How do I remove Win7 Defender virus (video guide)

If your computer is blocked with Win7 Defender scam we surely know what it takes to bear its permanent annoying popups, warnings and other fake security notifications. No doubt, the computer functions extremely slow because of this scam that made its residence on your system. However, we should not tolerate this fact and let the hoax remain in the mansions of our system. We’ve tried to remove this badware from our PC and found out that it is not as easy as it might seem at the first glance. This rogue blocks launching of the majority of important programs that could facilitate its removal process. This blockage spreads on security programs already installed on your computer, your browser (whatever it is), Task Manager, cmd.exe, taskkill.exe and other important applications that would be quite handy to use to remove the Trojan. We’ve developed the following pattern of behavior on how to deal with Win7 Defender to remove it from your system effectively, in spite of the blockage:

Removal sequence of steps:

  1. Download the installer of GridinSoft Trojan Killer from the direct link http://trojan-killer.net/download.php from some different clean (uninfected computer), for example, available at your work or with your friends or relatives
  2. Copy the installer of GridinSoft Trojan Killer onto your USB/Flash drive
  3. Transfer the USB/Flash drive to the PC infected with Win7 Defender
  4. Copy the installer of GridinSoft Trojan Killer to the desktop of the infected PC
  5. Run the installer of GridinSoft Trojan Killer as Administrator (right-click the installer with your mouse and select the respective option)
  6. Install GridinSoft Trojan Killer, make sure to uncheck the box “Start Trojan Killer” at the end of installation process
  7. Run GridinSoft Trojan Killer as Administrator (right-click the desktop icon of GridinSoft Trojan Killer with your mouse and select the respective option)
  8. Update GridinSoft Trojan Killer, run the scan and remove all infected items found during the scan with Trojan Killer
  9. Restart your computer to apply the changes after malware removal
  10. Additionally, make sure to scan your system with Kaspersky’s TDSS Killer downloadable here.

Win7 Defender screenshot:

win_7_defender

Win7 Defender removal video:

Win 7 Defender removal tool:

Win 7 Defender manual removal guide:

Associated files:

%commonappdata%\pcdfdata\[rnd].exe
%commonappdata%\pcdfdata\app.ico
%commonappdata%\pcdfdata\config.bin
%commonappdata%\pcdfdata\defs.bin
%commonappdata%\pcdfdata\support.ico
%commonappdata%\pcdfdata\uninst.ico
%commonappdata%\pcdfdata\vl.bin
%commondesktopdir%\Win 7 Defender.lnk
%commonprograms%\Win 7 Defender\Win 7 Defender.lnk
%commonprograms%\Win 7 Defender\Win 7 Defender Help and Support.lnk
%commonprograms%\Win 7 Defender\Win 7 Defender.lnk

Associated registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\pcdfsvc %commonappdata%\pcdfdata\[rnd].exe /min
HKCU\Software\Classes\.exe
HKCU\Software\Classes\.exe\ [rnd_2]
HKCU\Software\Classes\.exe\Content Type application/x-m
HKCU\Software\Classes\.exe\DefaultIcon
HKCU\Software\Classes\.exe\DefaultIcon\ %1
HKCU\Software\Classes\.exe\shell
HKCU\Software\Classes\.exe\shell\open
HKCU\Software\Classes\.exe\shell\open\command
HKCU\Software\Classes\.exe\shell\open\command\ “%commonappdata%\pcdfdata\[rnd].exe” /ex “%1” %*
HKCU\Software\Classes\.exe\shell\open\command\IsolatedCommand “%1” %*
HKCU\Software\Classes\.exe\shell\runas
HKCU\Software\Classes\.exe\shell\runas\command
HKCU\Software\Classes\.exe\shell\runas\command\ “%1” %*
HKCU\Software\Classes\.exe\shell\runas\command\IsolatedCommand “%1” %*

Leave a Comment


*