Adware.HPDefender

Short bio

Adware.HPDefender is Malwarebytes’ generic detection name for a family of adware targeting Windows systems.

Type and source of infection

Adware.HPDefender is spread by bundlers. Its main focus is browser hijacking, using many different methods, including manipulating your browser(s) to change your startpage or searchscopes so that the affected browser visits their site or one of their choice.

Adware.HPDefender replaces many browser shortcuts and shows advertisements.

Protection

Malwarebytes blocks Adware.HPDefender using real-time protection.

block Adware.HPDefender

Malwarebytes blocks Adware.HPDefender

Remediation

Malwarebytes can detect and remove Adware.HPDefender without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click MBSetup.exe and follow the prompts to install the program.
  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantine to remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Malwarebytes removal log

An example Malwarebytes removal log for a member of this family called QIPApp:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/1/17
Scan Time: 9:11 AM
Log File: mbamQIPApp.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2064
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333477
Threats Detected: 11
Threats Quarantined: 11
Time Elapsed: 1 min, 56 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 1
Adware.HPDefender, C:\USERS\{username}\APPDATA\ROAMING\QIPAPP\QIPAPP.EXE, Quarantined, [21], [403763],1.0.2064

Module: 1
Adware.HPDefender, C:\USERS\{username}\APPDATA\ROAMING\QIPAPP\QIPAPP.EXE, Quarantined, [21], [403763],1.0.2064

Registry Key: 2
PUP.Optional.ICLoader, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QIPApp, Delete-on-Reboot, [652], [403803],1.0.2064
Adware.QIPApp, HKCU\SOFTWARE\QIPApp, Delete-on-Reboot, [9346], [390812],1.0.2064

Registry Value: 1
Adware.HPDefender, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|QIPApp, Delete-on-Reboot, [21], [403763],1.0.2064

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
Adware.HPDefender, C:\Users\{username}\AppData\Roaming\QIPApp\QIPApp, Delete-on-Reboot, [21], [396014],1.0.2064
Adware.HPDefender, C:\USERS\{username}\APPDATA\ROAMING\QIPAPP, Delete-on-Reboot, [21], [396014],1.0.2064

File: 4
Adware.HPDefender, C:\USERS\{username}\APPDATA\ROAMING\QIPAPP\QIPAPP.EXE, Delete-on-Reboot, [21], [403763],1.0.2064
PUP.Optional.ICLoader, C:\USERS\{username}\DESKTOP\4617463.EXE, Delete-on-Reboot, [652], [403803],1.0.2064
PUP.Optional.ICLoader, C:\USERS\{username}\APPDATA\ROAMING\QIPAPP\UNINSTALLER.EXE, Delete-on-Reboot, [652], [403803],1.0.2064
Adware.HPDefender, C:\Users\{username}\AppData\Roaming\QIPApp\QIPApp\qipApp8.exe, Delete-on-Reboot, [21], [396014],1.0.2064

Physical Sector: 0
(No malicious items detected)


(end)

Removal guides for other examples:

Select your language