How to remove Win 7 Defender

Monday, March 22nd, 2010 at 10:54 pm
Home » Rogue Antispyware » Win 7 Defender

Win 7 Defender description

Win 7 Defender is just another title for the same annoying malware hidden under names of Win 7 Defender Pro and XP Defender Pro. The fraud works just like its predecessors: it tries to gain a purchase by masquerading as a security tool.

Let’s take a closer look on Win7 Defender functions. It fabricates security alerts in enormous amounts. The warnings are designed to resemble Windows notifications and notifications usually loaded by anti-spyware or anti-virus tools. This way Win7Defender tricks people into taking the program as a real application. The fact is Win 7Defender is a computer infection. It halts a computer because it loads itself automatically and uses lots of system resources. Win 7 Defender may also interrupt web browsing and block security applications. The goal of this program is pushing victims into buying Win 7Defender. Avoid the trap and remove this malware as soon as possible.

Win 7 Defender is a Rogue Antispyware software

How to manually remove Win 7 Defender

To remove Win 7 Defender spyware you must block Win 7 Defender sites, stop and remove processes, unregister DLL files, search and delete all other Win 7 Defender files and registry utility. Follow the Win 7 Defender detection and removal instructions below.

The most typical software removal method is to remove Win 7 Defender by using "Add or Remove Programs" service. However there may be hidden Win 7 Defender files, running processes and registries in your computer, so Win 7 Defender may recreate all other files after reboot.

Win 7 Defender manual removal instructions

Stop and remove Win 7 Defender processes:
Read more how to kill Win 7 Defender processes

Locate and delete Win 7 Defender registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
Read more how to delete Win 7 Defender registry entries
Download RegistryBooster 2010 to scan errors caused by Win 7 Defender

Detect and delete other Win 7 Defender files:
C:\Users\All Users\QJyrk5wvCU1

We strongly recommend you to use spyware remover to track Win 7 Defender and automaticaly remove Win 7 Defender processes, registries and files as well as other spyware threats.

Download does not start? Try a mirror download here

Tags: , , ,

Leave a Reply

Download does not start? Try a mirror download here