Windows PC Defender is a new rogue antispyware program from from Virus Doctor rogue family as Windows Protection Suite, Windows System Suite, Windows Security Suite, etc. The rogue is distributed through the use fake online malware scanners that tells you that your computer infected with variety of trojans and spyware and that you must install Windows PC Defender to clean your computer.
Once installed, it will automatically start every time Windows is started. Also Windows PC Defender will change the HOSTS file and create a lot of harmless files with random names that during the scan will determine as infections. Immediately after launch, Windows PC Defender will begin to scan your computer and list a large amount of infections, but all of these infections are fake, so you can safely ignore them. Windows PC Defender uses false scan results as a method of scaring you into buying the software!
Windows PC Defender
Windows PC Defender can be safely removed from your computer along with any other trojan infections if the proper steps are taken. If you are a non-techie computer user then this method of removing the fake antivirus and any associated malware from your computer is for you.
More Windows PC Defender screen shoots
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [Windows PC Defender] “C:\Documents and Settings\All Users\Application Data\a5bc4e8\WIa5bc.exe” /s /d
Use the following instructions to remove Windows PC Defender (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows PC Defender infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Windows PC Defender removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Windows PC Defender creates the following files and folders
%appdata%\Windows PC Defender
c:\documents and settings\all users\application data\WPCDSys\winpcd.cfg
%userprofile%\Desktop\Windows PC Defender.lnk
%userprofile%\Start Menu\Windows PC Defender.lnk
%userprofile%\Start Menu\Programs\Windows PC Defender.lnk
%userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows PC Defender.lnk
Windows Security Suite creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Windows PC Defender”