Severity scale  
  (72/100)

System Defender. How to Remove? (Uninstall Guide)

removal by - -   Also known as SystemDefender | Type: Rogue Antispyware
12

What is System Defender?

System Defender is a misleading anti-spyware application that reports false or exaggerated system security threats, displays fake security alerts and uses browser/desktop hijacking techniques to make you think your computer is infected with a whole variety of malicious software. Once installed, the rogue program will prompt you to pay for a full version of the program in order to remove the threats which actually don't even exist. System Defender is just another scam, so be careful about it. Most importantly, do not purchase this program. Then, uninstall System Defender from your PC as soon as possible. Removal delay will only worsen the situation.

System Defender is a new version of the rogue application called Windows System Defender. This program uses Windows OS style and Microsoft's graphics, visual elements to make it look more reliable or to make people think that this is actually a part of Windows operating system. That's obviously not truth.

How can System Defender infect my computer?

System Defender is usually promoted through the use of fake online scanners, misleading advertisements or websites. The scammers also use social engineering techniques to distribute the rogue application. Systemmdefender.com [Figure 2] is the home page of this malware. It is a clone of windowssystemdefemder.com. Both website are potentially harmful so do not visit them.

When running, the program will creates certain registry entry so that it executes whenever Windows starts. Then System Defender will create several harmless files on your computer which later will be detected as serious security threats or infections. Those files are used very often by other rogue applications: ANTIGEN.dll, ANTIGEN.sys, ANTIGEN.tmp, cid.dll, CLSV.dll, ddv.tmp, PE.dll, PE.drv, PE.sys, ppal.exe, runddlkey.drv, std.sys, tempdoc.dll, tjd.exe, tjd.sys.
Next, SystemDefender will imitate system scans and report numerous infections that can't be removed unless you first purchase the program. Please note that the program uses real names of existing infections. The scammers steal those names from reputable anti-virus/security websites. Some of the reported infections you may see:

Trojan-SMS.J2ME.RedBrowser.a
Virus.Win32.Faker.a
Trojan-Spy.Win32.WMPatch
Trojan-Spy.HTML.Citifraud
Trojan-Spy.HTML.Sunfraud.a
Packed.Win32.PolyCrypt
Trojan-PSW.Win32.Antigen.a
BAT.Looper
Trojan-PSW.Win32.Delf.d

Last but not least, System Defender will display fake security alerts stating that your computer is infected or under attack. It will impersonate Windows Security Center too. The fake one is called Windows Advanced Security Center. No doubt, this misleading application must be removed as soon as possible. Please use the removal guide below to remove System Defender from the infected computer manually for free. If you have already purchased the rogue program, you should contact your credit card company and dispute the charges. Finally, scan your PC with a legitimate anti-spyware application like Spyware Doctor and remove the remains of this program or additionally downloaded malware.

UPDATE! There is a new version of System Defender, which was released in the end of October, 2014, spreading around. It is used for promoting Spyware Defender, Antivirus Defender 2015 and other dangerous programs. Its alerts are designed to make people think that their PCs are dangerously infected with a whole bunch of cyber threats. After convincing its victims that their machines are infected, System Defender offers them to purchase a licensed version of Spyware Defender, Antivirus WIN 2014 Ultimate, Antivirus MAC 2014 or Antivirus Defender 2015. Please, do NOT purchase these programs because they won't fix your computer in any way! Even more, these programs may be used for causing redirects to unsafe websites, recording your browsing habits and stealing your personal information in this way.

HOW TO REMOVE SYSTEM DEFENDER VIRUS?

If you are experiencing fake System Defender alerts, act now and remove these rogues. For this, we strongly recommend relying on AUTOMATIC REMOVAL OPTION and avoiding manual removal. When relying on this option, you should just download a reputable anti-spyware, update it and run a full system scan. If you need a detailed guide explaining how to do that, read this guide.

When trying to remove System Defender, our recommended programs are Reimage and PlumbytesWebroot SecureAnywhere AntiVirus because they can easily detect every hidden component that belongs to this and other cyber threats.

