Win 7 Defender Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Win 7 Defender is a fake security program that belongs to a well-known online scam. Fake security applications of this kind are known as rogue security programs. A rogue security program is a malware infection that impersonates a legitimate anti-malware program in order to scam its victims. Win 7 Defender will basically take over your computer system and then attempt to scare you into thinking that your machine is infected with malware. Then, Win 7 Defender will ‘helpfully’ offer to solve this supposed malware problem for you as long as you purchase a Win 7 Defender license. However, according to ESG security researchers, Win 7 Defender has absolutely no anti-malware capabilities. This program is designed to cause problems on the victim’s computer system deliberately with nothing behind its interface except a host of malicious scripts and deceptive error messages. If you have installed Win 7 Defender on your computer system, ESG security researchers strongly recommend using a real anti-malware tool to remove Win 7 Defender immediately. Failure to remove Win 7 Defender leaves a computer system to be more vulnerable to other intruders while at the same time causes severe disruptions in the infected computer’s normal operations.

Protecting Yourself from Win 7 Defender

To avoid rogue security programs like Win 7 Defender you should be certain that you can recognize them and distinguish them from a real security application. There are several red flags with Win 7 Defender’s tactics that should immediately cause you to suspect that something is wrong:

• Win 7 Defender is installed onto the victim’s computer system without the computer user’s authorization. As a general rule, software that appears on your computer system without your permission or authorization will usually be harmful.
• Once installed on the victim’s computer, Win 7 Defender is difficult to remove. Trying to remove Win 7 Defender using ‘add and remove programs’ panel is not possible, usually resulting in an error message. Using Win 7 Defender’s fake uninstall feature will also not yield results. In general, a program that does not allow you to remove it through normal means may be associated with malware.
• Win 7 Defender makes dangerous changes to the Windows Registry which allow Win 7 Defender to start up automatically without the user’s authorization. It also prevents you from opening certain files or from connecting to the Internet. Any program that prevents you from using your computer system will probably not be a legitimate security application. Even if Win 7 Defender claims that Win 7 Defender is doing this in order to ‘protect’ your interests, you can be sure that its true intentions are to steal your money.

Type: Rogue AntiSpyware Programs

How Can You Detect Win 7 Defender?

Win 7 Defender Technical Report

As new Win 7 Defender details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Win 7 Defender:

The following fake error message(s) appears for Win 7 Defender:

Win 7 Defender Firewall Alert
Firefox.exe is infected with Trojan-Clicker.Js.Agent.op. Private data can be stolen by third parties, including credit card details and passwords.

System Security Alert
Unknown program is scanning your system registry right now! Identity theft detected.

System Security Alert
Vulnerabilities found
Background scan for security breaches was finished. Serious issues were detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defense.

‘How Win 7 Defender Infects Your Computer’ Video

Win 7 Defender Removal Details

Win 7 Defender has typically the following processes in memory:

• %CommonAppData%\pcdfdata\.exe

Win 7 Defender creates the following files in the system:

• %CommonAppData%\pcdfdata\config.bin
• %CommonAppData%\pcdfdata\uninst.ico
• %CommonStartMenu%\Programs\Win 7 Defender\Win 7 Defender Help and Support.lnk
• %CommonAppData%\pcdfdata\app.ico
• %CommonAppData%\pcdfdata\support.ico
• %CommonStartMenu%\Programs\Win 7 Defender\Remove Win 7 Defender.lnk
• %AllUsersProfile%\Desktop\Win 7 Defender.lnk
• %CommonAppData%\pcdfdata\defs.bin
• %CommonAppData%\pcdfdata\vl.bin
• %CommonStartMenu%\Programs\Win 7 Defender\Win 7 Defender.lnk

Win 7 Defender creates the following registry entries:

• HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “”%CommonAppData%\pcdfdata\.exe” /ex “%1″ %*”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pcdfdata
• HKEY_CLASSES_ROOT\.exe “(Default)” = “”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “pcdfsvc” = “%CommonAppData%\pcdfdata\.exe /min”

Important Article Disclaimer