FrEn

E-mail Print PDF

Free malware removal tool to remove PC Defender
Written by Administrator  |  Wednesday, 24 February 2010 13:30
AddThis Social Bookmark Button
PC Defender is a rogue Antispyware, it's a malware that pretends to be an Antivirus. It is a wolf in sheep's clothing. It conducts a fake scan of your system; you are warned by a fake alarm that there are more malwares on your system. It’s true indeed, there is really a malware in your system but I think the only malware on your system is PC Defender. It invites you to purchase a license to remove malwares, do not, it's a scam, you need a license for a malware? This so-called Antivirus tries to scam you. Uninstall PC Defender immediately from your system.

PC Defender

To remove PC Defender (Uninstall PC Defender)

  • Download this free removal tool for PC Defender
  • Extract it
  • Launch
  • Click on the delete button

PC Defender will be removed from your system in 10s. Restart your computer when it’s finished.

Processes :

  • Antispyware.exe
  • proccheck.exe
  • _BF2DDB0AC7FD40D5AAEDAF.exe
  • _C507892FD1860AF6477A61.exe

Files :

  • %CommonDesktopDir%\PC Defender.lnk
  • %CommonPrograms%\PC Defender\PC Defender.lnk
  • %Temp%\MSI37281.LOG
  • %ProgramFiles%\Def Group\PC Defender\Antispyware.exe
  • %ProgramFiles%\Def Group\PC Defender\hook.dll
  • %ProgramFiles%\Def Group\PC Defender\proccheck.exe
  • %Windows%\Installer\1c5a1.msi
  • %Windows%\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_BF2DDB0AC7FD40D5AAEDAF.exe
  • %Windows%\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_C507892FD1860AF6477A61.exe
  • %System%\PCDefenderSilentSetup.msi
  • %CommonPrograms%\PC Defender
  • %ProgramFiles%\Def Group
  • %ProgramFiles%\Def Group\PC Defender
  • %Windows%\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}

Registry

Registry keys created
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\E8CBA2CF517323A48B5B5539084F2528
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_\SourceList
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_\SourceList\Media
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_\SourceList\Net
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C73BCE36FA1AA0E45AB2649A3FA0D390
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\C73BCE36FA1AA0E45AB2649A3FA0D390
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC2ABC8E-3715-4A32-B8B5-559380F45282}
  • HKEY_USERS\.DEFAULT\Software\Def Group
  • HKEY_USERS\.DEFAULT\Software\Def Group\Antispyware
  • HKEY_USERS\.DEFAULT\Software\Def Group\Antispyware\Found
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Script
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings
  • HKEY_CURRENT_USER\Software\Def Group
  • HKEY_CURRENT_USER\Software\Def Group\antispyware
  • HKEY_CURRENT_USER\Software\Def Group\antispyware\Found

