Windows PC Defender
September 17, 2009 Threat level:
(7 / 10)
Windows PC Defender description
Windows PC Defender is a malicious application which presents itself as an actual security tool in order to trick the user into purchasing the license for using the program. This fake security software is a copy of the recent Windows Guard Pro and Ultimate System Guard malware and acts very similar to its predecessors.
WindowsPC Defender usually infects the system when a corrupt website is visited and the program is downloaded and installed by trojans without making any notice to the user. WindowsPCDefender then issues scary warning messages that report various security threats and suggest purchasing the Windows PC Defender software. Here are a few of the warnings generated by WindowsPC Defender:
System alert
Suspicious software, which may be malicious, has been detected on your PC. Click here to remove this threat immediately with Windows PC Defender
Warning! Your computer is infected
Warning! Trojan Found!
File name: crss.drv
Threat name: Trojan-Spy.HTML.Sunfraud.a
It is strongly advised not to purchase WindowsPCDefender as it might lead to some serious system disorders. In order to remove Windows PC Defender from your computer please follow the instructions bellow.
Windows PC Defender websites
windowspcdefender.com Learn how to block rogue websitesNew processes created
ppal.exefix.exe
eb.exe
WP345d.exe Learn how to remove malicious processes
New Windows PC Defender registry entries created
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_CLASSES_ROOT\WP345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=201&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = "201"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "89770891803"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows PC Defender" Download RegistryBooster 2010 to scan your registry errors
Learn how to remove malicious registry entries
New files and directories created
c:\Documents and Settings\All Users\Application Data\345d567c:\Documents and Settings\All Users\Application Data\345d567\8424.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\WP345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\WPCD.ico
c:\Documents and Settings\All Users\Application Data\345d567\WPCDSys
c:\Documents and Settings\All Users\Application Data\345d567\WPCDSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\WPCDSys
c:\Documents and Settings\All Users\Application Data\WPCDSys\wpcd.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows PC Defender.lnk
%UserProfile%\Application Data\Windows PC Defender
%UserProfile%\Application Data\Windows PC Defender\cookies.sqlite
%UserProfile%\Application Data\Windows PC Defender\Instructions.ini
%UserProfile%\Desktop\Windows PC Defender.lnk
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.exe
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\fix.exe
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\tempdoc.dll
%UserProfile%\Start Menu\Windows PC Defender.lnk
%UserProfile%\Start Menu\Programs\Windows PC Defender.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml Learn how to unregister malicious DLL files
How to remove Windows PC Defender
To remove Windows PC Defender manually you must block rogue Windows PC Defender related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious Windows PC Defender files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.