PCDefender is a fake security/anti-virus application that shows false reports or fake report of threats on the computer.
How to remove PCDefender ?
1. Perform standard procedure for Virus removal.
** Standard procedure for Virus removal
2. Remove the following entries from windows registry
** How to edit windows registry ?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Def Group\PC Defender\"" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Def Group\"" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Documents and Settings\All Users\Start Menu\Programs\PC Defender\"" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\WINDOWS\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\"" = ""
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSISERVER\0000\Control\"ActiveService" = "MSIServer"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSISERVER\0000\Control\"ActiveService" = "MSIServer"
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" = "0x00002001
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Def Group\PC Defender\"proccheck.exe" = "proccheck"
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Def Group\PC Defender\"proccheck.exe" = "proccheck"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\E8CBA2CF517323A48B5B5539084F2528
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C73BCE36FA1AA0E45AB2649A3FA0D390
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\C73BCE36FA1AA0E45AB2649A3FA0D390
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C7636129D6C606AC34B4F77B98D933A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48F1979EDA9389E44C3097C667211849
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AA7C3518924A9561AB587A3AED215D82
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8CBA2CF517323A48B5B5539084F2528
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E8CBA2CF517323A48B5B5539084F2528
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC2ABC8E-3715-4A32-B8B5-559380F45282}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSISERVER\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSISERVER\0000\Control
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo
HKEY_USERS\.DEFAULT\Software\Def Group
HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\00000000000003e7
HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows Script
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo
HKEY_USERS\S-1-5-18\Software\Def Group
Remove these files if exist in your system
C:\Documents and Settings\All Users\Start Menu\Programs\PC Defender
C:\Program Files\Def Group
C:\WINDOWS\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}
%ProgramFiles%\Def Group\PC Defender\Antispyware.exe
%ProgramFiles%\Def Group\PC Defender\hook.dll
%ProgramFiles%\Def Group\PC Defender\proccheck.exe
%SystemDrive%\Documents and Settings\All Users\Desktop\PC Defender.lnk
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\PC Defender\PC Defender.lnk
%Windir%\Installer\14d256.msi
%Windir%\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_96222EB958BE7AE1F3D10F.exe
%Windir%\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_E99A03E2B966DDBBBF0A73.exe
No comments:
Post a Comment