How to remove Windows PC Defender

September 17th, 2009
Home » Rogue Anti-Spyware » Windows PC Defender

Windows PC Defender description

windows pc defender

Windows PC Defender is another rogue antispyware, a clone of OmegaAntivir, Windows Additional Guard, Windows Guard Pro, Ultimate System Guard family fake programs.

Windows PC Defender fake security alerts reads:

“Warning! Your computer is infected
Warning! Trojan Found!
File name: crss.drv
Threat name: Trojan-Spy.HTML.Sunfraud.a”

“System alert
Suspicious software, which may be malicious, has been detected on your PC. Click here to remove this threat immediately with Windows PC Defender”

Windows PC Defender is a scam and must be removed.

How to get rid of Windows PC Defender

This infection can be removed using Spyware Doctor.

Download does not start? Try a mirror download here

Spyware Doctor is widely valued as one of the best AntiSpyware programs available to protect you from Windows PC Defender and the latest internet security threats. If your computer is infected with Windows PC Defender we strongly recommend automatic spyware scanner.

How to manually remove Windows PC Defender

To get rid of spyware such as Windows PC Defender you need to remove processes, search and delete registry keys, DLL and other Windows PC Defender related files from your computer.

Take Note: The manual process of removing spyware from your computer is difficult and puts you at risk of damaging your computer. We advise using our automatic Windows PC Defender remover.

  1. Uninstall Windows PC Defender from Control Panel
    Start > Settings > Control Panel > Add/Remove Programs. Double click to uninstall.
  2. End these Windows PC Defender processes:
    WP345d.exe
    eb.exe
    fix.exe
    ppal.exe
    To stop processes press Ctrl + Alt + Del or click Start > Run > type "taskmgr". Select malicious process in the list and click "End Process" button.
  3. Unregister Windows PC Defender DLL files:
    tempdoc.dll
    ddv.dll
    cid.dll
    sqlite3.dll
    mozcrt19.dll
    To unregister DLL click Start > Run > type "regsvr32 /u PATH_TO_FILE/FILE.dll"
  4. Delete Windows PC Defender registry entries: HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
    HKEY_CLASSES_ROOT\WP345d.DocHostUIHandler
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=201&q={searchTerms}"
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = "201"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "89770891803"
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows PC Defender"
    To open registry editor click Start > Run > type "regedit".
    Warning! Manual registry entries editing may cause damage to your system.
    Download Uniblue RegistryBooster 2010 to scan for registry errors.
  5. Search and delete these Windows PC Defender related files:
    c:\Documents and Settings\All Users\Application Data\345d567
    c:\Documents and Settings\All Users\Application Data\345d567\8424.mof
    c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
    c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
    c:\Documents and Settings\All Users\Application Data\345d567\WP345d.exe
    c:\Documents and Settings\All Users\Application Data\345d567\WPCD.ico
    c:\Documents and Settings\All Users\Application Data\345d567\WPCDSys
    c:\Documents and Settings\All Users\Application Data\345d567\WPCDSys\vd952342.bd
    c:\Documents and Settings\All Users\Application Data\WPCDSys
    c:\Documents and Settings\All Users\Application Data\WPCDSys\wpcd.cfg
    %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows PC Defender.lnk
    %UserProfile%\Application Data\Windows PC Defender
    %UserProfile%\Application Data\Windows PC Defender\cookies.sqlite
    %UserProfile%\Application Data\Windows PC Defender\Instructions.ini
    %UserProfile%\Desktop\Windows PC Defender.lnk
    %UserProfile%\Recent\cid.dll
    %UserProfile%\Recent\CLSV.tmp
    %UserProfile%\Recent\ddv.dll
    %UserProfile%\Recent\eb.exe
    %UserProfile%\Recent\eb.sys
    %UserProfile%\Recent\energy.sys
    %UserProfile%\Recent\exec.tmp
    %UserProfile%\Recent\fix.exe
    %UserProfile%\Recent\FS.drv
    %UserProfile%\Recent\kernel32.drv
    %UserProfile%\Recent\PE.drv
    %UserProfile%\Recent\PE.tmp
    %UserProfile%\Recent\ppal.exe
    %UserProfile%\Recent\runddlkey.drv
    %UserProfile%\Recent\tempdoc.dll
    %UserProfile%\Start Menu\Windows PC Defender.lnk
    %UserProfile%\Start Menu\Programs\Windows PC Defender.lnk
    c:\Program Files\Mozilla Firefox\searchplugins\search.xml
  6. Block Windows PC Defender malicious domains:
    4-open-davinci.com
    securitysoftwarepayments.com
    privatesecuredpayments.com
    secure.privatesecuredpayments.com
    getantivirusplusnow.com
    secure-plus-payments.com
    www.getantivirusplusnow.com
    www.secure-plus-payments.com
    www.getavplusnow.com
    www.securesoftwarebill.com
    secure.paysecuresystem.com
    paysoftbillsolution.com

Tags

, , , ,

Similar Threats

Leave a Reply

«
»

  • Search