FrEn

E-mail Print

Free malware removal tool to remove PC Defender
Written by Administrator  |  Wednesday, 24 February 2010 13:30
AddThis Social Bookmark Button
PC Defender is a rogue Antispyware, it's a malware that pretends to be an Antivirus. It is a wolf in sheep's clothing. It conducts a fake scan of your system; you are warned by a fake alarm that there are more malwares on your system. It’s true indeed, there is really a malware in your system but I think the only malware on your system is PC Defender. It invites you to purchase a license to remove malwares, do not, it's a scam, you need a license for a malware? This so-called Antivirus tries to scam you. Uninstall PC Defender immediately from your system.

PC Defender

To remove PC Defender (Uninstall PC Defender)

  • Download this free removal tool for PC Defender
  • Extract it
  • Launch
  • Click on the delete button

PC Defender will be removed from your system in 10s. Restart your computer when it’s finished.

Processes :

  • Antispyware.exe
  • proccheck.exe
  • _BF2DDB0AC7FD40D5AAEDAF.exe
  • _C507892FD1860AF6477A61.exe

Files :

  • %CommonDesktopDir%\PC Defender.lnk
  • %CommonPrograms%\PC Defender\PC Defender.lnk
  • %Temp%\MSI37281.LOG
  • %ProgramFiles%\Def Group\PC Defender\Antispyware.exe
  • %ProgramFiles%\Def Group\PC Defender\hook.dll
  • %ProgramFiles%\Def Group\PC Defender\proccheck.exe
  • %Windows%\Installer\1c5a1.msi
  • %Windows%\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_BF2DDB0AC7FD40D5AAEDAF.exe
  • %Windows%\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\_C507892FD1860AF6477A61.exe
  • %System%\PCDefenderSilentSetup.msi
  • %CommonPrograms%\PC Defender
  • %ProgramFiles%\Def Group
  • %ProgramFiles%\Def Group\PC Defender
  • %Windows%\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}

Registry

Registry keys created
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\E8CBA2CF517323A48B5B5539084F2528
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_\SourceList
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_\SourceList\Media
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_\SourceList\Net
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C73BCE36FA1AA0E45AB2649A3FA0D390
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\C73BCE36FA1AA0E45AB2649A3FA0D390
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC2ABC8E-3715-4A32-B8B5-559380F45282}
  • HKEY_USERS\.DEFAULT\Software\Def Group
  • HKEY_USERS\.DEFAULT\Software\Def Group\Antispyware
  • HKEY_USERS\.DEFAULT\Software\Def Group\Antispyware\Found
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Script
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings
  • HKEY_CURRENT_USER\Software\Def Group
  • HKEY_CURRENT_USER\Software\Def Group\antispyware
  • HKEY_CURRENT_USER\Software\Def Group\antispyware\Found

