Win Server Defender is a dangerous cyber infection, which belongs to the ‘rogue anti-spyware’ category. It hails from the Braviax family and uses the same GUI as Win7 Defender, XP Defender and Vista Defender malwares. The main thing, which excludes this version from the previous ones, is that it is set to attack Windows Servers. Once it gets inside the system, Win Server Defender displays fake alerts and notifications that report only about invented viruses. Note that some of its 'issues' detected are legitimate Windows files, such as explorer.exe and similar. Please, ignore these warnings and remove Win Server Defender from your computer.
HOW CAN I KNOW THAT I AM INFECTED WITH Win Server Defender?
Win Server Defender is distributed by fake video codecs and flash updates. Classically, when trying to watch something online, user is asked to update his Flash player but, when he clicks on this pop-up, he is secretly infected with Win Server Defender. Once it gets there, it drops its own executables and starts displaying fake scan results. Some of its alerts look like that:
System Security Alert!
Background scan for security breaches has been finished. Serious problems have been detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defence.
System Security Alert!
Unknown program is scanning your system registry right now! Identify the theft detected!
Clearly, it tries to scare you that you are dangerously infected and that you need to purchase its license. Please, never do that. You must remove Win Server Defender from your computer as soon as it starts displaying its fake alerts on your desktop.
HOW CAN I REMOVE Win Server Defender?
In order to remove Win Server Defendr from the PC, scan your computer using legitimate antispyware programs, like Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus, Reimage that are effectively working with these viruses. If you can't launch a program, rename the executable from xxx.exe to xxx.com or follow these steps:
1. Reboot your computer to Safe Mode with Networking. Just reboot your PC and, as soon as it starts booting up, start pressing F8 repeatedly.
2. Loggin as the same user as you were in normal Windows mode
3. Now click on IE or other browser and select 'Run As' or 'Run As administrator', enter your Administrator account password (if needed).
4. Enter this link to your address bar: https://www.2-spyware.com/download/hunter.exe and download a program on your desktop. Launch it to kill the malicious processes of Win Server Defender and remove its files.
Win Server Defender manual removal:
Delete registry values:
HKEY_CLASSES_ROOT.exe "(Default)" = "[random]"
HKEY_CURRENT_USERSoftwareClasses.exeshellopencommand "(Default)" = ""%CommonAppData%pcdfdata[random].exe" /ex "%1" %*"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "pcdfsvc" = "%CommonAppData%pcdfdata[random].exe /min
%AllUsersProfile%DesktopWin Server Defender.lnk
%CommonStartMenu%ProgramsWin Server Defender
%CommonStartMenu%ProgramsWin Server DefenderRemove Win Server Defender.lnk
%CommonStartMenu%ProgramsWin Server DefenderWin Server Defender Help and Support.lnk
%CommonStartMenu%ProgramsWin Server DefenderWin Server Defender.lnk