Pin Me

How to Remove Windows PC Defender Virus

written by: Donna Buenaventura•edited by: Bill Fulks•updated: 3/24/2015

The rogue program PC Defender runs in safe and normal mode in Windows. It targets SUPERAntiSpyware and Malwarebytes Anti-Malware, which means you need to use other scanners for a Windows PC Defender removal to succeed. Find out in this article on how to remove the Windows PC Defender virus.

  • slide 1 of 4

    Rogue Program: PC Defender

    UI of Windows PC Defender, Windows PC Defender Removal Guide PC Defender is a rogue program that displays non-existing threats in Windows. The scareware will display a fake Windows Security Center, mature-content advertisements in the threat details Window, and a fake balloon warning message. This rogue application often displays two or more Windows to annoy users.

    The PC Defender runs a scan and its rogue processes in normal and safe mode boot options in Windows. This particular rogue application targets SUPERAntiSpyware and Malwarebytes Anti-Malware programs, which means you need more tools to succeed with a Windows PC Defender removal.

  • slide 2 of 4

    Removing PC Defender Using Windows Defender and Other Tools

    I have to suggest using Windows Defender and other removal tools to remove Windows PC Defender virus because the rogue PC Defender is targeting Malwarebytes' Anti-Malware and SUPERAntiSpyware. If you will use SUPERAntiSpyware to remove PC Defender, the computer will display a fake bluescreen warning message and restarts the PC.Windows PC Defender virus Targets SUPERAntiSpyware 

    If you will use Malwarebytes Anti-Malware, the PC Defender will prevent it from running. Using Rkill malware process killer is not going to help because the variant of PC Defender nows runs in safe mode or normal mode using more than one malicious processes.PC Defender virus blocks Malwarebytes And because this rogue program runs also in Safe mode, Malwarebytes and SUPERAntiSpyware will fail to remove the program.PC Defender virus runs in Safe mode 

    PC Defender Continues to Run in Safe mode Windows Defender, Spybot - Search & Destroy, Ad-Aware and EmsiSoft Anti-Malware are currently not being targeted by the PC Defender virus. You can run these anti-malware tools in Safe or Normal mode boot option of Windows. When any of the tools has finished removing the rogue application, you should scan using Malwarebytes or an antivirus program to remove the left-over files or registry remnants and shortcut keys.Windows Defender Removes PC Defender virus 

    If you decide to use Windows Defender to remove PC Defender, you only need to manually delete the following files and a registry key after a system restart:

    • Delete the registry key {456a3b12-8fe6-41ae-9e5c-5e55f0712c09} under the hive of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
    • Locate C:\Documents and Settings\All Users\Start Menu\Programs\PC Defender and then delete PC Defender folder
  • slide 3 of 4

    Rogue PC Defender Screenshots

    Fake Windows Security Center - PC DefenderRegistration Window of Rogue PC DefenderPorn Advertisement in Threat Details - PC DefenderPC Defender Blocks Task Manager UtilityPC Defender Blocks Registry Editor in WindowsA Fake Warning from PC Defender
  • slide 4 of 4

    PC Defender - Manual Removal Method

    If you would rather remove Windows PC Defender virus using the manual method, you need to download HijackThis tool. The PC Defender rogue program runs in safe mode or normal mode in Windows, which means you won't have access to the Registry Editor and Task Manager that should help in removing the rogue program using the manual method.

    Follow these steps to start removing PC Defender, in a normal or safe mode with networking boot option for Windows:

    • Download the executable version of HijackThis tool from http://free.antivirus.com/hijackthis/
    • Open HijackThis and agree to the EULA. Click "Scan" button.
    • Put a checkmark before the box of "F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\Program Files\Def Group\PC Defender\pcdef.exe"Remove Windows PC Defender virus Using HijackThis 
    • Click "Fixed Checked" button, close the HijackThis window and then restart the computer.
    • Open the Registry Editor in Windows by type regedit.exe in the run command/box.
    • Navigate to the registry keys, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{456a3b12-8fe6-41ae-9e5c-5e55f0712c09} then delete the {456a3b12-8fe6-41ae-9e5c-5e55f0712c09} registry key only.
    • Close the registry editor.Uninstall Registry Key of PC Defender rogue program 
    • Locate C:\Program Files\Def Group\PC Defender folder. Delete the Def Group folder.
    • Locate C:\Documents and Settings\All Users\Start Menu\Programs\PC Defender and then delete PC Defender folder.
    • Restart the computer and scan using the computer using antivirus or anti-malware program.

    Image credit: Screenshots taken by the author