Wednesday, March 19, 2014

Remove Windows Pro Defence KitRemove Windows Pro Defence Kit

Remove Windows Pro Defence Kit
Windows Pro Defence Kit is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Windows Pro Defence Kit. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Windows Pro Defence Kit is installed on the computer, it will start automatically when Windows boot. Then Windows Pro Defence Kit will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Windows Pro Defence Kit will repeatedly shows the pop ups to urge the user to purchase the full version of Windows Pro Defence Kit so that to remove all the threats. However, Windows Pro Defence Kit cannot detect and remove any kind of virus, malware and trojan.


Windows Pro Defence Kit can be removed by stopping the processes and removing the files ([random].exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Windows Pro Defence Kit shown in the removal guide below. Windows Pro Defence Kit DLL Files should be unregistered too (see removal guide). All files related to Windows Pro Defence Kit must be deleted. 

Windows Pro Defence Kit provide fake feature such as Home, Firewall, Automatic updates, Antivirus Protection, Anti-Phishing, Advanced Process Control, Autorun Manager, Service Manager, All-in-One Suite, Quick Scan, Deep Scan, Custom Scan, History, Settings, etc. All of them cannot protect the computer from any kind of malware.

Windows Pro Defence Kit should be removed immediately!

Windows Pro Defence Kit Removal Guide
Kill Process
(How to kill a process effectively?)
svc-[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MS-SEC" = %AppData%\svc-[random].exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe
HKEY_LOCAL_MACHINE\Software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\k9filter.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bckd "ImagePath" = 22.sys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = 1
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\svc-[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorAdmin" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "ConsentPromptBehaviorUser" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableLUA" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "EnableVirtualization" = 0

Remove Folders and Files
%AppData%\svc-[random].exe
%AppData%\data.sec
%UserProfile%\Desktop\Windows Pro Defence Kit.lnk
%AllUsersProfile%\Start Menu\Programs\Windows Pro Defence Kit.lnk
File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7/8, and c:\winnt\profiles\[Current User] for Windows NT.

%AllUsersProfile% refers to the All Users Profile folder. By default, this is C:\Documents and Settings\All Users for Windows 2000/XP and C:\ProgramData\ for Windows Vista, Windows 7, and Windows 8.

%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Roaming.



No comments:

Post a Comment