544faa448e9712	5
Name: TablacusApp.exe MD5: 0ed47bed91b768278b544faa448e9712 Size: 1.65 MB (1653664 bytes) Detections: 5 Type: Executable File Path: %APPDATA%\TablacusApp2 Group: Malware file Last Updated: August 12, 2017
27.	TablacusApp.exe	479621dbcda98216d1d1354c7163b801	1
Name: TablacusApp.exe MD5: 479621dbcda98216d1d1354c7163b801 Size: 4.67 MB (4675661 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\TablacusApp local files Group: Malware file Last Updated: August 12, 2017

More files

Registry Details

HomepageDefender may create the following registry entry or registry entries:

File name without path

cpuz_x32.lnk

Hwmonitor2.lnk

mplayerc.lnk

qip 8.0.lnk

Qip 9.lnk

qipApp8.lnk

SIV32x.lnk

Tablacus.lnk

Regexp file mask

%APPDATA%\CpuzApp2\CpuzApp.exe

%APPDATA%\CpuzApp\CpuzApp.exe

%APPDATA%\Mp3tagApp\Mp3tagApp.exe

%PROGRAMFILES(x86)%\Homepage\instl.exe

%USERPROFILE%\Desktop\AkelPad.lnk

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\AkelPadApp

SOFTWARE\Akelsoft\AkelPad

Software\archApplication

Software\CoreTempApp

Software\CpuzApp

SOFTWARE\DjvuApp

SOFTWARE\HomePageDefender

SOFTWARE\HPLion

SOFTWARE\HPMammoth

SOFTWARE\HPPanda

SOFTWARE\HPRewriter

SOFTWARE\HPReyos

SOFTWARE\HPTurtle

SOFTWARE\HPWhale

SOFTWARE\HPWombat

SOFTWARE\HPZebra

Software\HwmonitorApp

SOFTWARE\KeePassApp

Software\MediaPlayerApplication

SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\notepad3k.exe

SOFTWARE\Microsoft\Tracing\notepad3k_RASAPI32

SOFTWARE\Microsoft\Tracing\notepad3k_RASMANCS

Software\Microsoft\Windows\CurrentVersion\Run\KeePassApp

Software\Microsoft\Windows\CurrentVersion\Run\QIPApp

Software\Microsoft\Windows\CurrentVersion\Run\SIVApp

Software\Mp3tagApp

Software\nppApplication

Software\QIPApp

SOFTWARE\SearchPageDefender

Software\SIVApp

Software\SpeccyApp

Software\TablacusApp

SOFTWARE\Wow6432Node\Akelsoft\AkelPad

SOFTWARE\Wow6432Node\HomePageDefender

SOFTWARE\WOW6432Node\HPLion

SOFTWARE\Wow6432Node\HPMammoth

SOFTWARE\Wow6432Node\HPPanda

SOFTWARE\Wow6432Node\HPRewriter

SOFTWARE\Wow6432Node\HPReyos

SOFTWARE\WOW6432Node\HPTiger

SOFTWARE\WOW6432Node\HPTurtle

SOFTWARE\Wow6432Node\HPWhale

SOFTWARE\Wow6432Node\HPWombat

SOFTWARE\WOW6432Node\HPZebra

SOFTWARE\Wow6432Node\Microsoft\Tracing\notepad3k_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\notepad3k_RASMANCS

SOFTWARE\Wow6432Node\SearchPageDefender

SYSTEM\ControlSet001\services\HomePageDefender Service

SYSTEM\ControlSet001\Services\HPPanda Service

SYSTEM\ControlSet001\services\HPReyos Service

SYSTEM\ControlSet001\Services\HPSewil Service

SYSTEM\ControlSet001\services\HPWriter Service

SYSTEM\ControlSet001\services\HSystem

SYSTEM\ControlSet002\services\HomePageDefender Service

SYSTEM\ControlSet002\Services\HPPanda Service

SYSTEM\ControlSet002\services\HPReyos Service

SYSTEM\ControlSet002\Services\HPSewil Service

SYSTEM\ControlSet002\services\HPWriter Service

SYSTEM\ControlSet002\services\HSystem

SYSTEM\CurrentControlSet\services\HomePageDefender Service

SYSTEM\CurrentControlSet\Services\HPPanda Service

SYSTEM\CurrentControlSet\services\HPReyos Service

SYSTEM\CurrentControlSet\Services\HPSewil Service

SYSTEM\CurrentControlSet\services\HPWriter Service

SYSTEM\CurrentControlSet\Services\HSystem

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

AkelPadApp

ArchiverApp

CoreTempApp

CpuzApp3

CpuzApp4

CpuzApp5

DjvuApp

HomePageDefender

HPBear

HPLion

HPMammoth

HPMonkey

HPPanda

HPRewriter2

HPReyos

HPSewil

HPTiger

HPTurtle

HPWhale

HPWombat

HPWriter

HPZebra

HwmonitorApp

KeePassApp

MediaPlayerApplication

MediaPlayerApplication2

Mp3tagApp

Mp3tagApp2

Mp3tagApp3

QIPApp

SearchPageDefender

SIVApp

SpeccyApp

TablacusApp

Directories

HomepageDefender may create the following directory or directories:

