Related Posts


How To Remove PC Defender Plus Virus – Fake/Rogue Software PC Defender Plus Malware Removal Instructions

What is PC Defender Plus Virus/Malware?

PC Defender Plus is rogue software that disguises itself as an Antivirus, Anti-Spyware, Security Tool and is classified as Scareware because PC Defender Plus is distributed and operated by cyber criminals for the purpose of scaring victims into falsely believing their computer is infected with malware, viruses, spyware, Trojans, and/or worms and/or facing critical system and PC Defender Plus firewall errors. The purpose the PC Defender Plus virus does this is to eventually persuade the computer user into purchasing an extended license for the fake PC Defender Plus program.

Remove PC Defender Plus Virus

Please note, activating and purchasing the license for the PC Defender Plus is dangerous and will not fix or remove issues and symptoms caused by PC Defender Plus. NEVER give your credit card information to cyber criminals.

Even though the main threat of the PC Defender plus infection is to make victims believe their computers are facing realistic issues in order to buy the licensed product, PC Defender Plus can also remain undetected on a system and track computer user’s complete activity, including keystrokes.

PC Defender Plus Screenshots

There are many versions of PC Defender Plus throughout the years. Though the fake software’s interface and notification messages may be different for your infection than discussed, removal instructions are still identical.

PC Defender Plus Infection Process

  • The rogue PC Defender Plus program is contracted by use of Trojans that allow the malware to override proper system functionality and block legitimate Antivirus software from acting appropriately.
  • The rogue PC Defender Plus program may prompt fake system scans, notifications, and other alert style messages stating the computer is infected with malware such as spyware, adware, and Trojans.

System Security Alert!
Unknown program is scanning your system registry right now! Identity theft detected!

Attention: Danger!
System scan for spyware, adware, trojans and viruses was finished. PC Defender Plus detected 99 critical system objects. These security breaches may be exploited and lead to the following:
* Your system becomes a target for spam and bulky, intruding ads
* Browser crashes frequently and web access speed decreases

  • PC Defender Plus is also related to the fake PC Defender Plus Firewall virus and may additionally infect the computer with the program or display similar PC Defender Plus Firewall alert messages.

Fake PC Defender Plus Firewall Alert

  • PC Defender Plus finally prompts for the computer user to purchase the program possibly usig different online payment methods including credit cards and payment services such as Green Dot Moneypak.

IF PC Defender Plus is not removed from your computer you are extremely vulnerable to cyber criminal activity involving credit theft, identify theft, and more. The PC Defender virus can progress further along and is capable of destroying complete computer functionality at any given time (starting from the initial infection).

How can I get infected with PC Defender Plus?

PC Defender Plus can infiltrate computer systems by using Trojan horses via freeware and shareware such as audio and video codecs, software update popups, and other potentially-malicious downloads including torrents and Toolbars. A computer user may have also fallen victim to phishing, such as spam emails and telephone scams causing the computer to contract the PC Defender virus.

How To Remove PC Defender Plus – Fake PC Defender Virus

  1. Antivirus & Anti-Malware Software – Scan, detect, and remove PC Defender, malware
  2. System Restore - Restore computer to date and time before PC Defender infection
  3. Uninstall/Manually Remove PC Defender Plus - Common guidelines, files
  4. Safe Mode With Networking - Troubleshoot internet access, remove malware

1. Antivirus & Anti-Malware Sofware

In order to remove PC Defender Plus Antivirus, we recommend running a full system scan with an actual reputable Antivirus or Anti-Malware program. In this case,Malwarebytes - the most recommended Antivirus/Anti-Malware software used to scan, detect, and remove malware including rogue software and scareware. View other Antivirus recommendations.

Remove Koda Virus

2. System Restore

Perform a system restore to an automatic restore point created by Window’s each week or during system updates, including installments of new software. System restores are a great way of removing severe malware infections and can be utilized to “recover” a system to factory settings if wanted.

Windows Recommended Restore And Choose A Restore Point

System Restores can be used to remove entire installments without harming your computer, nor deleting any data including images and videos.

3. Uninstall/Manually Remove PC Defender Plus

Uninstall PC Defender Plus Antivirus From Control Panel

If possible, you might be able to uninstall PC Defender using Window’s Uninstaller.

