Security Defender removal tool

Security Defender is a fake anti-virus application from the same family as PC Defender Plus. The reason why this application is referred to as a rogue (fake AV) is because it intentionally presents the bunch of fake scan reports, faulty security warnings, and even hijacks your system so that you are unable to launch your regular programs. This threat is distributed as a tool that is required to view an online video, but, in fact, brings the Security Defender malware into your workstation instead. After being successfully self-launched, the hoax will claim to be some anti-malware utility but will show bogus scan reports and notifications. When you attempt to fix any of the threats it supposedly identifies, you will see an alert claiming that you need to buy it before it can delete any threat. Since this is nothing but just a scary method, please disregard anything that it shows and continue with the remainder of the uninstall tutorial provided herein.

Security Defender

Keep in mind that Security Defender scam will also initiate amendments into the Windows Registry so that the hoax is self-started when you attempt to run any exe-file on your system. Instead of your legitimate application being started, the rogue will be launched and indicate that the legitimate file is compromised and contains certain unknown threat. The text of such alert is as follows:

Security Defender Firewall Alert
Iexplore.exe is infected with Trojan.JS.Fraud.ba. Private data can be stolen by third parties, including credit card details and passwords.
Windows recommends activate Security Defender

Due to the fact that your common applications are not infected at all, please disregard this statement. After being successfully implanted into your system, Security Defender will also show faulty security notifications that are developed to scare you into believing your Internet connection is under serious virus vulnerability or that your workstation is greatly infected. The texts of these faulty warnings are as follows:

System Security Alert!
Vulnerabilities found
Background scan for security breaches has been finished. Serious problems have been detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defence.

System Security Alert!
Unknown program is scanning your system registry right now! Identify the theft detected!

Similar to the scan results and infection notifications, these security alerts are all bogus and can be disregarded. Needless to mention, Security Defender was elaborated merely to scare users into believing their system got infected so that they would then buy the hoax. Taking into consideration the above-mentioned, please do not pay for this malware, and if you already have done so, please contact your good bank or other payment processing institution and dispute the charges stating that the application you obtained is a computer virus and a hoax. To get rid of Security Defender and other similar rogues please refer to the malware uninstall tips rendered below.

Security Defender removal video at YouTube:

Removal sequence of steps:

  1. Download the installer of GridinSoft Trojan Killer from the direct link http://trojan-killer.net/download.php from some different clean (uninfected computer), for example, available at your work or with your friends or relatives
  2. Copy the installer of GridinSoft Trojan Killer onto your USB/Flash drive
  3. Transfer the USB/Flash drive to the PC infected with Security Defender
  4. Copy the installer of GridinSoft Trojan Killer to the desktop of the infected PC
  5. Run the installer of GridinSoft Trojan Killer as Administrator (right-click the installer with your mouse and select the respective option)
    For XP users: Right-click the installer of GridinSoft Trojan Killer with your mouse and click “Run as…”. Uncheck the box “Protect my computer and data from unauthorized program activity” and click OK.
  6. Install GridinSoft Trojan Killer, make sure to uncheck the box “Start Trojan Killer” at the end of installation process
  7. Run GridinSoft Trojan Killer as Administrator (right-click the desktop icon of GridinSoft Trojan Killer with your mouse and select the respective option)
  8. Update GridinSoft Trojan Killer, run the scan and remove all infected items found during the scan with Trojan Killer
    Security Defender remoavl tool
    Trojan Killer – removal of Security Defender
  9. Restart your computer to apply the changes after malware removal
  10. Additionally, make sure to scan your system with Kaspersky’s TDSS Killer downloadable here.

Associated files:


%commonappdata%\pcdfdata\[rnd].exe
%commonappdata%\pcdfdata\app.ico
%commonappdata%\pcdfdata\config.bin
%commonappdata%\pcdfdata\defs.bin
%commonappdata%\pcdfdata\support.ico
%commonappdata%\pcdfdata\uninst.ico
%commonappdata%\pcdfdata\vl.bin
%commondesktopdir%\Security Defender.lnk
%commonprograms%\Security Defender\Security Defender.lnk
%commonprograms%\Security Defender\Security Defender Help and Support.lnk
%commonprograms%\Security Defender\Security Defender.lnk

Associated registry entries:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\pcdfsvc %commonappdata%\pcdfdata\[rnd].exe /min
HKCU\Software\Classes\.exe
HKCU\Software\Classes\.exe\ [rnd_2]
HKCU\Software\Classes\.exe\Content Type application/x-m
HKCU\Software\Classes\.exe\DefaultIcon
HKCU\Software\Classes\.exe\DefaultIcon\ %1
HKCU\Software\Classes\.exe\shell
HKCU\Software\Classes\.exe\shell\open
HKCU\Software\Classes\.exe\shell\open\command
HKCU\Software\Classes\.exe\shell\open\command\ "%commonappdata%\pcdfdata\[rnd].exe" /ex "%1" %*
HKCU\Software\Classes\.exe\shell\open\command\IsolatedCommand "%1" %*
HKCU\Software\Classes\.exe\shell\runas
HKCU\Software\Classes\.exe\shell\runas\command
HKCU\Software\Classes\.exe\shell\runas\command\ "%1" %*
HKCU\Software\Classes\.exe\shell\runas\command\IsolatedCommand "%1" %*

Leave a Comment

*