What is System Defender?
System Defender is a
rogue anti-spyware that belongs to the Virus Doctor family of rogue
programs. It is also relate to Windows System Defender which was
released three weeks before it. System Defender reaches user systems
via online scammers and advertisers who use social engineering
techniques to try and get users to download and install the software.
Once installed, System Defender will block important Windows
utilities like Task Manager and Registry Editor in an attempt to
discourage users from removing System Defender manually. It also
creates a number of harmless files on the hard drive, later flagging
them as dangerous viruses. System Defender performs regular fake
scans of the system and warns the user that there are some serious
threats. It also blocks legitimate virus scanners and websites with
legitimate scanners. System Defender then proceeds to try and
convince the user to buy the ‘full’ version of the software,
claiming that the currently installed ‘trial’ version is
insufficient to clean the system of the detected ‘threats’.
However, the so-called ‘full’ version of System Defender is in no
way more capable than the ‘trial’ version to scan or clean your
computer.
As System Defender
aggressively tries to prevent its removal by blocking Windows
utilities, you will have to restart your computer in Safe Mode before
you attempt to remove it. The steps needed for manual System Defender
removal are outlined below. It is also recommended to use genuine antivirus
software such as Spyware Doctor with Antivirus » download.
How to Remove System Defender ?
File Removal Procedures
The first step in System
Defender removal is to kill the following processes:
- WS339.exe
- ppal.exe
- tjd.exe
Next,
it is necessary to unregister the following DLL files which are
related to System Defender:
- mozcrt19.dll
- tempdoc.dll
- sqlite3.dll
- CLSV.dll
- PE.dll
The next step is to
delete the following files and folders from your hard drive:
- c:\Documents
and Settings\All Users\Application Data\117fc
- c:\Documents
and Settings\All Users\Application Data\117fc\WS339.exe
- c:\Documents
and Settings\All Users\Application Data\117fc\WSD.ico
- c:\Documents
and Settings\All Users\Application Data\WSDDSys
- c:\Documents
and Settings\All Users\Application Data\WSDDSys\wsd.cfg
- %UserProfile%\Application
Data\Microsoft\Internet Explorer\Quick Launch\System Defender.lnk
- %UserProfile%\Application
Data\System Defender
- %UserProfile%\Application
Data\System Defender\cookies.sqlite
- %UserProfile%\Application
Data\System Defender\Instructions.ini
- %UserProfile%\Desktop\System
Defender.lnk
- %UserProfile%\Desktop\xp_7a9be\
- %UserProfile%\Desktop\xp_7a9be\68.mof
- %UserProfile%\Desktop\xp_7a9be\mozcrt19.dll
- %UserProfile%\Desktop\xp_7a9be\sqlite3.dll
- %UserProfile%\Desktop\xp_7a9be\WSDDSys
- %UserProfile%\Desktop\xp_7a9be\WSDDSys\vd952342.bd
- %UserProfile%\Recent\ANTIGEN.dll
- %UserProfile%\Recent\ANTIGEN.sys
- %UserProfile%\Recent\ANTIGEN.tmp
- %UserProfile%\Recent\cid.dll
- %UserProfile%\Recent\CLSV.dll
- %UserProfile%\Recent\ddv.tmp
- %UserProfile%\Recent\PE.dll
- %UserProfile%\Recent\PE.drv
- %UserProfile%\Recent\PE.sys
- %UserProfile%\Recent\ppal.exe
- %UserProfile%\Recent\runddlkey.drv
- %UserProfile%\Recent\std.sys
- %UserProfile%\Recent\tempdoc.dll
- %UserProfile%\Recent\tjd.exe
- %UserProfile%\Recent\tjd.sys
- %UserProfile%\Start
Menu\System Defender.lnk
- %UserProfile%\Start
Menu\Programs\System Defender.lnk
- c:\Program
Files\Mozilla Firefox\searchplugins\search.xml
After
deletion of these files and folders has been completed, your file
system is safe from System Defender. Registry Removal Procedures
The final step in System
Defender removal is to delete the following keys and settings from
the Windows Registry:
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CLASSES_ROOT\xp_7a9be.DocHostUIHandler
- HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet
Explorer\SearchScopes "URL" =
http://search-gala.com/?&uid=220&q={searchTerms}
- HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Download "RunInvalidSignatures" = "1"
- HKEY_CLASSES_ROOT\Software\Microsoft\Internet
Explorer\SearchScopes "URL" =
http://search-gala.com/?&uid=220&q={searchTerms}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"System Defender"
After this step has been
completed, you have completely removed System Defender from your
computer. However, in order to make sure that no additional malicious
software components are still installed it is recommended to conduct
a full system scan using Spyware Doctor with Antivirus » download as a genuine
security product. Conclusion
Manual System Defender
removal is not recommended for inexperienced users of computer
systems as any wrong move could damage the integrity of your system.
The best way to ensure that System Defender is removed completely and
safely is to use a web-based repair service such as
www.onlinecomputerrepair.org.
Tags:
Delete
System Defender | System
Defender Removal |
How to Delete System Defender | Remove
System Defender | System
Defender
|