Win 7 Defender
Posted: March 22, 2010
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 30 |
| First Seen: | January 9, 2012 |
|---|---|
| OS(es) Affected: | Windows |
Win 7 Defender may be promoted as a cure for spyware, viruses and other types of PC threats, but Win 7 Defender's real functions don't have anything to do with detection or deletion of any type of threat to your computer. Like the other types of scamware that Win 7 Defender is cloned from, Win 7 Defender uses fraudulent system scans and pop-ups to urge you to buy its fake anti-malware services – under the threat that if you don't do this, your PC will suffer under the ongoing ministrations of various PC threats. SpywareRemove.com malware analysts, however, advise that you delete Win 7 Defender from your computer as soon as its presence is noticed, since Win 7 Defender's very presence is a security risk due to Win 7 Defender's creation of junk files and fake Windows components. Ideally, removing Win 7 Defender should be done with competent anti-malware software, despite Win 7 Defender's potential-inclusion of (fake) removal tools.
Cutting Through Win 7 Defender's Propaganda to Its Real Features
Win 7 Defender, although it looks and feels like a genuine Windows-friendly product, doesn't have any of the features that you would expect a real anti-malware program to have. However, Win 7 Defender does possess a good facsimile of these features in the form of simulated system scans and inaccurate pop-up warnings that display fake information about your PC.
Unfortunately, even this flood of fake information isn't the limit of Win 7 Defender's capabilities, as Win 7 Defender is also likely to:
- Create trash files that are harmless for your PC (except for the clutter) and label them as the byproduct of nonexistent PC threats.
- Launch itself without your consent – typically to run fake system scans.
- Load an applet that imitates the appearance of your Windows Security Center – but this fake Security Center will only redirect you to Win 7 Defender's site when you try to click on it.
Why Win 7 Defender is Just One of a Legion Against Your PC
Win 7 Defender may not mention its brethren, but SpywareRemove.com malware researchers have traced Win 7 Defender's ancestry back to a multitude of nigh-identical scamware products from the Rogue:Win32/FakeRean subgroup. In many cases, these fake anti-malware applications will attempt to present themselves in the form of products that are sponsored by Microsoft, such as Vista AntiMalware 2010, Win 7 Antispyware 2010, Win 7 Smart Security 2010, XP Guardian 2010, Vista Home Security 2011 or XP Total Security 2011. Other variants of the FakeRean scamware may use different titles, however – examples that are unlinked to specific Windows versions include Total PC Defender, Home Antivirus 2010 and Desktop Defender 2010.
All variants of FakeRean scamware should be removed by dedicated anti-malware scanners, although they may resist deletion until you deactivate them (by using Safe Mode or other types of baseline anti-malware strategies that are available in Windows). Deleting Win 7 Defender with proper software, however, should result in a fully-restored and unharmed PC. Win 7 Defender, like all types of FakeRean programs, is unable to attack non-Windows operating systems due to making various Windows components complicit in its attack strategies.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AllUsersProfile%\Desktop\Win 7 Defender.lnk
File name: %AllUsersProfile%\Desktop\Win 7 Defender.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonAppData%\pcdfdata\.exe
File name: %CommonAppData%\pcdfdata\.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CommonAppData%\pcdfdata\app.ico
File name: %CommonAppData%\pcdfdata\app.icoMime Type: unknown/ico
Group: Malware file
%CommonAppData%\pcdfdata\config.bin
File name: %CommonAppData%\pcdfdata\config.binFile type: Binary File
Mime Type: unknown/bin
Group: Malware file
%CommonAppData%\pcdfdata\defs.bin
File name: %CommonAppData%\pcdfdata\defs.binFile type: Binary File
Mime Type: unknown/bin
Group: Malware file
%CommonAppData%\pcdfdata\support.ico
File name: %CommonAppData%\pcdfdata\support.icoMime Type: unknown/ico
Group: Malware file
%CommonAppData%\pcdfdata\uninst.ico
File name: %CommonAppData%\pcdfdata\uninst.icoMime Type: unknown/ico
Group: Malware file
%CommonAppData%\pcdfdata\vl.bin
File name: %CommonAppData%\pcdfdata\vl.binFile type: Binary File
Mime Type: unknown/bin
Group: Malware file
%CommonStartMenu%\Programs\Win 7 Defender\Remove Win 7 Defender.lnk
File name: %CommonStartMenu%\Programs\Win 7 Defender\Remove Win 7 Defender.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonStartMenu%\Programs\Win 7 Defender\Win 7 Defender Help and Support.lnk
File name: %CommonStartMenu%\Programs\Win 7 Defender\Win 7 Defender Help and Support.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonStartMenu%\Programs\Win 7 Defender\Win 7 Defender.lnk
File name: %CommonStartMenu%\Programs\Win 7 Defender\Win 7 Defender.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "pcdfsvc" = "%CommonAppData%\pcdfdata\.exe /min"HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = ""%CommonAppData%\pcdfdata\.exe" /ex "%1" %*"HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pcdfdata
Additional Information
| # | Message |
|---|---|
| 1 | System Security Alert Unknown program is scanning your system registry right now! Identity theft detected. |
| 2 | System Security Alert Vulnerabilities found Background scan for security breaches was finished. Serious issues were detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defense. |
| 3 | Win 7 Defender Firewall Alert Firefox.exe is infected with Trojan-Clicker.Js.Agent.op. Private data can be stolen by third parties, including credit card details and passwords. |
I cannot access the Internet on my PC win7defender blocks it. I am communicating with my. IPAD. I have a laptop if I can down to a flash drive and then transfer to my pc
My Dell desktop, with Windows 7 is infected with this Win 7 defender. I tried going into "Safe" mode, but the virus (malware - whatever) will not allow me to open either IE, or Chrome. What now?? Thanks.
How do I down load it to a flash drive so I can put it on the infected pc?
My Toshiba laptop has been infected by the win7 defender, wont let me run anything or get on the internet either, how do i get rid of this as i can't download anything. Could put something from this computer onto a flash drive to put on the infected one.
I rebooted my computer, then ran Mcaffee antivirus full scan and it ended the Win 7 defender pro 2013 process, then I went to this site to disable Win 7 defender pro 2013. Now am going to manually go through my computer as instructed above to remove the software Win 7 defender pro 2013 for good. So far all is good but still want it totally off my computer and out of my registry as well.
How do I temporarily disable windows defender