How to Remove TheDefend | TheDefend Removal Guide



TheDefend is a rogue antivirus program that is one of the latest incarnations of the wini family of rogues. It will introduce itself onto your system through aggressive advertising claiming to be a video codec update or flash player update that may be required to see a highly sought after video. Once the user tries to download the codec they have loaded a trojan which installs the software and then they are buried with popups and complaints of security problems on their computer and multiple viral infected files. The catch here is that they claim they cannot repair the problems unless you purchase their software. Read on for how to remove TheDefend.


First you may wish to visit he control panel and use add/remove programs to uninstall thedefend. If that works then you are lucky and you should proceed to install malwarebytes antimalware or superantispyware and then scan with that and install a REPUTABLE antivirus program like avg/avira or trendmicro (their online housecall scan should be fine. Then make sure to scan until your computer is clear.

You will find a download link for malwarebytes antimalware on my virus removal toolkit page. While you are there you may wish to also download process explorer as it may be useful later for killing off the programs associated with this rogue.

When you have downloaded malwarebytes (or superantispyware) and try to install you may be unable to install it. Here are a few tricks you can try to get the software installed 1) rename the installer from mbam-setup.exe to something like iexplore.exe and then retry the install, update and scan. 2) reboot into safe mode, try the install there (possibly using trick #1) then retry the install, update and scan or 3) continue to the next manual removal step which is killing off the running processes of thedefend and then retry your install, update and scan.

The following programs are associated with thedefend and should be killed off using the task manager to manually remove thedefend from your computer. If you are unable to launch the task manager you may try 1) copying the executable for task manager (taskmgr.exe) to the desktop and then rename it to something like firefox.exe. 2) reboot into safe mode and see if the programs listed are running. 3) use process explorer instead of task manager to kill off the following files:

thedefend.exe
uninstall.exe
RANDOM.exe

Some of the files above (and below) are named randomly when this rogue installs itself on your system. You should use what you find on your computer along with the locations listed below to determine which files should be killed off or deleted.

The following files and folders should be deleted to remove thedefend from your computer:

%docs%\All Users\Desktop\TheDefend.lnk
%docs%\All Users\Start Menu\Programs\TheDefend
%docs%\All Users\Start Menu\Programs\TheDefend\1 TheDefend.lnk
%docs%\All Users\Start Menu\Programs\TheDefend\2 Homepage.lnk
%docs%\All Users\Start Menu\Programs\TheDefend\3 Uninstall.lnk
%progfiles%\TheDefend Software
%progfiles%\TheDefend Software\TheDefend
%progfiles%\TheDefend Software\TheDefend\TheDefend.exe
%progfiles%\TheDefend Software\TheDefend\uninstall.exe
%win%\10536ha9ktozl5fa.bin
%win%\10697spamz5t44f9.bin
%win%\10754trz9293.cpl
%win%\system32\RANDOM.exe
%win%\system32\3d03d9wnl5ader227z.cpl
%win%\system32\3fe1downlzade923815.dll
%win%\system32\3z2fback5oo924.dll
%tmp%\RANDOM.exe

At this point your manual removal of TheDefend is almost finished and you should follow up with a scan with malwarebytes antimalware or superantispyware as well as a scan with a reputable antivirus application such as AVG/avira/norton/mcafee/etc. (Online scans such as trendmicros housecall should be fine as well.)

   Send article as PDF   

Similar Posts