How to Remove Windows PC Defender | Windows PC Defender Removal
Windows PC Defender is a rogue antivirus application that resembles the legitimate antispyware known as Windows Defender from Microsoft. Their intent apparently is to mimic the look an theming of that application to trick potential customers into trusting and downloading (and paying for) their product. It is a clone of Windows Guard Pro and Ultimate System Guard. Like so many of these rogues, they simply change the names and recycle much of what they’ve used before. As most of these applications do, Windows PC Defender displays false claims of system problems and threats and claims to be able to remove them if you pay. So… on to removal of windows pc defender.
You will likely see the following popups on your system if it is infected with Windows PC Defender:
System alert
Suspicious software, which may be malicious, has been detected on your PC. Click here to remove this threat immediately with Windows PC DefenderWarning! Your computer is infected
Warning! Trojan Found!
File name: crss.drv
Threat name: Trojan-Spy.HTML.Sunfraud.a
The following sites should be blocked to protect against Windows PC Defender:
windowspcdefender.com
You may be able to use malwarebytes antimalware to perform an automatic removal of this pest, you can download it via a link on my virus removal toolkit page.
It might be possible to try safe mode for running a clean up with malwarebytes antimalware if it doesn’t work during the a normal boot of windows. Additionally killing the following processes via the task manager may help in the automated removal of this pest:
ppal.exe
fix.exe
eb.exe
WP345d.exe
These dlls need to be removed and unregistered:
tempdoc.dll
ddv.dll
cid.dll
mozcrt19.dll
sqlite3.dll
Then to continue with a manual removal you should look to delete the following files and folders:
%users%\All Users\Application Data\345d567
%users%\All Users\Application Data\345d567\8424.mof
%users%\All Users\Application Data\345d567\mozcrt19.dll
%users%\All Users\Application Data\345d567\sqlite3.dll
%users%\All Users\Application Data\345d567\WP345d.exe
%users%\All Users\Application Data\345d567\WPCD.ico
%users%\All Users\Application Data\345d567\WPCDSys
%users%\All Users\Application Data\345d567\WPCDSys\vd952342.bd
%users%\All Users\Application Data\WPCDSys
%users%\All Users\Application Data\WPCDSys\wpcd.cfg
%UserProf%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows PC Defender.lnk
%UserProf%\Application Data\Windows PC Defender
%UserProf%\Application Data\Windows PC Defender\cookies.sqlite
%UserProf%\Application Data\Windows PC Defender\Instructions.ini
%UserProf%\Desktop\Windows PC Defender.lnk
%UserProf%\Recent\cid.dll
%UserProf%\Recent\CLSV.tmp
%UserProf%\Recent\ddv.dll
%UserProf%\Recent\eb.exe
%UserProf%\Recent\eb.sys
%UserProf%\Recent\energy.sys
%UserProf%\Recent\exec.tmp
%UserProf%\Recent\fix.exe
%UserProf%\Recent\FS.drv
%UserProf%\Recent\kernel32.drv
%UserProf%\Recent\PE.drv
%UserProf%\Recent\PE.tmp
%UserProf%\Recent\ppal.exe
%UserProf%\Recent\runddlkey.drv
%UserProf%\Recent\tempdoc.dll
%UserProf%\Start Menu\Windows PC Defender.lnk
%UserProf%\Start Menu\Programs\Windows PC Defender.lnk
%ProgFiles%\Mozilla Firefox\searchplugins\search.xml
After a manual removal it would be wise to run a scan and cleaning with Malwarebytes antimalware to ensure that you have cleaned out everything during your windows pc defender removal. (Make certain to update your antimalware program first.)