Related blog content
File-in-the-middle hijackers
Adware the series, part 1 (browser extensions)
Adware.HPDefender
Short bio
Adware.HPDefender is Malwarebytes’ generic detection name for a family of adware targeting Windows systems.
Type and source of infection
Adware.HPDefender is spread by bundlers. Its main focus is browser hijacking, using many different methods, including manipulating your browser(s) to change your startpage or searchscopes so that the affected browser visits their site or one of their choice.
Adware.HPDefender replaces many browser shortcuts and shows advertisements.
Protection
Malwarebytes blocks Adware.HPDefender using real-time protection.
Malwarebytes blocks Adware.HPDefender
Remediation
Malwarebytes can detect and remove Adware.HPDefender without further user interaction.
- Please download Malwarebytes to your desktop.
- Double-click MBSetup.exe and follow the prompts to install the program.
- When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- Click Quarantine to remove the found threats.
- Reboot the system if prompted to complete the removal process.
Malwarebytes removal log
An example Malwarebytes removal log for a member of this family called QIPApp:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 6/1/17
Scan Time: 9:11 AM
Log File: mbamQIPApp.txt
Administrator: Yes
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2064
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333477
Threats Detected: 11
Threats Quarantined: 11
Time Elapsed: 1 min, 56 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 1
Adware.HPDefender, C:\USERS\{username}\APPDATA\ROAMING\QIPAPP\QIPAPP.EXE, Quarantined, [21], [403763],1.0.2064
Module: 1
Adware.HPDefender, C:\USERS\{username}\APPDATA\ROAMING\QIPAPP\QIPAPP.EXE, Quarantined, [21], [403763],1.0.2064
Registry Key: 2
PUP.Optional.ICLoader, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QIPApp, Delete-on-Reboot, [652], [403803],1.0.2064
Adware.QIPApp, HKCU\SOFTWARE\QIPApp, Delete-on-Reboot, [9346], [390812],1.0.2064
Registry Value: 1
Adware.HPDefender, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|QIPApp, Delete-on-Reboot, [21], [403763],1.0.2064
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 2
Adware.HPDefender, C:\Users\{username}\AppData\Roaming\QIPApp\QIPApp, Delete-on-Reboot, [21], [396014],1.0.2064
Adware.HPDefender, C:\USERS\{username}\APPDATA\ROAMING\QIPAPP, Delete-on-Reboot, [21], [396014],1.0.2064
File: 4
Adware.HPDefender, C:\USERS\{username}\APPDATA\ROAMING\QIPAPP\QIPAPP.EXE, Delete-on-Reboot, [21], [403763],1.0.2064
PUP.Optional.ICLoader, C:\USERS\{username}\DESKTOP\4617463.EXE, Delete-on-Reboot, [652], [403803],1.0.2064
PUP.Optional.ICLoader, C:\USERS\{username}\APPDATA\ROAMING\QIPAPP\UNINSTALLER.EXE, Delete-on-Reboot, [652], [403803],1.0.2064
Adware.HPDefender, C:\Users\{username}\AppData\Roaming\QIPApp\QIPApp\qipApp8.exe, Delete-on-Reboot, [21], [396014],1.0.2064
Physical Sector: 0
(No malicious items detected)
(end)
Removal guides for other examples:
