Jump to content

Windows PC Defender Adware Removal Instructions

Recommended Posts


The Emsi Software malware research team has discoverd a new outbreak for the Windows PC Defender adware. a-squared Anti-Malware detect this malware as Adware.Win32.WindowsPCDefender.

Windows PC Defender is rogue security software that show false warning messages and show misleading scan results. The advertisement will state that you are infected and then prompt you to download Windows PC Defender to your computer. If you download and install Windows PC Defender, it will start automatically when your computer starts. The installer will also create numerous harmless files on your computer, usually at Recent folder, that are used to impersonate malware files. Once the program is running it will scan your computer and then display these files as infections, but will not allow you to remove them until you purchase the program.

The main program will extract several files to (the name of the files and directory for this rogue are random):

%AppData%MicrosoftInternet ExplorerQuick LaunchWindows PC Defender.lnk
%AppData%Windows PC DefenderInstructions.ini
%UserProfile%Cookiesvirus [email protected][1].txt
%UserProfile%DesktopWindows PC Defender.lnk
%UserProfile%Start MenuWindows PC Defender.lnk
%UserProfile%Start MenuProgramsWindows PC Defender.lnk

And create new registry entry:

HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionRunWindows PC Defender

This rogue also try to modify hosts file: 4-open-davinci.com securitysoftwarepayments.com privatesecuredpayments.com secure.privatesecuredpayments.com getantivirusplusnow.com secure-plus-payments.com www.getantivirusplusnow.com www.secure-plus-payments.com www.getavplusnow.com www.securesoftwarebill.com secure.paysecuresystem.com paysoftbillsolution.com google.ae google.as google.at google.az google.ba google.be google.bg google.bs google.ca google.cd google.com.gh google.com.hk google.com.jm google.com.mx google.com.my google.com.na google.com.nf google.com.ng google.ch google.com.np google.com.pr google.com.qa google.com.sg google.com.tj google.com.tw google.dj google.de google.dk google.dm google.ee google.fi google.fm google.fr google.ge google.gg google.gm google.gr google.ht google.ie google.im google.in google.it google.ki google.la google.li google.lv google.ma google.ms google.mu google.mw google.nl google.no google.nr google.nu google.pl google.pn google.pt google.ro google.ru google.rw google.sc google.se google.sh google.si google.sm google.sn google.st google.tl google.tm google.tt google.us google.vu google.ws google.co.ck google.co.id google.co.il google.co.in google.co.jp google.co.kr google.co.ls google.co.ma google.co.nz google.co.tz google.co.ug google.co.uk google.co.za google.co.zm google.com google.com.af google.com.ag google.com.ar google.com.au google.com.bn google.com.br google.com.by google.com.bz google.com.cu google.com.ec google.com.fj www.google.ae www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.ca www.google.cd www.google.com.gh www.google.com.hk www.google.com.jm www.google.com.mx www.google.com.my www.google.com.na www.google.com.nf www.google.com.ng www.google.ch www.google.com.np www.google.com.pr www.google.com.qa www.google.com.sg www.google.com.tj www.google.com.tw www.google.dj www.google.de www.google.dk www.google.dm www.google.ee www.google.fi www.google.fm www.google.fr www.google.ge www.google.gg www.google.gm www.google.gr www.google.ht www.google.ie www.google.im www.google.in www.google.it www.google.ki www.google.la www.google.li www.google.lv www.google.ma www.google.ms www.google.mu www.google.mw www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.pt www.google.ro www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sm www.google.sn www.google.st www.google.tl www.google.tm www.google.tt www.google.us www.google.vu www.google.ws www.google.co.ck www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.nz www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.za www.google.co.zm www.google.com www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bn www.google.com.br www.google.com.by www.google.com.bz www.google.com.cu www.google.com.ec www.google.com.fj google.com www.google.com bing.com www.bing.com search.yahoo.com www.search.yahoo.com search.live.com search.msn.com

Malware screenshots:








How to remove the infection of Adware.Win32.WindowsPCDefender?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine

View the full article
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...