NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
February 13, 2012, 06:16:31 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  

Windows Enterprise Defender Virus


AddThis Social Bookmark Button AddThis Feed Button
Pages: [1]
« previous next »
  Print  
Author Topic: Windows Enterprise Defender Virus  (Read 1099 times)
Aidan
Newbie
*
Posts: 2


View Profile
« on: October 25, 2009, 12:10:42 PM »
My sister in law has given me her laptop to fix.  It has the ‘Windows Enterprise Defender’ (WED) virus on it.  It seems to have disabled McAfee.  I searched the web and found that most people were saying to download ‘Spyware Doctor’ and run a scan.  I downloaded Spyware Doctor and installed it on her laptop; however, it won’t run either.  I uninstalled it and installed it again, but it still won’t run.  I downloaded ‘SUPERAntiSpyware’ as well; I was able to run a scan with this program, but it has not been successful in removing the (WED) virus.  

Any help on this issue would be much appreciated.

Aidan,
Logged
rodi
Administrator
Newbie
*****
Posts: 245


View Profile
« Reply #1 on: October 25, 2009, 11:46:00 PM »
Hello Aidan,

Maybe you should try to change Spyware Doctor's executable file (.exe, not shortcut). For example rename it to iexplore.exe or svchost.exe. Also try a random name like test123.exe. Update Spyware Doctor and run a scan. If that won't help, then try to boot your computer in 'safe mode with networking'. Then delete the following directories: (including files in those directories)

C:\Documents and Settings\All Users\Application Data\c9ba  (could be any random number in your case)
C:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys
C:\Documents and Settings\All Users\Application Data\WEDDSys
C:\Documents and Settings%UserProfile%\Application Data\Windows Enterprise Defender

NOTE: %UserProfile% stands for your log in user name, usually it is 'Administrator'.

Then if you can, open Registry Editor and remove the following registry values:

HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\WindowsEDefender.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes "URL"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
"[xSP_2:61a6083b6194a2314e3dd54cf9615e36_7]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "876902803"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Enterprise Defender"

Next, downlaod Malwarebytes' anti-malware and scan your PC (in safe mode)
http://www.2-spyware.com/review-malwarebytes-anti-malware.html

Now, reboot your PC in normal mode, open Task Manager and kill these processes:
WindowsEDefender.exe
energy.exe
ppal.exe

Run a scan with an anti-spyware application again. If the problem persists download HijackThis, run a scan and post the log of the scan.
http://free.antivirus.com/hijackthis/

Good luck!
Logged
Aidan
Newbie
*
Posts: 2


View Profile
« Reply #2 on: October 26, 2009, 01:24:27 PM »
hey, thanks for the reply, but I downloaded malwarebytes and it fixed the problem.

Cheers,
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  




Recommended software:
STOPzilla
(90/100)
STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses,...
Malwarebytes Anti Malware
(88/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t...
Spyware Doctor
(87/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and...
SpyHunter
(86/100)
SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are...
XoftSpySE Anti Spyware
(84/100)
XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to...
Encyclopedia of parasites:

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.