Browse » Home
Sunday, February 12, 2012
How to Remove Windows PC Defender Virus
1. Turn on or restart the computer and press "F8" on the boot screen to open the Windows Advanced Boot Options menu. Scroll to "Safe Mode" and press Enter.
2. Sign in to Windows. Hold down "Ctrl-Shift-Esc" to open Windows Task Manager. Click the "Processes" tab.
3. Click "Image Name" to alphabetize the processes. Right-click "eb.exe." Select "End Process" from the menu. Click "End Process" again.
4. Repeat the above step for fix.exe, ppal.exe and WP345d.exe.
5. Click "File." Click "New Task" to open the "Run" window. Type "cmd" and press "Enter" to open a command-line window.
6. Type "cd c:\windows\system32" at the command-line prompt. Press "Enter." Type "regsvr32 -u mozcrt19.dll" and press "Enter" to unregister the Windows PC Defender dynamic linking library.
7. Repeat the process for sqlite3.dll, cid.dll and ddv.dll. Type "cd %userprofile%\recent" at the command prompt and press Enter. Unregister tempdoc.dll. Close the command-prompt window.
8. Reopen the "Run" box. Type in "regedit" or "regedit.exe." Press Enter to open Windows Registry Editor.
9. Navigate through the "HKEY_CLASSES_ROOT" and "CLSID" paths. Right-click "{3F2BBC05-40DF-11D2-9455-00104BC936FF}." Click "Delete." Click "Yes" to confirm.
10. Return to "HKEY_CLASSES_ROOT." Right-click "WP345d.DocHostUIHandler" and click "Delete." Click "Yes" to confirm the deletion.
11. Go through "HKEY_USERS | .DEFAULT | Software| Microsoft| Internet Explorer." Click "SearchScopes."
12. Right-click "URL," which has the value of "http://search-gala.com/?&uid=201&q={searchTerms," and click "Delete." Click "Yes" to confirm the deletion.
13. Return to "Internet Explorer." Right-click "PRS," which has the value of "http://127.0.0.1:27777/?inj=%ORIGINAL%." Click "Delete." Click "Yes."
14. Go to "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings." Find and delete "UID" with the "201" value.
15. Click "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform." Delete "89770891803."
16. Open "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run." Delete "Windows PC Defender."
17. Click the Start button at the bottom left of your monitor screen. Click "Computer." Enter "8424.mof" into the search bar and wait for the computer to locate the file. When the file appears in the results, right-click it, then click "Delete." Click "Yes."
18. Repeat the process for the following files associated with Windows PC Defender: exec.tmp, mozcrt19.dll, CLSV.tmp, fix.exe, search.xml, ddv.dll, eb.exe, sqlite3.dll, tempdoc.dll, WP345d.exe, runddlkey.drv, WPCD.ico, ppal.exe, wpcd.cfg, energy.sys, vd952342.bd, cookies.sqlite, Windows PC Defender.lnk, PE.drv, cid.dll, eb.sys, FS.drv, Instructions.ini, kernel32.drv and PE.tmp.
19. Go to "C:\Documents and Settings\All Users\Application Data." Delete the following folders: "3adffe," "WPCDSys" and "345d567."
20. Type "%userprofile%\application data" into the address bar and press Enter. Right-click "Windows PC Defender" then click "Delete." Click "Yes" to completely remove the Windows PC Defender virus from your computer. Restart your computer.