Windows PC Defender looks identical to an anti-virus or anti-spyware software, but it is actually a virus. Windows PC Defender pretends to scan the computer for infections, displays a fake results log, then demands you to purchase the full program to fix the "detected" viruses. Although the program claims to be an anti-virus program, it actually blocks real anti-virus programs from removing Windows PC Defender. If your PC is infected with the Windows PC Defender virus, but you can't run your anti-virus or anti-malware software, you can remove the infection manually.
Instructions
1 Turn on or restart the computer and press F8 on the boot screen to open the Windows Advanced Boot Options menu. Scroll to "Safe Mode" and press Enter.
2 Sign in to Windows. Hold down Ctrl, Shift and Esc to open Windows Task Manager. Click the "Processes" tab.
3 Click "Image Name" to alphabetize the processes. Right-click "eb.exe." Select "End Process" from the menu. Click "End Process" again.
4 Repeat the above step for fix.exe, ppal.exe and WP345d.exe.
5 Click "File." Click "New Task" to open the "Run" window. Input "cmd" and press Enter.
6 Input "cd c:\windows\system32" into the command-line prompt. Press Enter. Type "regsvr32 -u mozcrt19.dll" and press Enter to unregister the Windows PC Defender DLL.
7 Repeat the process for sqlite3.dll, cid.dll and ddv.dll. Type "cd %userprofile%\recent" into the Command Prompt and press Enter. Unregister tempdoc.dll. Close the Command Prompt.
8 Reopen the "Run" box. Type in "regedit" or "regedit.exe." Press Enter to open Windows Registry Editor.
9 Go through "HKEY_CLASSES_ROOT" and "CLSID" pathes. Right-click "{3F2BBC05-40DF-11D2-9455-00104BC936FF}." Click "Delete." Click "Yes" to confirm.
10 Return to "HKEY_CLASSES_ROOT." Right-click "WP345d.DocHostUIHandler" and click "Delete." Click "Yes."
11 Go through "HKEY_USERS," then ".DEFAULT," then "Software," then "Microsoft" then "Internet Explorer." Click "SearchScopes."
12 Right-click "URL," which has the value of "http://search-gala.com/?&uid=201&q={searchTerms," and click "Delete." Click "Yes."
13 Return to "Internet Explorer." Right-click "PRS," which has the value of "http://127.0.0.1:27777/?inj=%ORIGINAL%." Click "Delete." Click "Yes."
14 Go to "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings." Find and delete "UID" with the "201" value.
15 Click "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform." Delete "89770891803."
16 Open "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run." Delete "Windows PC Defender."
17 Click "Start." Click "Computer." Enter "8424.mof" into the search bar and wait for the computer to locate the file. When the file appears in the results, right-click it, then click "Delete." Click "Yes."
18 Repeat the process for the following files associated with Windows PC Defender: exec.tmp, mozcrt19.dll, CLSV.tmp, fix.exe, search.xml, ddv.dll, eb.exe, sqlite3.dll, tempdoc.dll, WP345d.exe, runddlkey.drv, WPCD.ico, ppal.exe, wpcd.cfg, energy.sys, vd952342.bd, cookies.sqlite, Windows PC Defender.lnk, PE.drv, cid.dll, eb.sys, FS.drv, Instructions.ini, kernel32.drv and PE.tmp.
19 Go to "C:\Documents and Settings\All Users\Application Data." Delete the following folders: "3adffe," "WPCDSys" and "345d567."
20 Input "%userprofile%\application data" into the address bar and press Enter. Right-click "Windows PC Defender" then click "Delete." Click "Yes" to completely remove the Windows PC Defender virus from your computer. Restart your computer.
Tips & Warnings
Enable hidden files on your system if you can't find the files. Select "Tools" from within Windows Explorer. Click "Folder Options." Select the "View" tab and click "Show Hidden Files, Folders and Drives." Click "OK."
If you can't open Task Manager, download and run Pocket KillBox. Locate and select the process in the right pane, then click "EndTask."
No comments:
Post a Comment