Windows PC Defender is a virus that can be tough to get rid of.
Windows PC Defender is designed to look like anti-virus or anti-spyware software from Microsoft, but it is actually a virus. Windows PC Defender pretends to scan the computer for infections, displays a fake results log, then demands you to purchase the full program to fix the "detected" viruses. Although the program claims to be an anti-virus program, it actually blocks real anti-virus programs from removing Windows PC Defender. It also hijacks all program icons so that you can't launch your real anti-virus software or any other program. If your PC is infected with the Windows PC Defender virus and you can't run your anti-virus or anti-malware software, you can remove the infection manually.
Instructions
1. Turn on or restart the computer and press "F8" on the boot screen to open the Windows Advanced Boot Options menu. Scroll to "Safe Mode" and press Enter.
2. Sign in to Windows. Hold down "Ctrl-Shift-Esc" to open Windows Task Manager. Click the "Processes" tab.
3. Click "Image Name" to alphabetize the processes. Right-click "eb.exe." Select "End Process" from the menu. Click "End Process" again.
4. Repeat the above step for fix.exe, ppal.exe and WP345d.exe.
5. Click "File." Click "New Task" to open the "Run" window. Type "cmd" and press "Enter" to open a command-line window.
6. Type "cd c:\windows\system32" at the command-line prompt. Press "Enter." Type "regsvr32 -u mozcrt19.dll" and press "Enter" to unregister the Windows PC Defender dynamic linking library.
7. Repeat the process for sqlite3.dll, cid.dll and ddv.dll. Type "cd %userprofile%\recent" at the command prompt and press Enter. Unregister tempdoc.dll. Close the command-prompt window.
8. Reopen the "Run" box. Type in "regedit" or "regedit.exe." Press Enter to open Windows Registry Editor.
9. Navigate through the "HKEY_CLASSES_ROOT" and "CLSID" paths. Right-click "{3F2BBC05-40DF-11D2-9455-00104BC936FF}." Click "Delete." Click "Yes" to confirm.
10. Return to "HKEY_CLASSES_ROOT." Right-click "WP345d.DocHostUIHandler" and click "Delete." Click "Yes" to confirm the deletion.
11. Go through "HKEY_USERS | .DEFAULT | Software| Microsoft| Internet Explorer." Click "SearchScopes."
12. Right-click "URL," which has the value of "http://search-gala.com/?&uid=201&q={searchTerms," and click "Delete." Click "Yes" to confirm the deletion.
13. Return to "Internet Explorer." Right-click "PRS," which has the value of "http://127.0.0.1:27777/?inj=%ORIGINAL%." Click "Delete." Click "Yes."
14. Go to "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings." Find and delete "UID" with the "201" value.
15. Click "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform." Delete "89770891803."
16. Open "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run." Delete "Windows PC Defender."
17.Click the Start button at the bottom left of your monitor screen. Click "Computer." Enter "8424.mof" into the search bar and wait for the computer to locate the file. When the file appears in the results, right-click it, then click "Delete." Click "Yes."
18. Repeat the process for the following files associated with Windows PC Defender: exec.tmp, mozcrt19.dll, CLSV.tmp, fix.exe, search.xml, ddv.dll, eb.exe, sqlite3.dll, tempdoc.dll, WP345d.exe, runddlkey.drv, WPCD.ico, ppal.exe, wpcd.cfg, energy.sys, vd952342.bd, cookies.sqlite, Windows PC Defender.lnk, PE.drv, cid.dll, eb.sys, FS.drv, Instructions.ini, kernel32.drv and PE.tmp.
19. Go to "C:\Documents and Settings\All Users\Application Data." Delete the following folders: "3adffe," "WPCDSys" and "345d567."
20. Type "%userprofile%\application data" into the address bar and press Enter. Right-click "Windows PC Defender" then click "Delete." Click "Yes" to completely remove the Windows PC Defender virus from your computer. Restart your computer.
Tags: Windows Defender, Delete Click, press Enter, Software Microsoft, Click confirm