How to Remove Windows PC Defender Virus

Save

Windows PC Defender is designed to look like anti-virus or anti-spyware software from Microsoft, but it is actually a virus. Windows PC Defender pretends to scan the computer for infections, displays a fake results log, then demands you to purchase the full program to fix the "detected" viruses. Although the program claims to be an anti-virus program, it actually blocks real anti-virus programs from removing Windows PC Defender. It also hijacks all program icons so that you can't launch your real anti-virus software or any other program. If your PC is infected with the Windows PC Defender virus and you can't run your anti-virus or anti-malware software, you can remove the infection manually.

  • Turn on or restart the computer and press "F8" on the boot screen to open the Windows Advanced Boot Options menu. Scroll to "Safe Mode" and press Enter.

  • Sign in to Windows. Hold down "Ctrl-Shift-Esc" to open Windows Task Manager. Click the "Processes" tab.

  • Click "Image Name" to alphabetize the processes. Right-click "eb.exe." Select "End Process" from the menu. Click "End Process" again.

  • Repeat the above step for fix.exe, ppal.exe and WP345d.exe.

  • Click "File." Click "New Task" to open the "Run" window. Type "cmd" and press "Enter" to open a command-line window.

  • Type "cd c:\windows\system32" at the command-line prompt. Press "Enter." Type "regsvr32 -u mozcrt19.dll" and press "Enter" to unregister the Windows PC Defender dynamic linking library.

  • Repeat the process for sqlite3.dll, cid.dll and ddv.dll. Type "cd %userprofile%\recent" at the command prompt and press Enter. Unregister tempdoc.dll. Close the command-prompt window.

  • Reopen the "Run" box. Type in "regedit" or "regedit.exe." Press Enter to open Windows Registry Editor.

  • Navigate through the "HKEY_CLASSES_ROOT" and "CLSID" paths. Right-click "{3F2BBC05-40DF-11D2-9455-00104BC936FF}." Click "Delete." Click "Yes" to confirm.

  • Return to "HKEY_CLASSES_ROOT." Right-click "WP345d.DocHostUIHandler" and click "Delete." Click "Yes" to confirm the deletion.

  • Go through "HKEY_USERS | .DEFAULT | Software| Microsoft| Internet Explorer." Click "SearchScopes."

  • Right-click "URL," which has the value of "http://search-gala.com/?&uid=201&q={searchTerms," and click "Delete." Click "Yes" to confirm the deletion.

  • Return to "Internet Explorer." Right-click "PRS," which has the value of "http://127.0.0.1:27777/?inj=%ORIGINAL%." Click "Delete." Click "Yes."

  • Go to "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings." Find and delete "UID" with the "201" value.

  • Click "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform." Delete "89770891803."

  • Open "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run." Delete "Windows PC Defender."

  • Click the Start button at the bottom left of your monitor screen. Click "Computer." Enter "8424.mof" into the search bar and wait for the computer to locate the file. When the file appears in the results, right-click it, then click "Delete." Click "Yes."

  • Repeat the process for the following files associated with Windows PC Defender: exec.tmp, mozcrt19.dll, CLSV.tmp, fix.exe, search.xml, ddv.dll, eb.exe, sqlite3.dll, tempdoc.dll, WP345d.exe, runddlkey.drv, WPCD.ico, ppal.exe, wpcd.cfg, energy.sys, vd952342.bd, cookies.sqlite, Windows PC Defender.lnk, PE.drv, cid.dll, eb.sys, FS.drv, Instructions.ini, kernel32.drv and PE.tmp.

  • Go to "C:\Documents and Settings\All Users\Application Data." Delete the following folders: "3adffe," "WPCDSys" and "345d567."

  • Type "%userprofile%\application data" into the address bar and press Enter. Right-click "Windows PC Defender" then click "Delete." Click "Yes" to completely remove the Windows PC Defender virus from your computer. Restart your computer.

Tips & Warnings

  • Enable hidden files on your system if you can't find the files. Select "Tools" from within Windows Explorer. Click "Folder Options." Select the "View" tab and click "Show Hidden Files, Folders and Drives." Click "OK."
  • If you can't open Task Manager, download and run Pocket KillBox. Locate and select the process in the right pane, then click "EndTask."
  • Windows PC Defender is an extremely aggressive virus. After removing it, consider using System Restore to restore your system to an earlier state, before it was infected. If the recommended procedure doesn't work, or the virus returns, you may have to wipe and reformat your entire computer system.

References

  • Photo Credit Photodisc/Photodisc/Getty Images
Promoted By Zergnet

Comments

Resources

You May Also Like

Related Searches

M
Is DIY in your DNA? Become part of our maker community.
Submit Your Work!