Windows PC Defender - How To Remove?


Windows PC Defender is a rogue anti-spyware program and a clone of Ultimate System Guard, Windows Guard Pro and some others. This parasite spreads by deceiving users into downloading the program. It also relies on misleading advertising to trick you into purchasing it’s so-called “licensed version”, which is just as fake as the “trial”.

When surfing the web, you may encounter popups, such as these:

“Warning! Your computer is infected
Warning! Trojan Found!
File name: crss.drv
Threat name: Trojan-Spy.HTML.Sunfraud.a”


“System alert
Suspicious software, which may be malicious, has been detected on your PC. Click here to remove this threat immediately with Windows PC Defender”

You have a choice what to click on these popups, but this is where choice ends, since regardless of what you click, the parasite will take you to an online-scanner. This scanner is fake, but will not appear to be so. It pretends to scan the system and afterwards claims that it is infected and in need of an anti-spyware program. You will then be prompted to download Windows PC Defender, which can supposedly dispose of the infection.

Once inside and active, Windows PC Defender creates harmless files and runs a scan, which marks these files as serious threats to the system. They cannot be removed, or so Windows PC Defender claims, without the “full version” of the remover, which costs quite a bit of money and is every bit as useless as the trial.

Windows PC Defender is a scam and should be treated as such: do NOT download or buy it and block these websites:

Remove Windows PC Defender and all its files as soon as you detect this parasite in your PC!

Automatic Windows PC Defender removal tools

Note: Reimage trial provides detection of parasites and assists in their removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.  We might be affiliated with some of these programs. Full information is available in disclosure

Manual removal


Important Note: Although it is possible to manually remove Windows PC Defender, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Reimage or other tools found on


Windows PC Defender screenshots


About the author

I am an attentive virus researcher. My interests include discussions about deceptive online content and rogue software applications. All of our goal is to minimize the risks that many people encounter during browsing and help them figure out the main hints that might indicate that a program or a website is of a fraudulent nature.

September 16, 2009 22:16, September 17, 2009 08:38

33 thoughts on “Windows PC Defender

  1. This malware is not allowing me to use Spyware Doctor.

    It even threatens when I try to download Spyware Doctor.

  2. I got it on a flash drive and installed it on the infected computer but it will not allow me to run it. HELP. Please

  3. Try renaming it into something else, or try following trick :
    Open a new document with notepad, write something but do not save. Then start shut down procedure, wait till it blocks and asks you what to do with document. Wait for a while, then cancel shutdown. Try launcing program then

  4. 1. Go to Windows Start button -> All Programs
    2. Look for the icon Windows PC Defender and find out the location of its directory.
    (I located mine at c:\programdata\7ccc47a)
    You won’t find this directory in Windows Explorer even if you set your Folder Options to Show hidden files and folders
    3. Restart your computer in safe mode with command prompt.
    4. In your command prompt type:
    – cd\ (press enter key on your keyboard)
    – cd programdata (press enter key on your keyboard)
    – rd (type the folder location here) /s /q (press enter key on your keyboard)
    – exit (press enter key on your keyboard)
    5. Restart your computer.

    ** Also you can try using Malwarebyte software, its free.

  5. helpful article, but it appears that pc defender (or some other program) has now allowed me to get into my task manager to shut down the programs. it also seems that malwarebytes cant remove it for some reason, even though it detects it.

  6. @admin
    what are we suppose to try and rename? I renamed pctsGui.exe to pctsGuitest.exe and it let the program open up, but it just sits there and will not let me start scan. The System Status just says Checking… and never changes.

  7. HELP!! Hier est survenu windows defender pc en cherchant un lien sur internet..
    je lis vos reponses mais je ne comprends rien,je suis trop nul en informatique.. si qulqu’un a du temps à me consacrer svp!!! j’ai un netbook et je ne peux plus naviguer sur le net correctement..grrrr

  8. I was just checking out your system and it has blocked my whole computer. I can’t even get on line. Would PLEASE do what you can to clear this out of my computer using my e-mail address. Like I said–I can not open any windows because everything is block by you. Help!! Robert Parks

  9. These bastards have made my life miserable all day. Can they be reported somewhere? I cannot get rid of their nasty asses. I am glad I wasn’t guillable enough to turn over a credit card number to them. Where can we go to get the real help that is needed?

  10. i was idiotic enough to buy the 12month plan im wondering will it take all my money so i can cancel the credit card

  11. It looks like I successfully downloaded Spy Doctor, however, the Windows PC Defender continues to keep popping up. Now what?

