A screenshot of a fake virus-bearing 'security' utility, XP Defender 2013.
While running, this 'nasty' ware displays explicit security warnings claiming that you have a computer infected with viruses, spyware, Trojans and other severe infections that may steal your personal information or even credit card details. As a matter of fact, XP Defender 2013 tries to trick the victim into giving up their credit card number and other personal information. Very important: don't run any advertised scans or follow any instructions displayed in the fake scanner or security pop-ups.
Cyber crooks create software that impersonates typical Windows security notifications, for example Windows Security Center pop-up. We bet this window looks familiar to you, right? The only problem is that this window is completely fake and promotes rogue antivirus program. Unsuspecting user may fall victims to this scam and install malware. And you don't want that because cyber crooks have already stolen more than $97 Million dollars over this year using fake antivirus software.
Here's another example of a fake security pop-up that actually looks like a real thing, you know, a system notification. This one claims that 'data loss, identity theft and system corruption are possible'. Bu there are many more of these fake alerts, and they show up randomly, just to scare you into thinking that your computer is infected.
Not only XP Defender 2013 issues repeated warnings that your computer is being used to spread malware and attack other machines, then demands that you purchase the latest version to remove the 'virus' but also modifies Windows registry, so badly that you have to fix it first before you can actually run any anti-malware software.
Here's a XP Defender 2013 'secure transaction processing' window where you can purchase the rogue program. Cyber crooks apparently accept Visa and Master Card. Best offer + Life time support would cost your about 100 bucks. They also added Positive SSL and Comodo Hacker Shield graphics to add some extra credibility but obviously none of those companies would actually issue valid certificates for scammers. We could say this is a great example of technical and social engineering attack.
Ok, so now you know how this rogue antivirus works and how scammers steal money for unsuspecting users. Let's proceed to the most important part of this article: XP Defender 2013 removal instructions.
Below, you will find three possible ways how to remove XP Defender 2013 malware from your computer. If you have any further questions please let us know - we will be happy to assist you. Good luck!
Quick XP Defender 2013 removal:
1. Use 3425-814615-3990 to register the rogue antivirus application in order to stop the fake security alerts.
Just click the Registration button and then select Activate Now. Don't worry, this is completely legal. If the debugged serial keys do not work anymore, please follow the alternate removal instructions below.
Once this is done, you are free to install recommended anti-malware software and run a full system scan to remove XP Defender 2013 from your computer properly.
2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.
Alternate XP Defender 2013 removal instructions:
1. Open Windows Explorer. It could be any window, for example My Computer.
2. In the Address bar type: http://goo.gl/AXIrU (this is a download link for FixNCR.reg) and click hit Enter or click Go to download the file.
5. Save FixNCR.reg to your Desktop. Double-click on FixNCR.reg to run it. Click "Yes" for Registry Editor prompt window. Click OK.
7. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.
NOTE: With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
Manual XP Defender 2013 removal instructions:
Make sure that you can see hidden and operating system protected files in Windows. For more in formation, please read Show Hidden Files and Folders in Windows.
Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmarks from the checkboxes labeled:
- Hide extensions for know file types
- Hide protected operating system files
1. Go into C:\Documents and Settings\[UserName]\Local Settings\Application Data\ folder.
For example: C:\Documents and Settings\Michael\Local Settings\Application Data\
2. Find hidden executable file in this folder. In our case it was called wmi.exe, but I'm sure that the file name will be different in your case. Rename wmi.exe to virus.exe and click Yes to confirm file rename. Then restart your computer.
3. After a restart, copy all the text in bold below and paste to Notepad.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
4. Save file as fix.reg to your Desktop. NOTE: (Save as type: All files)
5. Double-click on fix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.
6. Open Internet Explorer. Download xp_exe_fix.reg and save it to your Desktop. Double-click on xp_exe_fix.reg to run it. Click "Yes" for Registry Editor prompt window. Click OK.
7. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.
NOTE: With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
Tell your friends:
No comments:
Post a Comment