Windows Server Defender

Windows Server Defender is a malicious security program infection that is also part of the multi-rogue Defender family because of its ability to adapt itself to multiple operating systems and use the word 'Defender' in its program name. Windows Server Defender will adapt its attack depending on the targeted operating system, changing its name, appearance and some of its behaviors. This is a fairly typical feature for many rogue security applications and has been observed repeatedly in other attacks, such as in the or Braviax family of malware. It is crucial to notice that, despite its name and appearance, Windows Server Defender is not a legitimate anti-virus program and is actually part of a well known scam used to attack inexperienced computer users. If Windows Server Defender is installed on your computer, ESG security researchers strongly advise using a reliable anti-malware program to scan your computer and disinfect your hard drives.

Windows Server Defender's main tactic is spamming the victim with multiple fake error messages and alarming system alerts, all claiming that the victim's computer is infected with dangerous malware. Trying to use Windows Server Defender to remove these supposed malware infections results in additional error messages and browser redirects. These are designed to convince the victim to purchase a 'full version' of Windows Server Defender. However, since Windows Server Defender is not capable of finding or erasing malware, ESG security researchers strongly advise against purchasing its 'full version' or allowing the 'free version' of this fake security program from remaining on your computer.

Windows Server Defender and its variants cause similar symptoms on infected computers. Windows Server Defender will spam the victim with a high number of fake error messages, both of the pop-up notification variety and typical Windows system alerts. Windows Server Defender also runs a fake scan of the infected computer, always indicating the presence of nonexistent viruses and Trojans. Windows Server Defender has also been known to interfere with legitimate security software and other applications. ESG security analysts have observed that Windows Server Defender causes browser redirects, blocks access to files and applications on the infected computer and causes the targeted computer to become slow, unstable and unreliable. All of these symptoms are designed to make computer users to believe that their machine is severely infected with malware (other than Windows Server Defender itself).

There are a huge amount of members in the FakeRean family. Among these members, all clones of Windows Server Defender are

File System Details

Windows Server Defender may create the following file(s):
# File Name Detections
1. %CommonAppData%\pcdfdata\[RANDOM CHARACTERS].exe
2. %CommonAppData%\pcdfdata\uninst.ico
3. %CommonAppData%\pcdfdata\config.bin
4. %CommonStartMenu%\Programs\Win Server Defender\Remove Win Server Defender.lnk
5. %CommonStartMenu%\Programs\Win Server Defender\Win Server Defender.lnk
6. %CommonAppData%\pcdfdata\app.ico
7. %CommonAppData%\pcdfdata\support.ico
8. %CommonStartMenu%\Programs\Win Server Defender\Win Server Defender Help and Support.lnk
9. %CommonAppData%\pcdfdata\vl.bin
10. %CommonAppData%\pcdfdata\defs.bin
11. %AllUsersProfile%\Desktop\Win Server Defender.lnk

Registry Details

Windows Server Defender may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "pcdfsvc" = "%CommonAppData%\pcdfdata\.exe /min"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = ""%CommonAppData%\pcdfdata\.exe" /ex "%1" %*"


SpyHunter, es compatible para Windows Server 2012 R2?

Yes, it is.


Most Viewed