My Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus


aprox. 1.2 Mb


Multiple popups messages about multiple system infections.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Razvan Benchea, virus researcher

Technical Description:

WinxDefender is a rogue security software that generates fake scan results and numerous pop-up notifications regarding user security. The fake results on a clean machine vary from Spyware and Backdoors to Trojans,Worms and Rootkits. The number of infections found on a clean machine are different at each scan(usually around 500).
WinXDefender performs a full system scan in less then 20 seconds. It doesn’t scan any files.
WinXDefender covertly installs itself into “%Program Files%\WinXDefender” and starts scanning immediately after the installation is complete. It also generates numerous popup which asks the user to buy the product in order to get rid of the false infections.
The “Clean” procedure on WinXDefender is very weak. It can only kill some processes or delete some files and it fails on some advanced malware like rootkits or Trojans.

When executed, WinXDefender installs
• the following files on disk:
%Programs%\WinXDefender\Purchase License.lnk
%Programs%\WinXDefender\Start WinXDefender.lnk
%Programs%\WinXDefender\Support Page.lnk
%Programs%\WinXDefender\WinXDefender Uninstall.lnk
%Application Data%\WinXDefender\Desc.dat
%Application Data%\WinXDefender\base.dat
%Application Data%\WinXDefender\base2.dat
%Program Files%\WinXDefender\Buy.url
%Program Files%\WinXDefender\Help.url
%Program Files%\WinXDefender\HowToBuy.txt
%Program Files%\WinXDefender\License.txt
%Program Files%\WinXDefender\Lng\English.lng
%Program Files%\WinXDefender\Uninstall.exe
\%Program Files%\WinXDefender\WinXDefender.exe

It creates only one registry value in
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WinXDefender. The purpose of this value is to run WinXDefender every time the windows starts.