Thursday, November 1, 2012

PC Defender Plus rogue. Deletion tutorial.

PC Defender Plus is a rogue that can infect your system and fool you into the purchasing of its malignant product. Having penetrated into your machine PC Defender Plus virus starts its work with the scanning. It scans your system and shows you the results which are not so good as you wanted them to be. And as any good users you begind to search for the program in order to delete those threats PC Defender Plus finds. But why do you need to look for some program if you have already PC Defender Plus and you just need to go to the purchase page and order the full version. That is exactly what lots of users do. And what do they receive after the purchase? .... and they receive absolutely nothing but lost time and money!!

PC Defender Plus

You need always think before buy some unknown program that penetrates into your system without even your knowing about that. Isn't this suspicious for you? It should be. You can receive several messages whilce the virus is in your system such as:

System Security Alert! Unknown program is scanning your system registry right now! Identity theft detected! Details Attack from: 100.100.181.203 Port: 6338 Attacked port: 8359 Threat: Hoax.HTML.OdKlas.a Do you want to block this attack? Attention: Danger! ALERT! System scan for spyware, adware, trojans and viruses was finished. PC Defender Plus detected 99 critical system objects. These security breaches may be exploited and lead to the following: * Your system becomes a target for spam and bulky, intruding ads * Browser crashes frequently and web access speed decreases
Of course, all these messages saying that your system is infected are fake. Just ignore everything and do not do anything the rogue says you to do. PC Defender Plus

PC Defender Plus rogu blocks the internet connection so it is difficult to do something not knowing anything. We suggest you to follow our manual removal guide. Plus, you can watch the video removal guide of the similar rogue.

Video removal guide of the similar virus:

Removal guide of PC Defender Plus virus:

STEP 1.

Run GridinSoft Trojan Killer: Click Win+R and type the direct link for the program’s downloading. direct link for the program’s downloading If it does not work, download GridinSoft Trojan Killer from another uninfected machine and transfer it with the help of a memory stick.

STEP 2.

Install GridinSoft Trojan Killer. Right click - Run as. Uncheck the checkbox as displayed below. Run as

IMPORTANT!

Don’t uncheck the Start Trojan Killer checkbox at the end of installation! checkbox

Manual removal guide of PC Defender Plus virus:

Delete PC Defender Plus files:

  • %commonappdata%pcdfdatadefs.bin
  • %commonappdata%pcdfdatasupport.ico
  • %commonappdata%pcdfdataconfig.bin
  • %commonprograms%PC Defender PlusPC Defender Plus.lnk
  • %commondesktopdir%PC Defender Plus.lnk
  • %commonappdata%pcdfdataapp.ico
  • %commonprograms%PC Defender PlusRemove PC Defender Plus.lnk
  • %commonappdata%pcdfdatavl.bin
  • %commonprograms%PC Defender PlusPC Defender Plus Help and Support.lnk
  • %commonappdata%pcdfdatauninst.ico

Delete PC Defender Plus registry files:

The following registry elements have been created:

  • HKEY_CURRENT_USER\.EXE\SHELL\
  • HKEY_CURRENT_USER\.EXE\SHELL\OPEN\
  • HKEY_CURRENT_USER\.EXE\SHELL\OPEN\COMMAND\
  • HKEY_CURRENT_USER\.EXE\SHELL\RUNAS\
  • HKEY_CURRENT_USER\.EXE\SHELL\RUNAS\COMMAND\
  • HKEY_CURRENT_USER\SOFTWARE\CLASSES\.EXE\
  • HKEY_CURRENT_USER\SOFTWARE\CLASSES\.EXE\DEFAULTICON\
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ WINDOWS\CURRENTVERSION\UNINSTALL\PCDFDATA\

The following registry elements have been changed:

  • HKEY_CURRENT_USER\.EXE\CONTENT TYPE = application/x-m
  • HKEY_CURRENT_USER\.EXE\SHELL\OPEN\COMMAND\ISOLATEDCOMMAND = "%1" %*
  • HKEY_CURRENT_USER\.EXE\SHELL\RUNAS\COMMAND\ISOLATEDCOMMAND = "%1" %*
  • HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\ CURRENTVERSION\RUN\PCDFSVC = %ALLUSERSPROFILE%\Application Data\pcdfdata\[random] /min
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ UNINSTALL\PCDFDATA\DISPLAYICON = %ALLUSERSPROFILE%\Application Data\pcdfdata\[random] ,0
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION \UNINSTALL\PCDFDATA\DISPLAYNAME = PC Defender Plus
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ UNINSTALL\PCDFDATA\INSTALLLOCATION = %ALLUSERSPROFILE%\Application Data\pcdfdata
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ UNINSTALL\PCDFDATA\UNINSTALLSTRING = %ALLUSERSPROFILE%\Application Data\pcdfdata\[random] /tout

SOURCE: http://www.deletemalware.net/pc-defender-rogue-deletion-tutorial/
Автор: на
Ярлыки:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)