Win 7 Defender

Posted: March 22, 2010

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	2/10
Infected PCs:	30

First Seen:	January 9, 2012
OS(es) Affected:	Windows

Win 7 Defender may be promoted as a cure for spyware, viruses and other types of PC threats, but Win 7 Defender's real functions don't have anything to do with detection or deletion of any type of threat to your computer. Like the other types of scamware that Win 7 Defender is cloned from, Win 7 Defender uses fraudulent system scans and pop-ups to urge you to buy its fake anti-malware services – under the threat that if you don't do this, your PC will suffer under the ongoing ministrations of various PC threats. SpywareRemove.com malware analysts, however, advise that you delete Win 7 Defender from your computer as soon as its presence is noticed, since Win 7 Defender's very presence is a security risk due to Win 7 Defender's creation of junk files and fake Windows components. Ideally, removing Win 7 Defender should be done with competent anti-malware software, despite Win 7 Defender's potential-inclusion of (fake) removal tools.

Cutting Through Win 7 Defender's Propaganda to Its Real Features

Win 7 Defender, although it looks and feels like a genuine Windows-friendly product, doesn't have any of the features that you would expect a real anti-malware program to have. However, Win 7 Defender does possess a good facsimile of these features in the form of simulated system scans and inaccurate pop-up warnings that display fake information about your PC.

Unfortunately, even this flood of fake information isn't the limit of Win 7 Defender's capabilities, as Win 7 Defender is also likely to:

Create trash files that are harmless for your PC (except for the clutter) and label them as the byproduct of nonexistent PC threats.
Launch itself without your consent – typically to run fake system scans.
Load an applet that imitates the appearance of your Windows Security Center – but this fake Security Center will only redirect you to Win 7 Defender's site when you try to click on it.

Why Win 7 Defender is Just One of a Legion Against Your PC

Win 7 Defender may not mention its brethren, but SpywareRemove.com malware researchers have traced Win 7 Defender's ancestry back to a multitude of nigh-identical scamware products from the Rogue:Win32/FakeRean subgroup. In many cases, these fake anti-malware applications will attempt to present themselves in the form of products that are sponsored by Microsoft, such as Vista AntiMalware 2010, Win 7 Antispyware 2010, Win 7 Smart Security 2010, XP Guardian 2010, Vista Home Security 2011 or XP Total Security 2011. Other variants of the FakeRean scamware may use different titles, however – examples that are unlinked to specific Windows versions include Total PC Defender, Home Antivirus 2010 and Desktop Defender 2010.

All variants of FakeRean scamware should be removed by dedicated anti-malware scanners, although they may resist deletion until you deactivate them (by using Safe Mode or other types of baseline anti-malware strategies that are available in Windows). Deleting Win 7 Defender with proper software, however, should result in a fully-restored and unharmed PC. Win 7 Defender, like all types of FakeRean programs, is unable to attack non-Windows operating systems due to making various Windows components complicit in its attack strategies.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%AllUsersProfile%\Desktop\Win 7 Defender.lnk

File name: %AllUsersProfile%\Desktop\Win 7 Defender.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%CommonAppData%\pcdfdata\.exe

File name: %CommonAppData%\pcdfdata\.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%CommonAppData%\pcdfdata\app.ico

File name: %CommonAppData%\pcdfdata\app.ico
Mime Type: unknown/ico
Group: Malware file

%CommonAppData%\pcdfdata\config.bin

File name: %CommonAppData%\pcdfdata\config.bin
File type: Binary File
Mime Type: unknown/bin
Group: Malware file

%CommonAppData%\pcdfdata\defs.bin

File name: %CommonAppData%\pcdfdata\defs.bin
File type: Binary File
Mime Type: unknown/bin
Group: Malware file

%CommonAppData%\pcdfdata\support.ico

File name: %CommonAppData%\pcdfdata\support.ico
Mime Type: unknown/ico
Group: Malware file

%CommonAppData%\pcdfdata\uninst.ico

File name: %CommonAppData%\pcdfdata\uninst.ico
Mime Type: unknown/ico
Group: Malware file

%CommonAppData%\pcdfdata\vl.bin

File name: %CommonAppData%\pcdfdata\vl.bin
File type: Binary File
Mime Type: unknown/bin
Group: Malware file

%CommonStartMenu%\Programs\Win 7 Defender\Remove Win 7 Defender.lnk

File name: %CommonStartMenu%\Programs\Win 7 Defender\Remove Win 7 Defender.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%CommonStartMenu%\Programs\Win 7 Defender\Win 7 Defender Help and Support.lnk

File name: %CommonStartMenu%\Programs\Win 7 Defender\Win 7 Defender Help and Support.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

%CommonStartMenu%\Programs\Win 7 Defender\Win 7 Defender.lnk

File name: %CommonStartMenu%\Programs\Win 7 Defender\Win 7 Defender.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "pcdfsvc" = "%CommonAppData%\pcdfdata\.exe /min"HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = ""%CommonAppData%\pcdfdata\.exe" /ex "%1" %*"HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pcdfdata

Additional Information

The following messages's were detected:

#	Message
1	System Security Alert Unknown program is scanning your system registry right now! Identity theft detected.
2	System Security Alert Vulnerabilities found Background scan for security breaches was finished. Serious issues were detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defense.
3	Win 7 Defender Firewall Alert Firefox.exe is infected with Trojan-Clicker.Js.Agent.op. Private data can be stolen by third parties, including credit card details and passwords.

6 Comments

Landis says:

December 25, 2012 at 2:23 pm

I cannot access the Internet on my PC win7defender blocks it. I am communicating with my. IPAD. I have a laptop if I can down to a flash drive and then transfer to my pc
Bob Laywell says:

December 25, 2012 at 2:28 pm

My Dell desktop, with Windows 7 is infected with this Win 7 defender. I tried going into "Safe" mode, but the virus (malware - whatever) will not allow me to open either IE, or Chrome. What now?? Thanks.
Kirk says:

December 27, 2012 at 1:44 pm

How do I down load it to a flash drive so I can put it on the infected pc?
Jane says:

January 17, 2013 at 3:09 pm

My Toshiba laptop has been infected by the win7 defender, wont let me run anything or get on the internet either, how do i get rid of this as i can't download anything. Could put something from this computer onto a flash drive to put on the infected one.
Butterbean says:

February 21, 2013 at 5:33 am

I rebooted my computer, then ran Mcaffee antivirus full scan and it ended the Win 7 defender pro 2013 process, then I went to this site to disable Win 7 defender pro 2013. Now am going to manually go through my computer as instructed above to remove the software Win 7 defender pro 2013 for good. So far all is good but still want it totally off my computer and out of my registry as well.
David Wold says:

November 22, 2014 at 12:03 am

How do I temporarily disable windows defender