ATTENTION! As we have already mentioned previously, System Defender may try to block installation and activity of legitimate security programs, including SpyHunter and StopZilla. If you can't download or launch any them, try these options:

1. USING SYSTEM RESTORE TO DISABLE VIRUS:

  1. Go to the Windows 8 Start Screen and type restore point in the Search section.
  2. Now click on Settings -> Create a restore point.
  3. When in System Protection tab, select System Restore.
  4. Click Next button to see your restore points and left click on the entry you need.
  5. Now select Scan for affected programs -> Close -> Next -> Finish.
  6. Once your PC reboots, download Reimage and run a full system scan after updating it.

2. REBOOTING TO SAFE MODE WITH NETWORKING:

  1. Click on Windows key and go to the bottom-right corner.
  2. Select Settings -> Change PC Settings -> General.
  3. Click theRestart Now buttonunder Advanced Startup.
  4. Now selectTroubleshoot -> Advanced Options -> Startup Settings.
  5. Now choose Restart and press F5.
  6. Launch IE or other browser and enter this link to your address bar: http://www.2-spyware.com/download/hunter.exe
  7. Download a program on your desktop and launch it to remove malicious files.

3. USING ANOTHER PC FOR DOWNLOADING ANTI-SPYWARE:

  1. Take another computer that is not infected by this virus and download Reimage or PlumbytesWebroot SecureAnywhere AntiVirus on it.
  2. After completing the procedure, transfer this anti-malware to the CD/DVD, external drive, or USB flash drive.
  3. In the meanwhile, kill malicious processes on your infected computer. For that you can use this tutorial.
  4. Stick the device you used for transferring anti-spyware program to your infected PC and launch it.
Related files: ANTIGEN.sys, sqlite3.dll, mozcrt19.dll, cookies.sqlite

System Defender properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall System Defender. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall System Defender. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
STOPzilla
Tested and Confirmed! STOPzilla removes System Defender (2015-02-09 00:34:17)
Malwarebytes Anti Malware
Tested and Confirmed! Malwarebytes Anti Malware removes System Defender (2015-02-09 00:34:17)
Plumbytes
We are testing Plumbytes's efficiency (2015-02-09 00:34)
Hitman Pro
STOPzilla
Tested and Confirmed! STOPzilla removes System Defender (2015-02-09 00:34:17)
Malwarebytes Anti Malware
Tested and Confirmed! Malwarebytes Anti Malware removes System Defender (2015-02-09 00:34:17)
Webroot SecureAnywhere AntiVirus
System Defender screenshot

System Defender manual removal

Kill processes:
WS339.exe
ppal.exe
tjd.exe
Delete registry values:
HKEY_CLASSES_ROOTCLSID{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOTxp_7a9be.DocHostUIHandler
HKEY_CURRENT_USERSoftwareClassesSoftwareMicrosoftInternet ExplorerSearchScopes "URL" = "http://search-gala.com/?&uid=220&q={searchTerms}"
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = "1"
HKEY_CLASSES_ROOTSoftwareMicrosoftInternet ExplorerSearchScopes "URL" = "http://search-gala.com/?&uid=220&q={searchTerms}"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "System Defender"
Unregister DLLs:
mozcrt19.dll
sqlite3.dll
ANTIGEN.dll
CLSV.dll
PE.dll
tempdoc.dll

Delete files:
WS339.exe
WSD.ico
wsd.cfg
System Defender.lnk
cookies.sqlite
Instructions.ini
68.mof
mozcrt19.dll
sqlite3.dll
vd952342.bd
ANTIGEN.dll
ANTIGEN.sys
ANTIGEN.tmp
cid.dll
CLSV.dll
ddv.tmp
PE.dll
PE.drv
PE.sys
ppal.exe
runddlkey.drv
std.sys
tempdoc.dll
tjd.exe
tjd.sys
C:\Program Files\Mozilla Firefox\searchplugins\search.xml
Delete directories:
c:Documents and SettingsAll UsersApplication Data[RANDOM DIRECTORY NAME]
c:Documents and SettingsAll UsersApplication Data117fc
%UserProfile%Application DataSystem Defender
%UserProfile%Desktop[RANDOM DIRECTORY NAME]
%UserProfile%Desktopxp_7a9be

Geolocation of System Defender

Map reveals the prevalence of System Defender. Countries and regions that have been affected the most are: United States, Canada, United Kingdom, Australia and India.

Removal guides in other languages


Information updated:

Comments on System Defender

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)