Home Malware Programs Rogue Anti-Spyware Programs Win7/XP Defender

Win7/XP Defender

Posted: December 26, 2012

Threat Metric

Threat Level: 10/10
Infected PCs: 38
First Seen: December 26, 2012
OS(es) Affected: Windows

Win7/XP Defender is a rogue anti-spyware application. Win7/XP Defender is often downloaded and installed by a Trojan through browser security holes, or via other unconventional and unethical mechanisms. Once installed, Win7/XP Defender will display notifications of imaginary security and privacy risks in its attempts to get the user to purchase its full version and may generate system slow down and instability. This program can be extremaly difficult to remove manually.

Win7/XP Defender is a member of the WinPC Defender family. There are numerous clones of Win7/XP Defenderthat include Ultimate Defender, SystemDefender, IE Defender, Advanced XP Defender, XP Defender, WinDefender2008, PCTotalDefender, PC Defender 2008, Personal Defender 2009, WinDefender 2009, Perfect Defender 2009, Total Defender, Malware Defender 2009, WinPC Defender, PC Privacy Defender, Smart Defender Pro, Rogue.UltimateDefender, FraudTool.LastDefender.b and Security Defender Pro 2015.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AllUsersProfile%\Desktop\Win 7 Defender.lnk File name: %AllUsersProfile%\Desktop\Win 7 Defender.lnk
Mime Type: unknown/lnk
Group: Malware file
%CommonAppData%\pcdfdata\.exe File name: %CommonAppData%\pcdfdata\.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CommonAppData%\pcdfdata\app.ico File name: %CommonAppData%\pcdfdata\app.ico
Mime Type: unknown/ico
Group: Malware file
%CommonAppData%\pcdfdata\config.bin File name: %CommonAppData%\pcdfdata\config.bin
File type: Binary File
Mime Type: unknown/bin
Group: Malware file
%CommonAppData%\pcdfdata\defs.bin File name: %CommonAppData%\pcdfdata\defs.bin
File type: Binary File
Mime Type: unknown/bin
Group: Malware file
%CommonAppData%\pcdfdata\support.ico File name: %CommonAppData%\pcdfdata\support.ico
Mime Type: unknown/ico
Group: Malware file
%CommonAppData%\pcdfdata\uninst.ico File name: %CommonAppData%\pcdfdata\uninst.ico
Mime Type: unknown/ico
Group: Malware file
%CommonAppData%\pcdfdata\vl.bin File name: %CommonAppData%\pcdfdata\vl.bin
File type: Binary File
Mime Type: unknown/bin
Group: Malware file
%CommonStartMenu%\Programs\Win 7 Defender\Remove Win 7 Defender.lnk File name: %CommonStartMenu%\Programs\Win 7 Defender\Remove Win 7 Defender.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonStartMenu%\Programs\Win 7 Defender\Win 7 Defender Help and Support.lnk File name: %CommonStartMenu%\Programs\Win 7 Defender\Win 7 Defender Help and Support.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonStartMenu%\Programs\Win 7 Defender\Win 7 Defender.lnk File name: %CommonStartMenu%\Programs\Win 7 Defender\Win 7 Defender.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "pcdfsvc" = "%CommonAppData%\pcdfdata\.exe /min"HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = ""%CommonAppData%\pcdfdata\.exe" /ex "%1" %*"HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pcdfdata
Loading...