Remove Windows PC Defender, Windows PC Defender Removal Guide
By Gina on September 17, 2009 | Rogue Antispyware, Qakbot, W32.Qakbot, Windows PC Defender, WindowsPCDefender, WindowsPC Defender, Remove Windows PC Defender
Windows PC Defender is a malicious application which presents itself as an actual security tool in order to trick the user into purchasing the license for using the program. This fake security software is a copy of the recent Windows Guard Pro and Ultimate System Guard malware and acts very similar to its predecessors.
WindowsPC Defender usually infects the system when a corrupt website is visited and the program is downloaded and installed by trojans without making any notice to the user. WindowsPCDefender then issues scary warning messages that report various security threats and suggest purchasing the Windows PC Defender software. Here are a few of the warnings generated by WindowsPC Defender:
System alert
Suspicious software, which may be malicious, has been detected on your PC. Click here to remove this threat immediately with Windows PC Defender
Warning! Your computer is infected
Warning! Trojan Found!
File name: crss.drv
Threat name: Trojan-Spy.HTML.Sunfraud.a
It is strongly advised not to purchase WindowsPCDefender as it might lead to some serious system disorders. In order to remove Windows PC Defender from your computer please follow the instructions bellow.
Windows PC Defender websites
windowspcdefender.com Learn how to block rogue websitesNew processes created
ppal.exefix.exe
eb.exe
WP345d.exe Learn how to remove malicious processes
New Windows PC Defender registry entries created
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_CLASSES_ROOT\WP345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=201&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = "201"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "89770891803"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows PC Defender" Download RegistryBooster 2010 to scan your registry errors
Learn how to remove malicious registry entries
New files and directories created
c:\Documents and Settings\All Users\Application Data\345d567c:\Documents and Settings\All Users\Application Data\345d567\8424.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\WP345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\WPCD.ico
c:\Documents and Settings\All Users\Application Data\345d567\WPCDSys
c:\Documents and Settings\All Users\Application Data\345d567\WPCDSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\WPCDSys
c:\Documents and Settings\All Users\Application Data\WPCDSys\wpcd.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows PC Defender.lnk
%UserProfile%\Application Data\Windows PC Defender
%UserProfile%\Application Data\Windows PC Defender\cookies.sqlite
%UserProfile%\Application Data\Windows PC Defender\Instructions.ini
%UserProfile%\Desktop\Windows PC Defender.lnk
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.exe
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\fix.exe
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\tempdoc.dll
%UserProfile%\Start Menu\Windows PC Defender.lnk
%UserProfile%\Start Menu\Programs\Windows PC Defender.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml Learn how to unregister malicious DLL files
How to remove Windows PC Defender
To remove Windows PC Defender manually you must block rogue Windows PC Defender related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious Windows PC Defender files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.
Scan your computer
More Rogue Antispyware news
Remove Win7 AV, Win7 AV removal
Win7 AV is the latest rogue application promoted on win7av.com website. It should be avoided because the program is malicious and fraudulent as brower hijacker. Malware spreads via trojan which comes to the system through its flaws. The parasite downloads and installs itself automatically without user’s knowledge and consent. Once active it starts to scan your computer and displays fabricated security alerts. Read more.- Remove AV Defender 2011 Platinum, AV Defender 2011 Platinum removal
- Remove VideoCop, VideoCop removal
- Remove My Security Suite, My Security Suite removal
- Remove AV Security Suite Platinum, AV Security Suite Platinum removal
- Remove SpyDefender 2010, SpyDefender 2010 removal
- Remove DiskClean, DiskClean Removal
- Remove Green Shield Antivirus
- Remove AdCare, AdCare Removal
- Remove AWM Antivirus, AWM Antivirus removal
- Remove AVDefender 2011, AVDefender 2011 removal