  12. Yesterday, Friday, October 9, 2009, Actually last Night, maybe even the early morning, Saturday, I got mauled by some malware. It was loading viruses, spam pull downs, adware, trojan horses, moles and who knows what else. Its first indication of being in my computer was a phoney danger alert that some assortment of virus, trojans, etc. were discovered (by this WINDOWS on-line antivirus software) on my computer. It said that it was “Windows P. C. Defender – on line” (not to be confused with “Windows Defender”) to be downloaded from (probably stolen, diverted or captured). I needed to download immediately to cleanse my computer before there was damage. The only damage was caused by this malware. It systematically started down loading the aforementioned malwares and started systematically searching memory and my hard drives for antivirus software and disabling it. I was fast losing control of my computer and had to shut it off and do a system restore to get my anti-virus protection back. I found chatter on the Internet about this thing and will try to remove it. My current anti-virus software, NOD32, SPYBOT, ADAWARE, etc. were helpless. I think, somehow, this was a driveby, although, I went to a lot of sports and football sites yesterday, one of them could, knowingly or not, be infected, it may even have been in a “cookie”.

  13. A couple of days ago I got a flag from NOD32 (about one of the cookie’s files) that I submitted (see 10-10-09). They found another “cookie” and a nest of files and malware that they have since quarantined that I will probably have to have removed when I get time to review them. Looks like the boys and girls at ESET (NOD32) are getting up to speed on this beastie.

  14. This PC Defender popped up on my computer last night. It won’t let me do ANYTHING at all on the computer. How do I get rid of it, if it won’t let me go into my start menu?

  15. I recently came in contact with total PC defender, which force downloaded its self to the main computer I use, and upon start up, and once everything is partly loaded, the false scan will pop up so I am unable to stop it. I’ve tried 3 times already, and I’m afraid my computer will crash if I restart it one more time with out using the restart in the start menu. I have all my important things on that computer, aside from personal info that could be stolen. Is my computer too far gone to be saved? Cause I can’t download anything to “seek out and destroy” that stupid thing.

  16. I got caught up in this and could not stop it. The only thing I could do which seems to of resolved it was to try to end the process in task manager and then go into CCLeaner, find this in the startup and turn it off and disable it from restarting.

    After that I went back to the prior days restore point, which seemed to of removed the directory and other bits, ran my antivirus, and other spyware tools and I dont seem to find it.

  17. How to remove windows pc defender
    1 stop the process using task manager (if it allows u to) listed above
    2 reboot in safe mode with networking
    3 download spyware doctor or Malwarebytes and before installing, rename the file to iexeplorer.exe.
    4install the program
    5 run the software and remove the virus
    6 reboot in normal mode.
    It should not be there.

  18. Try To Do It In Safe Mode

    How To:
    1.Restart/Turn The Computer.

    2.Hold F8 for a while then the Advanced Turn On Options Will Appear

    3.Choose Safe Mode With Networking (It Will Take A While To Load The Files)

    -If you don’t have one installed install one (Malware Bytes abd Spyware Doctor
    are good to use and are the ones i know that are safe)

    4.Run Spyware Doctor, Malware Bytes Or The Program You Have To Remove It.

    5.Restart Your Computer

    6.Your Computer Is Clean (No more viruses/spyware/rookit)

  19. I found that the longer this virus is on your computer, the more involved it becomes. I tried renaming the antivirus programs, to no avail. I tried the safe mode with networking, but no matter what I tried, the virus masked the operation. I tried four different CD based antivirus programs, but none of them worked.
    Out of desperation, because I really didn’t want to lose these peoples personal settings, I tried Safe Mode, with no networking or DOS prompt.
    This time, the prompt for system restore came up, which allowed me to restore the computer to an earlier date.
    After this, I was able to install MBAM and run it and get rid of the viruses.
    I always remove MBAM, after using it. A lot of viruses will corrupt it if it is installed on a computer.

  20. I just finished cleaning a computer which was heavily involved with this Windows PC Defender Plus, to the point that even in safe mode with networking, it would not allow me to install or run antivirus programs or open task manager. It would not even allow Windows Explorer to open. I even tried changing the names of the antivirus installation executables, to no avail.
    I tried three Linux based antivirus CDs, but none worked.
    I really hate to lose peoples’ personal files, but I had almost decided to wipe the drive. I have been to this point before, but I have learned that there is always a back door. You just have to find it.
    I decided to try one more thing. Safe Mode, without networking and without DOS prompt.
    I was able to use F8, to get into the safe mode. The first thing to pop up was the System Restore Prompt. This time I was able to get into system restore and restore back a month or so. It worked. I was able the install Malwarebytes and run a scan.
    After the computer was back to normal, I removed Malwarebytes, as viruses like to disable MBAM first. I use Microsoft Security Essentials and make sure it is updated daily.

  21. Yeah this sucks. there is a worm crawling around on my pc screen and another screen that says your computer is infected with the worm download windows pc defender.. WTF!?
    I email from another comp.

  22. Are you talking about Windows PC Defender or any of anti-malware tools that we are recommending?

Leave a Reply

Your email address will not be published. Required fields are marked *