System Defender. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as SystemDefender | Type: Rogue Antispyware
12

What is System Defender?

System Defender is a misleading anti-spyware application that reports false or exaggerated system security threats, displays fake security alerts and uses browser/desktop hijacking techniques to make you think your computer is infected with a whole variety of malicious software. Once installed, the rogue program will prompt you to pay for a full version of the program in order to remove the threats which actually don't even exist. System Defender is just another scam, so be careful about it. Most importantly, do not purchase this program. Then, uninstall System Defender from your PC as soon as possible. Removal delay will only worsen the situation.

System Defender is a new version of the rogue application called Windows System Defender. This program uses Windows OS style and Microsoft's graphics, visual elements to make it look more reliable or to make people think that this is actually a part of Windows operating system. That's obviously not truth.

How can System Defender infect my computer?

System Defender is usually promoted through the use of fake online scanners, misleading advertisements or websites. The scammers also use social engineering techniques to distribute the rogue application. Systemmdefender.com [Figure 2] is the home page of this malware. It is a clone of windowssystemdefemder.com. Both website are potentially harmful so do not visit them.

When running, the program will creates certain registry entry so that it executes whenever Windows starts. Then System Defender will create several harmless files on your computer which later will be detected as serious security threats or infections. Those files are used very often by other rogue applications: ANTIGEN.dll, ANTIGEN.sys, ANTIGEN.tmp, cid.dll, CLSV.dll, ddv.tmp, PE.dll, PE.drv, PE.sys, ppal.exe, runddlkey.drv, std.sys, tempdoc.dll, tjd.exe, tjd.sys.
Next, SystemDefender will imitate system scans and report numerous infections that can't be removed unless you first purchase the program. Please note that the program uses real names of existing infections. The scammers steal those names from reputable anti-virus/security websites. Some of the reported infections you may see:

Trojan-SMS.J2ME.RedBrowser.a
Virus.Win32.Faker.a
Trojan-Spy.Win32.WMPatch
Trojan-Spy.HTML.Citifraud
Trojan-Spy.HTML.Sunfraud.a
Packed.Win32.PolyCrypt
Trojan-PSW.Win32.Antigen.a
BAT.Looper
Trojan-PSW.Win32.Delf.d

Last but not least, System Defender will display fake security alerts stating that your computer is infected or under attack. It will impersonate Windows Security Center too. The fake one is called Windows Advanced Security Center. No doubt, this misleading application must be removed as soon as possible. Please use the removal guide below to remove System Defender from the infected computer manually for free. If you have already purchased the rogue program, you should contact your credit card company and dispute the charges. Finally, scan your PC with a legitimate anti-spyware application like STOPzilla and remove the remains of this program or additionally downloaded malware.

UPDATE! There is a new version of System Defender, which was released in the end of October, 2014, spreading around. It is used for promoting Spyware Defender, Antivirus Defender 2015 and other dangerous programs. Its alerts are designed to make people think that their PCs are dangerously infected with a whole bunch of cyber threats. After convincing its victims that their machines are infected, System Defender offers them to purchase a licensed version of Spyware Defender, Antivirus WIN 2014 Ultimate, Antivirus MAC 2014 or Antivirus Defender 2015. Please, do NOT purchase these programs because they won't fix your computer in any way! Even more, these programs may be used for causing redirects to unsafe websites, recording your browsing habits and stealing your personal information in this way.

HOW TO REMOVE SYSTEM DEFENDER VIRUS?

If you are experiencing fake System Defender alerts, act now and remove these rogues. For this, we strongly recommend relying on AUTOMATIC REMOVAL OPTION and avoiding manual removal. When relying on this option, you should just download a reputable anti-spyware, update it and run a full system scan. If you need a detailed guide explaining how to do that, read this guide.

When trying to remove System Defender, our recommended programs are Reimage and Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus because they can easily detect every hidden component that belongs to this and other cyber threats.

ATTENTION! As we have already mentioned previously, System Defender may try to block installation and activity of legitimate security programs, including SpyHunter and StopZilla. If you can't download or launch any them, try these options:

1. USING SYSTEM RESTORE TO DISABLE VIRUS:

  1. Go to the Windows 8 Start Screen and type restore point in the Search section.
  2. Now click on Settings -> Create a restore point.
  3. When in System Protection tab, select System Restore.
  4. Click Next button to see your restore points and left click on the entry you need.
  5. Now select Scan for affected programs -> Close -> Next -> Finish.
  6. Once your PC reboots, download Reimage and run a full system scan after updating it.

2. REBOOTING TO SAFE MODE WITH NETWORKING:

  1. Click on Windows key and go to the bottom-right corner.
  2. Select Settings -> Change PC Settings -> General.
  3. Click theRestart Now buttonunder Advanced Startup.
  4. Now selectTroubleshoot -> Advanced Options -> Startup Settings.
  5. Now choose Restart and press F5.
  6. Launch IE or other browser and enter this link to your address bar: http://www.2-spyware.com/download/hunter.exe
  7. Download a program on your desktop and launch it to remove malicious files.

3. USING ANOTHER PC FOR DOWNLOADING ANTI-SPYWARE:

  1. Take another computer that is not infected by this virus and download Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus on it.
  2. After completing the procedure, transfer this anti-malware to the CD/DVD, external drive, or USB flash drive.
  3. In the meanwhile, kill malicious processes on your infected computer. For that you can use this tutorial.
  4. Stick the device you used for transferring anti-spyware program to your infected PC and launch it.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove System Defender you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall System Defender. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
System Defender snapshot
System DefenderSystem Defender snapshot

System Defender manual removal:

Kill processes:
WS339.exe

ppal.exe

tjd.exe

Delete registry values:
HKEY_CLASSES_ROOTCLSID{3F2BBC05-40DF-11D2-9455-00104BC936FF}

HKEY_CLASSES_ROOTxp_7a9be.DocHostUIHandler

HKEY_CURRENT_USERSoftwareClassesSoftwareMicrosoftInternet ExplorerSearchScopes "URL" = "http://search-gala.com/?&uid=220&q={searchTerms}"

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = "1"

HKEY_CLASSES_ROOTSoftwareMicrosoftInternet ExplorerSearchScopes "URL" = "http://search-gala.com/?&uid=220&q={searchTerms}"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "System Defender"

Unregister DLLs:
mozcrt19.dll

sqlite3.dll

ANTIGEN.dll

CLSV.dll

PE.dll

tempdoc.dll

Delete files:
WS339.exe

WSD.ico

wsd.cfg

System Defender.lnk

cookies.sqlite

Instructions.ini

68.mof

mozcrt19.dll

sqlite3.dll

vd952342.bd

ANTIGEN.dll

ANTIGEN.sys

ANTIGEN.tmp

cid.dll

CLSV.dll

ddv.tmp

PE.dll

PE.drv

PE.sys

ppal.exe

runddlkey.drv

std.sys

tempdoc.dll

tjd.exe

tjd.sys

C:Program FilesMozilla Firefoxsearchpluginssearch.xml

Delete directories:
c:Documents and SettingsAll UsersApplication Data[RANDOM DIRECTORY NAME]

c:Documents and SettingsAll UsersApplication Data117fc

%UserProfile%Application DataSystem Defender

%UserProfile%Desktop[RANDOM DIRECTORY NAME]

%UserProfile%Desktopxp_7a9be



About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

Removal guides in other languages