%APPDATA%\AkelPadApp

%APPDATA%\AkelPadApp3

%APPDATA%\AkelPadApp4

%APPDATA%\AnyDeskApp

%APPDATA%\ArchiverApp

%APPDATA%\CoreTempApp

%APPDATA%\Coretemp

%APPDATA%\CpuzApp3

%APPDATA%\CpuzApp4

%APPDATA%\CpuzApp5

%APPDATA%\Cust7z

%APPDATA%\DjvuApp

%APPDATA%\HPCurator

%APPDATA%\HPMonkey

%APPDATA%\HPPanda

%APPDATA%\HPRewriter

%APPDATA%\HPRewriter2

%APPDATA%\HPReyos

%APPDATA%\HPSalter

%APPDATA%\HPSewil

%APPDATA%\HPSoyer

%APPDATA%\HPStocker

%APPDATA%\HPWombat

%APPDATA%\HPWriter

%APPDATA%\HwmonitorApp

%APPDATA%\KeePassApp

%APPDATA%\MediaPlayerApplication

%APPDATA%\MediaPlayerApplication2

%APPDATA%\Microsoft\Windows\Start Menu\Programs\notepad3k

%APPDATA%\MinesweeperApp

%APPDATA%\MinesweeperApp2

%APPDATA%\Mp3tagApp2

%APPDATA%\Mp3tagApp3

%APPDATA%\NotepadPlusPlusApp

%APPDATA%\QIPApp

%APPDATA%\SIV

%APPDATA%\SIVApp

%APPDATA%\SpeccyApp

%PROGRAMFILES%\HPBear

%PROGRAMFILES%\HPGuard

%PROGRAMFILES%\HPHolder

%PROGRAMFILES%\HPKeeper

%PROGRAMFILES%\HPLion

%PROGRAMFILES%\HPMammoth

%PROGRAMFILES%\HPPanda

%PROGRAMFILES%\HPReserver

%PROGRAMFILES%\HPTiger

%PROGRAMFILES%\HPTurtle

%PROGRAMFILES%\HPWhale

%PROGRAMFILES%\HPWombat

%PROGRAMFILES%\HPZebra

%PROGRAMFILES%\HomePageDefender

%PROGRAMFILES%\HpDef

%PROGRAMFILES%\HpSec

%PROGRAMFILES%\Sersoft

%PROGRAMFILES(x86)%\HPBear

%PROGRAMFILES(x86)%\HPGuard

%PROGRAMFILES(x86)%\HPHolder

%PROGRAMFILES(x86)%\HPKeeper

%PROGRAMFILES(x86)%\HPLion

%PROGRAMFILES(x86)%\HPMammoth

%PROGRAMFILES(x86)%\HPPanda

%PROGRAMFILES(x86)%\HPReserver

%PROGRAMFILES(x86)%\HPSaver

%PROGRAMFILES(x86)%\HPTiger

%PROGRAMFILES(x86)%\HPTurtle

%PROGRAMFILES(x86)%\HPWhale

%PROGRAMFILES(x86)%\HPWombat

%PROGRAMFILES(x86)%\HPZebra

%PROGRAMFILES(x86)%\HomePageDefender

%PROGRAMFILES(x86)%\HpDef

%PROGRAMFILES(x86)%\HpSec

%PROGRAMFILES(x86)%\SearchPageDefender

%PROGRAMFILES(x86)%\Sersoft

%temp%\MyDiskPro

1 Comment

Michelle 8 years ago Reply

Hi, I have found HPSewil in my registry, at HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\HPSewil. Should I delete it? I am not an advanced user and am not sure what is but think it is part of a virus. I tried touninstall it through the control panel but it says that it cannot find the file.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

HomepageDefender

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove HomepageDefender

File System Details

Registry Details

Directories

1 Comment

Submit Comment

Trending

Diftefum.co.in

Lkhy Ransomware

Toapodazoay.com

Most Viewed

Discord Shows Black Screen when Sharing Screen

How To Fix 'Printer Driver is Unavailable' Error

What is Msedge.exe?