Remove Windows PC Defender, Windows PC Defender Removal Guide
By Gina on September 17, 2009 | Rogue Antispyware, Qakbot, W32.Qakbot, Windows PC Defender, WindowsPCDefender, WindowsPC Defender, Remove Windows PC Defender
Windows PC Defender is a malicious application which presents itself as an actual security tool in order to trick the user into purchasing the license for using the program. This fake security software is a copy of the recent Windows Guard Pro and Ultimate System Guard malware and acts very similar to its predecessors.
WindowsPC Defender usually infects the system when a corrupt website is visited and the program is downloaded and installed by trojans without making any notice to the user. WindowsPCDefender then issues scary warning messages that report various security threats and suggest purchasing the Windows PC Defender software. Here are a few of the warnings generated by WindowsPC Defender:
System alert
Suspicious software, which may be malicious, has been detected on your PC. Click here to remove this threat immediately with Windows PC Defender
Warning! Your computer is infected
Warning! Trojan Found!
File name: crss.drv
Threat name: Trojan-Spy.HTML.Sunfraud.a
It is strongly advised not to purchase WindowsPCDefender as it might lead to some serious system disorders. In order to remove Windows PC Defender from your computer please follow the instructions bellow.
Windows PC Defender websites
windowspcdefender.com Learn how to block rogue websitesNew processes created
ppal.exefix.exe
eb.exe
WP345d.exe Learn how to remove malicious processes
New Windows PC Defender registry entries created
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_CLASSES_ROOT\WP345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=201&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = "201"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "89770891803"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows PC Defender" Download RegistryBooster 2010 to scan your registry errors
Learn how to remove malicious registry entries
New files and directories created
c:\Documents and Settings\All Users\Application Data\345d567c:\Documents and Settings\All Users\Application Data\345d567\8424.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\WP345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\WPCD.ico
c:\Documents and Settings\All Users\Application Data\345d567\WPCDSys
c:\Documents and Settings\All Users\Application Data\345d567\WPCDSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\WPCDSys
c:\Documents and Settings\All Users\Application Data\WPCDSys\wpcd.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows PC Defender.lnk
%UserProfile%\Application Data\Windows PC Defender
%UserProfile%\Application Data\Windows PC Defender\cookies.sqlite
%UserProfile%\Application Data\Windows PC Defender\Instructions.ini
%UserProfile%\Desktop\Windows PC Defender.lnk
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.exe
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\fix.exe
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\tempdoc.dll
%UserProfile%\Start Menu\Windows PC Defender.lnk
%UserProfile%\Start Menu\Programs\Windows PC Defender.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml Learn how to unregister malicious DLL files
How to remove Windows PC Defender
To remove Windows PC Defender manually you must block rogue Windows PC Defender related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious Windows PC Defender files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.
Scan your computer
More Rogue Antispyware news
Delete Windows Safety Maintenance fraud
Windows Safety Maintenance is a rogue anti-spyware program which spreads via trojan. Once the trojan is released Windows Safety Maintenance stars fake scans and shows fraudulent results. It puts many efforts in trying to trick user into believing their PC is infected. Read more.- System Protection Tools removal guide
- Windows Multi Control System uninstall guide
- How to remove Antispyware Pro 2012 fraud?
- Windows Advanced Security Center removal steps
- Windows Private Shield removal steps
- How to remove Windows Pro Safety fraud?
- Windows Pro Safety Release removal guide
- Delete Windows Safeguard Upgrade malware
- Windows Secure Surfer uninstall steps
- Windows Be-on-Guard Edition uninstall steps
