Windows PC Defender
Windows PC Defender is a rogue security program and is a product of alteration of previously released malware that includes Ultimate System Guard and Windows Additional Guard. Most of the functions and goal is similar. Changing the name will differentiate self from other variants of the family. This application was created primarily to be active in promoting itself as a legit security program by means of browser hijacker and pop-up alerts generated by a Trojan associated with it.
With its stealthy infiltration on to the computers, Windows PC Defender will be installed unknown to computer users. An indication of its successful installation is pop-up alerts and scan results with graphical users interface (GUI) similar to Windows It attempts to mislead users by portraying these alerts as legitimate and dealing with highest priority is crucial. After this pressing situation, the rogue application prompts victims to pay for the registered by opening a new browser window of payment processing page. Personal information and credit card details are required to finalize the transaction.
The process will not only charge your account with corresponding amount as advertised. Gathered information during the transaction will be use for other malevolent activities perpetuated by the malware author. You must better contemplate on matters before being involved on circumstances like this.
Windows PC Defender Screen Shot:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Characteristics (Analysis)
Windows PC Defender uses various web sites as promotional page. This rogue program employs search engine optimization (SEO) technique that purposely points users to the site when searching for keyword ‘Alpha Antivirus.’ When users arrived on the said scam website, a virus scan will be performed and virus such as Trojan-Downloader.Win32.Small.dge, Win32/Hoax.Renos.HX, W21.Nimda.J@mmand, Backdoor.Win32.Haxdoor.gu will be displayed as a threat.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows PC Defender"
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\WP345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=201&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
Associated Files and Folders:C:\Program Files\Mozilla Firefox\searchplugins\search.xml C:\Documents and Settings\All Users\Application Data\234f456 C:\Documents and Settings\All Users\Application Data\234f456\8424.mof C:\Documents and Settings\All Users\Application Data\234f456\mozcrt19.dll C:\Documents and Settings\All Users\Application Data\234f456\sqlite3.dll C:\Documents and Settings\All Users\Application Data\234f456\PT234e.exe C:\Documents and Settings\All Users\Application Data\WPCDSys C:\Documents and Settings\All Users\Application Data\WPCDSys\wpcd.cfg %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows PC Defender.lnk %UserProfile%\Application Data\Windows PC Defender %UserProfile%\Application Data\Windows PC Defender\cookies.sqlite %UserProfile%\Application Data\Windows PC Defender\Instructions.ini %UserProfile%\Desktop\Windows PC Defender.lnk %UserProfile%\Recent\cid.dll %UserProfile%\Recent\CLSV.tmp %UserProfile%\Recent\ddv.dll %UserProfile%\Recent\eb.exe %UserProfile%\Recent\eb.sys %UserProfile%\Recent\energy.sys %UserProfile%\Recent\exec.tmp %UserProfile%\Recent\fix.exe %UserProfile%\Recent\FS.drv %UserProfile%\Recent\kernel32.drv %UserProfile%\Recent\PE.drv %UserProfile%\Recent\PE.tmp %UserProfile%\Recent\ppal.exe %UserProfile%\Recent\runddlkey.drv %UserProfile%\Recent\tempdoc.dll %UserProfile%\Start Menu\Windows PC Defender.lnk %UserProfile%\Start Menu\Programs\Windows PC Defender.lnk
How to Remove Windows PC Defender
1. Kill any running process that belongs to Windows PC Defender.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
PT234e.exe or (random).exe
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit. This will open registry editor.
- Find and delete the following:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows PC Defender"
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by Windows PC Defender.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'
Rick Mohnkern
Sep 21, 2009 @ 15:09:47
“Use MalwareBytes AntiMalware to remove Windows PC Defender”….
Did NOT remove PC Defender! Aslo did not detect other (as yet unknown) malware attempting to install ANTIGEN and others.
mike
Apr 30, 2010 @ 17:22:30
I do I get rid of this pc-defender2010??
Thanks