Severity scale:  
  (80/100)

Win Server Defender. How to remove? (Uninstall guide)

removal by Ugnius Kiguolis - -   Also known as WinServerDefender | Type: Rogue Antispyware
12

Win Server Defender is a dangerous cyber infection, which belongs to the ‘rogue anti-spyware’ category. It hails from the Braviax family and uses the same GUI as Win7 Defender, XP Defender and Vista Defender malwares. The main thing, which excludes this version from the previous ones, is that it is set to attack Windows Servers. Once it gets inside the system, Win Server Defender displays fake alerts and notifications that report only about invented viruses. Note that some of its 'issues' detected are legitimate Windows files, such as explorer.exe and similar. Please, ignore these warnings and remove Win Server Defender from your computer.

HOW CAN I KNOW THAT I AM INFECTED WITH Win Server Defender?

Win Server Defender is distributed by fake video codecs and flash updates. Classically, when trying to watch something online, user is asked to update his Flash player but, when he clicks on this pop-up, he is secretly infected with Win Server Defender. Once it gets there, it drops its own executables and starts displaying fake scan results. Some of its alerts look like that:

System Security Alert!
Vulnerabilities found
Background scan for security breaches has been finished. Serious problems have been detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defence.

System Security Alert!
Unknown program is scanning your system registry right now! Identify the theft detected!

Clearly, it tries to scare you that you are dangerously infected and that you need to purchase its license. Please, never do that. You must remove Win Server Defender from your computer as soon as it starts displaying its fake alerts on your desktop.

HOW CAN I REMOVE Win Server Defender?

In order to remove Win Server Defendr from the PC, scan your computer using legitimate antispyware programs, like Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus, Reimage that are effectively working with these viruses. If you can't launch a program, rename the executable from xxx.exe to xxx.com or follow these steps:

1. Reboot your computer to Safe Mode with Networking. Just reboot your PC and, as soon as it starts booting up, start pressing F8 repeatedly.
2. Loggin as the same user as you were in normal Windows mode
3. Now click on IE or other browser and select 'Run As' or 'Run As administrator', enter your Administrator account password (if needed).
4. Enter this link to your address bar: https://www.2-spyware.com/download/hunter.exe and download a program on your desktop. Launch it to kill the malicious processes of Win Server Defender and remove its files.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Win Server Defender you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Win Server Defender. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Win Server Defender snapshot
Win Server Defender snapshot

Win Server Defender manual removal:

Kill processes:
[random].exe

Delete registry values:
HKEY_CLASSES_ROOT.exe "(Default)" = "[random]"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallpcdfdata

HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = ""%CommonAppData%pcdfdata[random].exe" /ex "%1" %*"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "pcdfsvc" = "%CommonAppData%pcdfdata[random].exe /min

Delete files:
%CommonAppData%pcdfdata

%CommonAppData%pcdfdata[random].exe

%CommonAppData%pcdfdataapp.ico

%CommonAppData%pcdfdataconfig.bin

%CommonAppData%pcdfdatadefs.bin

%CommonAppData%pcdfdatasupport.ico

%CommonAppData%pcdfdatauninst.ico

%CommonAppData%pcdfdatavl.bin

%AllUsersProfile%DesktopWin Server Defender.lnk

%CommonStartMenu%ProgramsWin Server Defender

%CommonStartMenu%ProgramsWin Server DefenderRemove Win Server Defender.lnk

%CommonStartMenu%ProgramsWin Server DefenderWin Server Defender Help and Support.lnk

%CommonStartMenu%ProgramsWin Server DefenderWin Server Defender.lnk

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions

Removal guides in other languages