Win Defender (Win Server Defender) virus. Removal tool

There are several malicious applications that share the same GUI and the word “defender” in their name. Nevertheless, this doesn’t make them good system defenders. Such applications are fake anti-spyware programs that have the cruelest of intentions. They simply weren’t created to assist users in virus removal. What they can do is trick users and scare them into believing their system is in danger. Then, on this basis, such malwares have in mind to persuade users to buy the so-called licensed version of this faulty program in order to have malwares removed. However, remember that this program doesn’t report about real infections. What it does is just inventing threats that simply don’t dwell on your system.

What is the difference between Win Defender and Win Server Defender? Both of these fake anti-spywares are equally useless, but there’s a serious and essential difference in them. Win Defender attacks those PCs that have one of several Windows OS versions (Windows XP, Windows Vista, Windows 7, or, finally, Windows 8). As for Win Server Defender, this scam attacks Windows Servers, which has never happened before.

The installation of these rogues is concealed from user’s attention. You can’t actually trace the infiltration process of these hoaxes, and the malware comes to your system without your approval or consent. In addition, it modifies your system in a manner that makes it possible for the fake AV to be executed automatically each time you turn your computer on. Immediately the program begins imitating scanning of your system. It does this very quickly; of course, real scan cannot detect all real security threats within the twinkle of an eye. Immediately the rogue brings up the faulty report about various viruses, threats and vulnerabilities detected by it supposedly. Such information is far away from the truth.

These malwares (Win Defender and Win Server Defender) have in mind to push users into buying their fake license as a supposed remedy to remove unreal threats. Doing so (purchasing the activation code of this hoax) is a serious mistake! This will not help your PC and will not defend it! Hence, instead of obeying the scary commands of hackers, the authors of this scareware, please remove it as described below.


Win (Server) Defender removal tool:

Win (Server) Defender similar removal video:

Win (Server) Defender manual removal guide:

Associated files:

%commonappdata%\pcdfdata\[rnd].exe
%commonappdata%\pcdfdata\app.ico
%commonappdata%\pcdfdata\config.bin
%commonappdata%\pcdfdata\defs.bin
%commonappdata%\pcdfdata\support.ico
%commonappdata%\pcdfdata\uninst.ico
%commonappdata%\pcdfdata\vl.bin
%commondesktopdir%\Win (Server) Defender.lnk
%commonprograms%\Win (Server) Defender\Win (Server) Defender.lnk
%commonprograms%\Win (Server) Defender\Win (Server) Defender Help and Support.lnk
%commonprograms%\Win (Server) Defender\Win (Server) Defender.lnk

Associated registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\pcdfsvc %commonappdata%\pcdfdata\[rnd].exe /min
HKCU\Software\Classes\.exe
HKCU\Software\Classes\.exe\ [rnd_2]
HKCU\Software\Classes\.exe\Content Type application/x-m
HKCU\Software\Classes\.exe\DefaultIcon
HKCU\Software\Classes\.exe\DefaultIcon\ %1
HKCU\Software\Classes\.exe\shell
HKCU\Software\Classes\.exe\shell\open
HKCU\Software\Classes\.exe\shell\open\command
HKCU\Software\Classes\.exe\shell\open\command\ “%commonappdata%\pcdfdata\[rnd].exe” /ex “%1” %*
HKCU\Software\Classes\.exe\shell\open\command\IsolatedCommand “%1” %*
HKCU\Software\Classes\.exe\shell\runas
HKCU\Software\Classes\.exe\shell\runas\command
HKCU\Software\Classes\.exe\shell\runas\command\ “%1” %*
HKCU\Software\Classes\.exe\shell\runas\command\IsolatedCommand “%1” %*

Leave a Comment

*