Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Sunday, September 5, 2010

How to remove Windows Defence (Uninstall Guide)

Tell your friends:
Windows Defence is a rogue anti-spyware program that attempts to deceive users into buying the full version of the program to remove malicious software supposedly found during a false system scan. This fake program is promoted through the use of Trojans, fake online scanners and infected web pages. The fake scanner has a blue shield icon with lightning on it. Once installed, it will pretend to scan your computer for malware. Then it will claim that your computer is infected with spyware, Trojans, worms, adware and other viruses to make you think that your computer is really infected when in fact it's free of virus and the only security threat is Windows Defence itself. What is more, the rogue program will open up randomly and display fake security warnings like every one or two minutes. It goes without saying that you should remove Windows Defence from your computer. Thanfully, you can use free and genuine anti-malware software to remove this malware from your computer. Please follow the removal instructions below.


Image source: symantec.com

While running, Windows Defence will block legitimate anti-virus and anti-spyware programs, system tools and utilities such as task manager and registry editor. There are at least several variants of this bogus program and in some cases Windows Defence may disable system restore and safe mode. It will also hijack your web browser and redirect you to its main web page which is windows-defence.com.

A screen shot of rogue's main web page:


Reboot your computer is safe mode or safe mode with networking if you can and run a system scan with anti-malware software. If you can't do that then you will have to remove it in normal mode. Please follow detailed Windows Defence removal instructions below. Last, but not least, if you have already purchased this rogue product then contact your credit card company and dispute the charges. And, of course, if you have any questions or additional information, don't hesitate and leave a comment. Good luck and be safe online!


Windows Defence removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download anti-malware software from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Windows Defence removal instructions in Normal mode:

1. Download Process Explorer iexplore.exe. Double click to open it. Look for Windows Defence in the process list and terminate its process(es).
2. Download  anti-malware software from the list below. Update it and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Windows Defence associated files and registry values:

Files:
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\smmservice.exe
  • C:\Documents and Settings\All Users\Application Data\mswd\
  • C:\Documents and Settings\All Users\Application Data\mswd\Base.dat
  • C:\Documents and Settings\All Users\Application Data\mswd\db.avdb
  • C:\Documents and Settings\All Users\Application Data\mswd\WindowsDefence.exe
  • C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defence\
  • C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defence\Windows Defence.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defence\Uninstall\
  • C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defence\Uninstall\Uninstall.lnk
Registry:
  • HKEY_USERS\.DEFAULT\Software\WindowsDefence
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\smmservice
Share this information with other people:

3 comments:

Anonymous said...

most of the registry keys are not found on my Windows XP home PC. I did delete the folders with no problems in safe mode. I can install all the anti-spyware apps but none of them will run.

trickywolf83 said...

having similar issues on a win7 machine. i no longer have a safemode, and when i remove the bits of files in various locals, as soon as i back out, they repopulate themselves...

Anonymous said...

I did a system restore which solved the problem, including all registry entries. When I tried to end the processes before the system restore the program would just open itself back up.