Win 7 Defender 2013 claims itself as a legitimate antivirus program which can protect your computer from virus, Trojan horse, spyware and other malware. In reality, it is a fake antivirus program like XP Defender 2013 that will infect your computer and try to extort money from you through devious tactics instead of safeguarding your computer from malware attacks. Usually, this rogue program is spread via malicious websites, spam email attachments, suspicious links, and freeware. Once it infects your computer, it will first display a series of fake security warnings, claiming that some threats has been detected on your computer and urging you to download and install an antivirus program, namely the Win 7 Defender 2013, to totally remove the malicious threats. To convince you, this fake antivirus program even shows you some false system scan results, which looks true and authentic. If trust it and try to use the so-called antivirus program to remove the “detected threats”, you will be asked to pay money to buy its registered version before you can remove anything from your computer. Actually, the ultimate goal of the rogue program is to make money by misleading its victims to pay for its registered version.
When Win 7 Defender 2013 is installed on your computer, it will modify the registry settings so as to allow itself to launch automatically whenever you start up your computer. Besides, this rogue program will block the execution of any security programs installed on your computer, so that it can protect itself from being removed by these real antivirus programs. When launched, it will pretend to perform a computer scan and then display some bogus scan results as the picture shown below. Then you will be probably scared by all these fake security warnings and then buy the paid version of Win 7 Defender 2013 to get rid of those nonexistent threats. Apart from extorting your money, this malicious program will also damage the files or corrupt the important data stored in your computer, which will bring great loss to you. Therefore, there is no time to delay for removing this rogue program from your computer.
How Can You Remove Win 7 Defender 2013?
Actually, you can remove this rogue program either manually or automatically. If you are experienced in computer operation, then you can try following the steps below to manually remove it. But if not, we highly recommend you to automatically remove it.
Step 1: Close all programs running on your computer currently and restart your computer. When the Windows start up, you should press F8 key continuously until you access the Advanced Boot Options. Choose the “Safe Mode with Networking” by using the arrow keys and then press Enter.
Step 2: Press Ctrl+ Alt+ Delete together to open the Task manager. Since the rogue program can be any processes named with random characters, so you should search for the randomly-named processes and stop them.
Step 3: Click the Start menu and go to the Control Panel. Locate “Uninstall a program” and click it. Locate Win 7 Defender 2013 in the list of programs. If you find it, select it and remove it.
Step 4: Go to the local disk C through the Windows explorer. Type the rogue program name into the search box on the right top of the window, and press Enter. Then delete any files related to the rogue program. If you find no files in this way, then you can navigate to C:\ProgramFiles\ folder to find and remove any suspicious files.
Step 5: Go to the Start menu, type” regedit” into the search box and click on “regedit” from the result list. When the Registry Editor is opened, look for and delete the register entries associated with Win 7 Defender 2013.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\[rogue program name] “AntiVirusOverride” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\[rogue program name] “FirewallOverride” = ’1′
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
KEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’
Step 2: Press Ctrl+ Alt+ Delete together to open the Task manager. Since the rogue program can be any processes named with random characters, so you should search for the randomly-named processes and stop them.
Step 3: Click the Start menu and go to the Control Panel. Locate “Uninstall a program” and click it. Locate Win 7 Defender 2013 in the list of programs. If you find it, select it and remove it.
Step 4: Go to the local disk C through the Windows explorer. Type the rogue program name into the search box on the right top of the window, and press Enter. Then delete any files related to the rogue program. If you find no files in this way, then you can navigate to C:\ProgramFiles\ folder to find and remove any suspicious files.
Step 5: Go to the Start menu, type” regedit” into the search box and click on “regedit” from the result list. When the Registry Editor is opened, look for and delete the register entries associated with Win 7 Defender 2013.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\[rogue program name] “AntiVirusOverride” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\[rogue program name] “FirewallOverride” = ’1′
HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe”‘
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode’
KEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%LocalAppData%\kdn.exe” -a “%1″ %*’
If you are not expert at computer and want to automatically get rid of Win 7 Defender 2013, then you can follow the steps listed below:
Step 1: Start the computer into the “Safe Mode with Networking” (same steps as above)
Step 2: Download a powerful removal tool and install it on your computer.
Step 3: Run the removal tool and perform a thorough scan on your computer system.
Step 4: After the scan is done, remove all malicious components of the rogue program.
Step 5: Restart your computer back to the normal mode.
Step 2: Download a powerful removal tool and install it on your computer.
Step 3: Run the removal tool and perform a thorough scan on your computer system.
Step 4: After the scan is done, remove all malicious components of the rogue program.
Step 5: Restart your computer back to the normal mode.
Note: Both the methods introduced above can help eliminate Win 7 Defender 2013 from your computer, but you should remember that, manual removal of the files and registry entries of the rogue program requires you to be very proficient in computer and you must make sure that no any mistakes would occur during the manual removal, or else you may cause unexpected system damage. Comparing with the manual method, the automatic one is much easier and safer. So, it is highly recommended to adopt the automatic method if you are a novice user.
No comments:
Post a Comment