Registry values created

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\E8CBA2CF517323A48B5B5539084F2528
    • DefaultFeature = ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_\SourceList\Net
    • 1 = "%System%\"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_\SourceList\Media
    • 1 = ";"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_\SourceList
    • PackageName = "PCDefenderSilentSetup.msi"
    • LastUsedSource = "n;1;%System%\"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_
    • ProductName = "PC Defender"
    • PackageCode = "56DAAD1C3266CA24581DA7062D32344D"
    • Language = 0x00000409
    • Version = 0x01000000
    • Assignment = 0x00000001
    • AdvertiseFlags = 0x00000184
    • InstanceType = 0x00000000
    • AuthorizedLUAApp = 0x00000000
    • Clients = ":"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C73BCE36FA1AA0E45AB2649A3FA0D390
    • E8CBA2CF517323A48B5B5539084F2528 = ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
    • %ProgramFiles%\Def Group\PC Defender\ = ""
    • %ProgramFiles%\Def Group\ = ""
    • %CommonPrograms%\PC Defender\ = ""
    • %Windows%\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\ = ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\C73BCE36FA1AA0E45AB2649A3FA0D390
    • E8CBA2CF517323A48B5B5539084F2528 = ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC2ABC8E-3715-4A32-B8B5-559380F45282}
    • AuthorizedCDFPrefix = ""
    • Comments = ""
    • Contact = "Def Group"
    • DisplayVersion = "1.0.0"
    • HelpLink = ""
    • HelpTelephone = ""
    • InstallDate = "20100220"
    • InstallLocation = ""
    • InstallSource = "%System%\"
    • ModifyPath = "MsiExec.exe /X{FC2ABC8E-3715-4A32-B8B5-559380F45282}"
    • NoModify = 0x00000001
    • Publisher = "Def Group"
    • Readme = ""
    • Size = ""
    • EstimatedSize = 0x000004CA
    • UninstallString = "MsiExec.exe /X{FC2ABC8E-3715-4A32-B8B5-559380F45282}"
    • URLInfoAbout = ""
    • URLUpdateInfo = ""
    • VersionMajor = 0x00000001
    • VersionMinor = 0x00000000
    • WindowsInstaller = 0x00000001
    • Version = 0x01000000
    • Language = 0x00000409
    • DisplayName = "PC Defender"
  • HKEY_USERS\.DEFAULT\Software\Def Group\Antispyware\Found
    • %Windows%\inf\camvid20.inf = "Trojan.Win32.Scar.bddj"
    • %Windows%\inf\mdmmcd.PNF = "not-a-virus:Dialer.Win32.Agent.dz"
    • %Windows%\inf\mdmmetri.PNF = "Trojan-Downloader.Win32.Piker.bpd"
    • %Windows%\inf\multimed.inf = "Backdoor.Win32.PcClient.dmgj"
    • %Windows%\inf\netamd.inf = "Rootkit.Win32.Agent.acxs"
    • %Windows%\inf\netbrdgs.inf = "Trojan-Dropper.Win32.Grizl.iu"
    • %Windows%\inf\netktc.inf = "Trojan.Win32.VB.aade"
    • %Windows%\inf\netlnev2.PNF = "Trojan.Win32.VB.aade"
    • %Windows%\inf\sgiu.inf = "Trojan-Dropper.Win32.WOW.bd"
    • %Windows%\inf\wdma_es3.PNF = "Backdoor.Win32.Smabo.rg"
    • %System%\aclui.dll = "Trojan-Downloader.JS.FraudLoad.ae"
    • %System%\advpack.dll = "Trojan-Downloader.Win32.Piker.bpe"
    • %System%\gen_host.exe = "Trojan.Win32.Buzus.cyny"
    • %System%\msconf.dll = "not-a-virus:AdWare.Win32.AdSubscribe.bxs"
    • %System%\sethc.exe = "Trojan-Dropper.Win32.Agent.bkpw"
    • %System%\drivers\rawwan.sys = "Trojan-Dropper.Win32.Agent.bkpt"
    • %System%\wbem\ieinfo5.mof = "Trojan-Downloader.Win32.Piker.bpa"
  • HKEY_USERS\.DEFAULT\Software\Def Group\Antispyware
    • scanSchedulerNever = 0x00000001
    • scanSchedulerDaily = 0x00000000
    • scanSchedulerDayOfWeek = 0x00000000
    • scanSchedulerHour = 0x00000000
    • scanSchedulerMinute = 0x00000000
    • scanSchedulerSecond = 0x00000000
    • updateSchedulerNever = 0x00000001
    • updateSchedulerDaily = 0x00000000
    • updateSchedulerDayOfWeek = 0x00000000
    • updateSchedulerHour = 0x00000000
    • updateSchedulerMinute = 0x00000000
    • updateSchedulerSecond = 0x00000000
    • lastScanTime = 0x4B7FB57E
    • lastScanResults = 0x00000011
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings
    • JITDebug = 0x00000000
  • HKEY_CURRENT_USER\Software\Def Group\antispyware\Found
    • \NTDETECT.COM = "not-a-virus:AdWare.Win32.AdSubscribe.bxv"
  • HKEY_CURRENT_USER\Software\Def Group\antispyware
    • scanSchedulerNever = 0x00000001
    • scanSchedulerDaily = 0x00000000
    • scanSchedulerDayOfWeek = 0x00000000
    • scanSchedulerHour = 0x00000000
    • scanSchedulerMinute = 0x00000000
    • scanSchedulerSecond = 0x00000000
    • updateSchedulerNever = 0x00000001
    • updateSchedulerDaily = 0x00000000
    • updateSchedulerDayOfWeek = 0x00000000
    • updateSchedulerHour = 0x00000000
    • updateSchedulerMinute = 0x00000000
    • updateSchedulerSecond = 0x00000000

Registry values modified

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    • Userinit =
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent
    • (Default) =
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent
    • (Default) =
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    • Cookies =
    • Local AppData =
    • Cache =
    • History =

Download

 
 

Add comment


Security code
Refresh

Related articles
Latest posts
Free malware removal tool to remove Antivir Solution Pro
_WRITTEN_BY Administrator 15/07/2010

Antivir Solution Pro is another rogue Antispyware from the Antispyware Soft and Antivirus Suite, that tries to get money from users by prompting them to register and buy their Fake products. Some…Read more...

Free virus removal tool to remove RVHOST.exe
_WRITTEN_BY Administrator 17/06/2010
  • RVHOST.exe is a trojan that may reprensent security risk for your system, it runs in the background, this application allows remote access to the compromised system.
  • Downloads…
Read more...
Free virus removal tool to remove WinDefender.exe
_WRITTEN_BY Administrator 17/06/2010
WinDefender.exe is a trojan that may reprensent security risk for your system, it runs in the background, this application creates startup registry keys. Read more...
Free malware removal tool to get rid of Defense Center
_WRITTEN_BY Administrator 12/06/2010
Defense Center is another rogue Antispyware from the Digital Protection family, it's a malware that pretends to be an Antivirus. It is a wolf in sheep's clothing. It conducts a fake scan of your…Read more...
Free virus removal tool to remove Xss.exe
_WRITTEN_BY Administrator 10/06/2010

Xss.exe is a trojan that may reprensent security risk for your system, it runs in the background, this application allows remote access to the compromised system.

Xss.exe downloads files…Read more...

.
Information | Contact

© All Rights Reserved. net-studio.org 2009