1

Remove Windows Defence

By Steve Espino – PCTools Malware Research Team

Windows Defence is a fake antivirus program that displays fake malware alerts on PCs in order to make unsuspecting users think that their computer has been infected by malware. Windows Defence is part of a massive number of clones of fake antivirus programs with names like WinAntiVirus, UltimateAntiVirus, AntiVirus2008, and AntivirusPlus, to name a few.

Like most other fake antivirus programs, Windows Defence could be distributed via numerous fake My Computer online scans and could also be downloaded and installed by other malware on the affected computer.

Installation

Upon execution Windows Defence goes on to perform fake scans on the affected machine.

From time to time, it reminds users of affected machines that the fake antivirus software is unregistered and needs activation.

Clicking on the Buy Now button takes the user to a malicious website offering several licensing options for the fake antivirus software, where unsuspecting users are lured into entering their credit card details.

PC Tools advises against entering any credit card information on these forms. Victims of this attack and strongly advised to immediately contact their credit card companies to dispute the anomalous transactions and ensure that there will be no future unauthorized charges.

Fake Malware Warnings

Windows Defence displays a list of fake detections and fake warnings, offering cleanup only if the unsuspecting user buys the fake antivirus software.

In order to further scare unsuspecting users, Windows Defence mimics the look of the Windows Security Center by reiterating that the computer’s Malware Protection needs immediate attention.

Manual Removal Guide

Windows Defence drops the following files:
%commonappdata%mswdmswd.exe
%commonappdata%mswdscss.exe
%commonappdata%mswdWindowsDefence.exe

and creates the folders:
%commonappdata%mswd
%commonprograms%Windows Defence

Windows Defence creates these registry keys and entries:

HKU.DEFAULTSoftwareWindowsDefence

To clean up Windows Defence, the above files / folders and registry entries would have to be removed.

What is Rogue Antispyware?

Rogue antispyware is a type of misleading application, which employs deceitful and disruptive tactics to try to persuade people to supply payment information. At best these programs are simply annoying. At worst they are intrusive and damaging. Some programs simply try to scare people by claiming their PC is infected with spyware or viruses, when it isn’t. Others will use registration reminder pop-ups, hoping people will think they intended to download and purchase the product, and then enter payment details. There are also rogue antispyware programs which will display pornographic material on PCs or prevent people from accessing their files, then claim that purchasing the application is the solution.

Whenever choosing an antispyware or antivirus program, we recommend that you choose one which is proven, and has genuine awards from one or more world leading research labs, such as PC Magazine, PC World, CNET, PC Pro Magazine, PC Authority, and PC Answers. Do not use ratings from unknown review websites, as often these are designed to mislead you into purchase of affiliated, inferior, or even rogue products.

How did it get on my PC?

Creators of rogue antispyware programs use many avenues to reach your PC. They may directly mislead you into downloading the program by setting up a website with fake reviews, and claiming the product is useful, then ensuring that website is viewed by as many people as possible. They also use indirect methods, such as infecting a link or a file so that the program is installed on your machine without your knowledge. If a person isn’t already using a legitimate antispyware program, their PC is vulnerable to these infected files as they surf the web or read emails.

Solution:

How can I remove Windows Defence?

First, download and install Spyware Doctor. Then, use it to scan your PC. If your PC is infected with Windows Defence or any other malware, the name of the infection will be listed. The infections can be removed by purchasing Spyware Doctor.

For Spyware Doctor non-beta users:
Ensure you have the latest version of our signature database using SmartUpdate. This will protect you from the latest threats in the wild including DesktopDefender2010.

Spyware Doctor is a legitimate, multi-award winning antispyware program offering free customer support and a 100% Money Back Guarantee.

Spyware Doctor Detects and Removes Rogue Antispyware

Spyware Doctor uses the most advanced anti-malware technology to detect and block any suspicious activity on your PC. Spyware is becoming more sophisticated; constantly evolving it’s method of attack. The results can be menacing, from damaged files, to slow computer speed, to stolen logins and identity theft. We’ve built in real-time behavioural analysis to automatically recognize and respond to any style of malware attack, even never seen before, “zero-day” threats. Use Spyware Doctor and you can be confident that your PC is secure.

Spyware Doctor continues to receive awards by leading PC authorities such as PC World, PC Magazine, PC Pro, PC Plus, PC Authority, PC Utilities, PC Advisor, PC Choice, Microdatorn, Computer Bild and PC Answers Magazine with a “Best of the Year” award 2 years in a row.

Tests show that Spyware Doctor prevents, detects and removes more Spyware, Adware, and other common threats than other leading security software.

Purchase Spyware Doctor by PC Tools today to instantly protect you from new threats and remove the current ones on your PC.

Features:

• Total Anti-Spyware and Anti-Malware solution
• Zero-Day threat protection
• Frequent, free updates
• Fast scanning and removal
• Won’t slow your PC down
• Easy to use with Intelliguard technology
• Customizable settings with password protection
• FREE customer support
• 100% Money Back Guarantee
And more…

This entry was posted in Malware Alerts and tagged , , , , , . Bookmark the permalink.

One Response to Remove Windows Defence

  1. shashi kanth kangayam says:

    i needed to have a detailed break down of the installation and propagation of this rouge app for its analysis.

    Thank you, you did a great job.
    -shashi

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>