How to Remove DefendAPC | DefendAPC Removal Guide



DefendAPC is the latest variation on the Wini family of rogue antivirus. It is typically promoted via the use of trojans, malware and aggressive advertising. Once installed on the system it will run supposed scans of the system claiming that you have viruses on your system and that you have multiple security vulnerabilities on your system. Both of these claims are typically inaccurate and have been invented. Many times the rogue itself will create files that it then detects during the supposed scans. As you can imagine, this doesn’t do much for it’s credibility…. Read on for how to remove DefendAPC.


In addition to the usual problems you may also see the following messages from this rogue:

German Alert:
Spzprogramm Warnzeichen!
Ihr Computer ist mit Spionprogramm infektioniert. Das kann Ihren Dateien und die im Internet zugänglich machen. Klicken bitte hier, um Ihre Kopie von DefendAPc zu registrieren und Ihr PC von Spyprogramm frei zu machen.

English Alert:
Spyware Alert!
Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of BlockProtector and remove spyware threats from your PC.

French Alert:
Spyware Alerte!
Votre ordinateur est infecté de spyware. Il pourrait endommager vos fichiers critiques ou exposer vos données prives sur ‘Internet. Cliquez ici pour enregistrer votre copie de DefendAPc et enléver des menaces spyware de votre OP.

Italian Alert:
Spyware miniaccia!
Il suo computer è infetto di spyware. Puo dannegiare i suoi files criticali rivelare i suoi dati personali nell’Internet. Clicca qui per registrare la sua coppia di DefendAPc e rimouvere le minacce di spyware dal suo computer.

First you should really try to visit the control panel and the add/remove programs area to see if it’s possible to uninstall defendapc. With many rogues this may not be possible, but it is worth trying as your first line of defense against software that you do not want on your system. If it works, I would still follow up with a scan using a trusted malware removal tool such as malwarebytes antimalware or superantispyware and then continue to scan with an antivirus application that is also reputable. (AVG/mcafee/norton/etc.)

This particular rogue may also include a rootkit named TDL3 in it’s install on your system. This will make cleanup a bit more challenging. The people over at bleeping computer have a forum post with more details on advanced removals. In fact, they have a very helpful forum for most any malware removal. I highly recommend it if you get stuck.

You may download malwarebytes from a link on the virus removal toolkit page. While there you may also wish to download process explorer. After it is downloaded go ahead and try to install malwarebytes on your system.

If you are unable to install malwarebytes antimalware you may try the following: 1) rename the installer from mbam-setup.exe to something like iexplore.exe and retry launching it. 2) reboot into safe mode with networking and retry the install. 3) follow the next step which involves killing off the running processes associated with defendapc and then retry the install.

The following processes are associated with defendapc and should be killed off using the task manager. If task manager will not launch you may try the following: 1) copy and paste the task manager executable (taskmgr.exe) to the desktop and then rename it to something like firefox.exe 2) reboot into safe mode with networking and see if the listed applications are running (if not continue with your removal in safe mode.) 3) use process explorer instead of task manager to kill off the following:

DefendAPC.exe
Uninstall.exe
RANDOM.exe

The above filenames include files that are created with a random name. Please use the information and locations listed below plus what you see on your system to help you decide which processes need to be terminated. The filenames below also include randomly created filenames.

The following files should be deleted to manually remove defendapc from your computer:

%docs%All UsersDesktopDefendAPc.lnk
%docs%All UsersStart MenuProgramsDefendAPc
%docs%All UsersStart MenuProgramsDefendAPc1 DefendAPc.lnk
%docs%All UsersStart MenuProgramsDefendAPc2 Homepage.lnk
%docs%All UsersStart MenuProgramsDefendAPc3 Uninstall.lnk
%progfiles%DefendAPc Software
%progfiles%DefendAPc SoftwareDefendAPc
%progfiles%DefendAPc SoftwareDefendAPcDefendAPc.exe
%progfiles%DefendAPc SoftwareDefendAPcmain_config.xml
%progfiles%DefendAPc SoftwareDefendAPcuninstall.exe
%tmp%RANDOM.exe
%win%1037s5zal9614.cpl
%win%10z2backdo9591.ocx
%win%10z795roj498.bin
%win%system3260c09ackzoor5949.bin
%win%system32610559rmz3.cpl
%win%system32RANDOM.exe

After you have completed a manual removal of defendapc you should follow up with a malware removal tool such as superantispyware or malwarebytes antimalware. Then use a trusted, reputable antivirus application (or online scanner) to make one more pass over the computer to make certain that it’s clean.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove TrustFighter | Trust Fighter Removal Guide TrustFighter sports a very familiar face, but a different name. Trustfighter is a rogue security application that is in the long line of similar applications such as TrustSoldier (TrustSoldier removal guide) and the following others... SafeFighter (Safefighter Removal), TrustCop (TrustCop Removal Guide), SecureWarrior (SecureWarrior Removal), SecurityFighter (SecurityFighter Removal), SecuritySoldier (SecuritySoldier......
  • How to Remove KeepCop | Keep Cop Removal Guide KeepCop is yet another of those rogue antivirus applications that seem to be such a plague on computer users today. These rogue security applications usually installed without permission, or by means of trickery claiming to be a video codec or flash player update. Further they will start out on your......
  • How to Remove GreatDefender | GreatDefender Removal Guide GreatDefender is a rogue antivirus application from the winisoft family. It is installed onto a system through the use of trojans and other malware which should give you an indication that it is not something that you want on your system. (It's usually a bad sign when you don't know......
Blog Traffic Exchange Related Websites
  • Why We Have To Switch To Cloud Web Host: Why we must switch to Cloud Web host: Cloud hosting as explained in Wikipedia is a service that does not need knowledge among the consumers, we might not really know it, but we are actually enjoying the benefits of cloud hosting as Google searches are running within a cloud of......
  • Search History - Today And Tomorrow It could sound a bit scary but every single stroke of my keyboard is recorded by the laptop or computer memory. You had been looking for particular info on the web. In several days whenever you required to check out the similar pages again, to your utter dismay, you......
  • Finding the Best WordPress Plugins for your Blog WordPress originally saw the light of day in 2003, and is now being used on thousands of different websites in countries all over the world. WordPress is designed to be a simple open source blogging tool that can be taken advantage of in two different ways: You can either take......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site