  • Start > Settings > Control Panel > Uninstall a Program or Add/Remove Programs. Double click infectious program to uninstall.
Delete PC Defender Plus Files And Folders

This list is a collection of files and folders related to PC Defender, PC Defender Plus, and PC Defender Firewall. If found remove them immediately. Please note, the files and folders described may not be found on your system.

C:\Program Files\Mozilla Firefox\searchplugins\search.xml 
C:\Documents and Settings\All Users\Application Data\234f456
C:\Documents and Settings\All Users\Application Data\234f456\8424.mof
C:\Documents and Settings\All Users\Application Data\234f456\mozcrt19.dll
C:\Documents and Settings\All Users\Application Data\234f456\sqlite3.dll
C:\Documents and Settings\All Users\Application Data\234f456\PT234e.exe
C:\Documents and Settings\All Users\Application Data\WPCDSys
C:\Documents and Settings\All Users\Application Data\WPCDSys\wpcd.cfg
%appdata%\pcdfdata\defs.bin
%appdata%\pcdfdata\support.ico
%nappdata%\pcdfdata\config.bin
%programs%\PC Defender Plus\PC Defender Plus.lnk
%desktopdir%\PC Defender Plus.lnk
%appdata%\pcdfdata\app.ico
%programs%\PC Defender Plus\Remove PC Defender Plus.lnk
%appdata%\pcdfdata\vl.bin
%programs%\PC Defender Plus\PC Defender Plus Help and Support.lnk
%appdata%\pcdfdata\uninst.ico
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows PC Defender.lnk
%UserProfile%\Application Data\Windows PC Defender
%UserProfile%\Application Data\Windows PC Defender\cookies.sqlite
%UserProfile%\Application Data\Windows PC Defender\Instructions.ini
%UserProfile%\Desktop\Windows PC Defender.lnk
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\CLSV.tmp
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.exe
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\fix.exe
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\tempdoc.dll
%UserProfile%\Start Menu\Windows PC Defender.lnk
%UserProfile%\Start Menu\Programs\Windows PC Defender.lnk
Delete PC Defender Plus Antivirus Registry Entries

To access Window’s Registry Editor access Window’s Start Menu and type regedit into the search field followed by pressing Enter.

If located, remove these PC Defender Plus registry entries and values.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Win 8 2013 Antivirus"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows PC Defender" 
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\WP345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=201&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"

4. Safe Mode With Networking (Troubleshoot)

This is great for infected users who need to access the Internet or their networks but can not due to symptoms of PC Defender Plus or the PC Defender Plus Firewall. This mode will also bypass any issues where Antivirus or Anti Malware applications have been noneffective or malfunctioning.

1. Reboot your computer in Safe Mode with Networking. As the computer is booting (when it reaches the manufacture’s logo) tap the F8 key continuously to reach the correct menu.

2. On the Advanced Boot Options screen, use your keyboard to navigate to “Safe Mode with Networking” and press Enter.

Safe mode with networking

The screen may appear black with the words “safe mode” in all four corners. Click your mouse where windows start menu is to bring up necessary browsing.

3. If you are able to, access the internet, install software such as Malwarebytes and to scan and remove PC Defender Plus.

4. If you still can’t access the Internet after restarting in safe mode, try resetting your Internet Explorer proxy settings.

How To Reset Internet Explorer Proxy Settings
  • Option 1

In Windows 7 click the Start button . In the search box type run and in the list of results click Run.
-or-
In Windows Vista click the Start button and then click Run.
-or-
In Windows XP click Start and then click Run.

Copy and paste or type the following text in the Open box in the Run dialog box and click OK:

reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings” /v ProxyEnable /t REG_DWORD /d 0 /f

In Windows 7 click the Start button. In the search box type run and  in the list of results click Run.
-or-
In Windows Vista click the Start button and then click Run.
-or-
In Windows XP click Start and then click Run.

Copy and paste or type the following text in the Open box in the Run dialog box and click OK:

reg delete “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings” /v ProxyServer /f

Restart Internet Explorer and then follow the steps listed previously to run the scanner

  • Option 2

Launch Internet Explorer. In Internet Explorer go to: Tools >Internet Options >Connections tab.
Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.

LAN Tab

4. It is now recommended to download Malwarebytes (free or paid version, or other software) and run a full system scan to remove PC Defender Plus and any malware, viruses, and Trojans negatively affecting your system.


banner-1

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

One thought on “How To Remove PC Defender Plus Virus – Fake/Rogue Software PC Defender Plus Malware Removal Instructions