Posts Comments

System Defender Removal

By admin on February 8, 2010 Leave a Comment

Virus Info: System Defender is fake anti-spyware belonging to the Virus Doctor family of rogue software, and is merely a newer version of the well-known Windows System Defender. It acts in the same manner as any other rogue software by trying to convince users to buy a license for the software. System Defender enters a user’s computer via advertisers and scammers who aggressively promote the software via fake websites. These advertisers and scammers use social engineering techniques to trick users in to installing System Defender on their computers. Once it has been installed, System Defender starts performing fake system scans at regular intervals, returning results that claim that the user’s system is under serious threat. It also creates a number of harmless files that it later detects as dangerous viruses. System Defender uses a Windows-style GUI and pop-ups generated from the Windows taskbar to convince users that this is the real thing. Then it claims that the currently installed ‘trial’ version is inadequate to remove the previously detected false ‘threats and urges the user the pay for the ‘full’ version of the software. However, the ‘full’ version is no more capable of cleaning a user’s system than the ‘trial’ version, therefore no user should ever purchase the false license to this rogue software

System Defender

System Defender

» Download Spyware Doctor With Antivirus here

As System Defender aggressively tries to prevent its removal by blocking Windows utilities, you will have to restart your computer in Safe Mode before you attempt to remove it. In order to remove System Defender, you will have to stop its processes, unregister its DLLs, delete its files and folders and remove its registry entries.

System Defender File Removal Procedures

The first step you must take to remove System Defender is to kill the following processes: ( Learn how to terminate a running process )

  • WS339.exe
  • ppal.exe
  • tjd.exe

Next, it is necessary to unregister the following DLL files which are related to System Defender:

  • mozcrt19.dll
  • tempdoc.dll
  • sqlite3.dll
  • CLSV.dll
  • PE.dll

Now you are ready to delete the following files and folders:

  • c:\Documents and Settings\All Users\Application Data\117fc
  • c:\Documents and Settings\All Users\Application Data\117fc\WS339.exe
  • c:\Documents and Settings\All Users\Application Data\117fc\WSD.ico
  • c:\Documents and Settings\All Users\Application Data\WSDDSys
  • c:\Documents and Settings\All Users\Application Data\WSDDSys\wsd.cfg
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\System Defender.lnk
  • %UserProfile%\Application Data\System Defender
  • %UserProfile%\Application Data\System Defender\cookies.sqlite
  • %UserProfile%\Application Data\System Defender\Instructions.ini
  • %UserProfile%\Desktop\System Defender.lnk
  • %UserProfile%\Desktop\xp_7a9be\
  • %UserProfile%\Desktop\xp_7a9be\68.mof
  • %UserProfile%\Desktop\xp_7a9be\mozcrt19.dll
  • %UserProfile%\Desktop\xp_7a9be\sqlite3.dll
  • %UserProfile%\Desktop\xp_7a9be\WSDDSys
  • %UserProfile%\Desktop\xp_7a9be\WSDDSys\vd952342.bd
  • %UserProfile%\Recent\ANTIGEN.dll
  • %UserProfile%\Recent\ANTIGEN.sys
  • %UserProfile%\Recent\ANTIGEN.tmp
  • %UserProfile%\Recent\cid.dll
  • %UserProfile%\Recent\CLSV.dll
  • %UserProfile%\Recent\ddv.tmp
  • %UserProfile%\Recent\PE.dll
  • %UserProfile%\Recent\PE.drv
  • %UserProfile%\Recent\PE.sys
  • %UserProfile%\Recent\ppal.exe
  • %UserProfile%\Recent\runddlkey.drv
  • %UserProfile%\Recent\std.sys
  • %UserProfile%\Recent\tempdoc.dll
  • %UserProfile%\Recent\tjd.exe
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Start Menu\System Defender.lnk
  • %UserProfile%\Start Menu\Programs\System Defender.lnk
  • c:\Program Files\Mozilla Firefox\searchplugins\search.xml

Once these files and folders have been removed, your hard disk no longer contains anything related to System Defender. However, in order to make sure that this is accurate, it is recommended to scan the entire computer using a genuine antivirus software such as Spyware Doctor with Antivirus.

System Defender Registry Removal Procedures

In order to completely remove System Defender, delete the following keys and settings from the Windows Registry: (How to Edit Registry Here)

  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\xp_7a9be.DocHostUIHandler
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = http://search-gala.com/?&uid=220&q={searchTerms}
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1”
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = http://search-gala.com/?&uid=220&q={searchTerms}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “System Defender”

Now it is safe to say that your system is completely safe from System Defender.

Outside Resources:

http://www.411-spyware.com/remove-system-defender

http://www.bleepingcomputer.com/virus-removal/remove-system-defender

Filed Under: Virus Removal Tagged With: , , , , ,

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.