Registry values created

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\E8CBA2CF517323A48B5B5539084F2528
    • DefaultFeature = ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_\SourceList\Net
    • 1 = "%System%\"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_\SourceList\Media
    • 1 = ";"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_\SourceList
    • PackageName = "PCDefenderSilentSetup.msi"
    • LastUsedSource = "n;1;%System%\"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E8CBA2CF517323A48B5B5539084F2528_
    • ProductName = "PC Defender"
    • PackageCode = "56DAAD1C3266CA24581DA7062D32344D"
    • Language = 0x00000409
    • Version = 0x01000000
    • Assignment = 0x00000001
    • AdvertiseFlags = 0x00000184
    • InstanceType = 0x00000000
    • AuthorizedLUAApp = 0x00000000
    • Clients = ":"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C73BCE36FA1AA0E45AB2649A3FA0D390
    • E8CBA2CF517323A48B5B5539084F2528 = ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
    • %ProgramFiles%\Def Group\PC Defender\ = ""
    • %ProgramFiles%\Def Group\ = ""
    • %CommonPrograms%\PC Defender\ = ""
    • %Windows%\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\ = ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\C73BCE36FA1AA0E45AB2649A3FA0D390
    • E8CBA2CF517323A48B5B5539084F2528 = ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC2ABC8E-3715-4A32-B8B5-559380F45282}
    • AuthorizedCDFPrefix = ""
    • Comments = ""
    • Contact = "Def Group"
    • DisplayVersion = "1.0.0"
    • HelpLink = ""
    • HelpTelephone = ""
    • InstallDate = "20100220"
    • InstallLocation = ""
    • InstallSource = "%System%\"
    • ModifyPath = "MsiExec.exe /X{FC2ABC8E-3715-4A32-B8B5-559380F45282}"
    • NoModify = 0x00000001
    • Publisher = "Def Group"
    • Readme = ""
    • Size = ""
    • EstimatedSize = 0x000004CA
    • UninstallString = "MsiExec.exe /X{FC2ABC8E-3715-4A32-B8B5-559380F45282}"
    • URLInfoAbout = ""
    • URLUpdateInfo = ""
    • VersionMajor = 0x00000001
    • VersionMinor = 0x00000000
    • WindowsInstaller = 0x00000001
    • Version = 0x01000000
    • Language = 0x00000409
    • DisplayName = "PC Defender"
  • HKEY_USERS\.DEFAULT\Software\Def Group\Antispyware\Found
    • %Windows%\inf\camvid20.inf = "Trojan.Win32.Scar.bddj"
    • %Windows%\inf\mdmmcd.PNF = "not-a-virus:Dialer.Win32.Agent.dz"
    • %Windows%\inf\mdmmetri.PNF = "Trojan-Downloader.Win32.Piker.bpd"
    • %Windows%\inf\multimed.inf = "Backdoor.Win32.PcClient.dmgj"
    • %Windows%\inf\netamd.inf = "Rootkit.Win32.Agent.acxs"
    • %Windows%\inf\netbrdgs.inf = "Trojan-Dropper.Win32.Grizl.iu"
    • %Windows%\inf\netktc.inf = "Trojan.Win32.VB.aade"
    • %Windows%\inf\netlnev2.PNF = "Trojan.Win32.VB.aade"
    • %Windows%\inf\sgiu.inf = "Trojan-Dropper.Win32.WOW.bd"
    • %Windows%\inf\wdma_es3.PNF = "Backdoor.Win32.Smabo.rg"
    • %System%\aclui.dll = "Trojan-Downloader.JS.FraudLoad.ae"
    • %System%\advpack.dll = "Trojan-Downloader.Win32.Piker.bpe"
    • %System%\gen_host.exe = "Trojan.Win32.Buzus.cyny"
    • %System%\msconf.dll = "not-a-virus:AdWare.Win32.AdSubscribe.bxs"
    • %System%\sethc.exe = "Trojan-Dropper.Win32.Agent.bkpw"
    • %System%\drivers\rawwan.sys = "Trojan-Dropper.Win32.Agent.bkpt"
    • %System%\wbem\ieinfo5.mof = "Trojan-Downloader.Win32.Piker.bpa"
  • HKEY_USERS\.DEFAULT\Software\Def Group\Antispyware
    • scanSchedulerNever = 0x00000001
    • scanSchedulerDaily = 0x00000000
    • scanSchedulerDayOfWeek = 0x00000000
    • scanSchedulerHour = 0x00000000
    • scanSchedulerMinute = 0x00000000
    • scanSchedulerSecond = 0x00000000
    • updateSchedulerNever = 0x00000001
    • updateSchedulerDaily = 0x00000000
    • updateSchedulerDayOfWeek = 0x00000000
    • updateSchedulerHour = 0x00000000
    • updateSchedulerMinute = 0x00000000
    • updateSchedulerSecond = 0x00000000
    • lastScanTime = 0x4B7FB57E
    • lastScanResults = 0x00000011
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings
    • JITDebug = 0x00000000
  • HKEY_CURRENT_USER\Software\Def Group\antispyware\Found
    • \NTDETECT.COM = "not-a-virus:AdWare.Win32.AdSubscribe.bxv"
  • HKEY_CURRENT_USER\Software\Def Group\antispyware
    • scanSchedulerNever = 0x00000001
    • scanSchedulerDaily = 0x00000000
    • scanSchedulerDayOfWeek = 0x00000000
    • scanSchedulerHour = 0x00000000
    • scanSchedulerMinute = 0x00000000
    • scanSchedulerSecond = 0x00000000
    • updateSchedulerNever = 0x00000001
    • updateSchedulerDaily = 0x00000000
    • updateSchedulerDayOfWeek = 0x00000000
    • updateSchedulerHour = 0x00000000
    • updateSchedulerMinute = 0x00000000
    • updateSchedulerSecond = 0x00000000

Registry values modified

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    • Userinit =
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent
    • (Default) =
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent
    • (Default) =
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    • Cookies =
    • Local AppData =
    • Cache =
    • History =

Download

 
 

Add comment


Security code
Refresh

Related articles
Latest posts

  • Free malware removal tool for Guard Online

    Written by %s admin 10/10/2011
    Guard Online is a another rogue Antispyware from the OpenCloud and AV Guard Online familly, it's a malware that pretends to be an Antivirus. Guard Online conducts a fake scan of your system; you are…
    Read more...

  • Free malware removal tool to remove AV Guard Online

    Written by %s admin 05/10/2011
    AV Guard Online is a another rogue Antispyware from the OpenCloud familly, it's a malware that pretends to be an Antivirus. AV Guard Online conducts a fake scan of your system; you are warned by a…
    Read more...

  • Free removal tool to remove Security Guard 2012

    Written by %s admin 05/10/2011
    Security Guard 2012 is a another rogue Antispyware from the OpenCloud familly, it's a malware that pretends to be an Antivirus. Security Guard 2012 conducts a fake scan of your system; you are warned…
    Read more...

  • Free removal tool for Advanced PC Shield 2012

    Written by %s admin 01/10/2011
    Advanced PC Shield 2012 is a another rogue Antispyware, it's a malware that pretends to be an Antivirus. Advanced PC Shield 2012 conducts a fake scan of your system; you are warned by a fake alarm…
    Read more...

  • Security Sphere 2012 Free Removal Tool

    Written by %s admin 01/10/2011
    Security Sphere 2012 is another spyware from the Security Tool family. Security Sphere 2012 is not a legit program; it's a fake, a counterfeit. Security Sphere 2012 claims to fix your system, but…
    Read more...
.
Information | Contact

© All Rights Reserved. net-studio.org 2009