|
Title: System Defender
Type: Rogue Antispyware
Remove System Defender. Removal instructions
Also known as: SystemDefender
Severity scale:
 (72 / 100)
System Defender is a new version of the rogue application called Windows System Defender. This program uses Windows OS style and Microsoft's graphics, visual elements to make it look more reliable or to make people think that this is actually a part of Windows operating system. That's obviously not truth. System Defender is usually promoted through the use of fake online scanners, misleading advertisements or websites. The scammers also use social engineering techniques to distribute the rogue application. Systemmdefender.com [Figure 2] is the home page of this malware. It is a clone of windowssystemdefemder.com. Both website are potentially harmful so do not visit them. When running, the program will creates certain registry entry so that it executes whenever Windows starts. Then System Defender will create several harmless files on your computer which later will be detected as serious security threats or infections. Those files are used very often by other rogue applications: ANTIGEN.dll, ANTIGEN.sys, ANTIGEN.tmp, cid.dll, CLSV.dll, ddv.tmp, PE.dll, PE.drv, PE.sys, ppal.exe, runddlkey.drv, std.sys, tempdoc.dll, tjd.exe, tjd.sys. Next, SystemDefender will imitate system scans and report numerous infections that can't be removed unless you first purchase the program. Please note that the program uses real names of existing infections. The scammers steal those names from reputable anti-virus/security websites. Some of the reported infections you may see: Trojan-SMS.J2ME.RedBrowser.a Virus.Win32.Faker.a Trojan-Spy.Win32.WMPatch Trojan-Spy.HTML.Citifraud Trojan-Spy.HTML.Sunfraud.a Packed.Win32.PolyCrypt Trojan-PSW.Win32.Antigen.a BAT.Looper Trojan-PSW.Win32.Delf.d Last but not least, System Defender will display fake security alerts stating that your computer is infected or under attack. It will impersonate Windows Security Center too. The fake one is called Windows Advanced Security Center. No doubt, this misleading application must be removed as soon as possible. Please use the removal guide below to remove System Defender from the infected computer manually for free. If you have already purchased the rogue program, you should contact your credit card company and dispute the charges. Finally, scan your PC with a legitimate anti-spyware application like Spyware Doctor and remove the remains of this program or additionally downloaded malware. Related files: search.xml, tjd.sys, tjd.exe, tempdoc.dll, std.sys, runddlkey.drv, ppal.exe, PE.sys, PE.drv, PE.dll, ddv.tmp, CLSV.dll, cid.dll, ANTIGEN.tmp, ANTIGEN.sys, ANTIGEN.dll, vd952342.bd, sqlite3.dll, mozcrt19.dll, 68.mof, Instructions.ini, cookies.sqlite, System Defender.lnk, wsd.cfg, WSD.ico, WS339.exe System Defender properties: • Changes browser settings • Shows commercial adverts • Connects itself to the internet • Stays resident in background System Defender snapshot:  Automatic System Defender removal: 
Tested and Confirmed! STOPzilla removes System Defender (2009-11-16 00:31:03)
Tested and Confirmed! Malwarebytes Anti Malware removes System Defender (2009-11-16 00:31:03)
We are testing Spyware Doctor's efficiency at removing System Defender
(2011-03-09 13:23:23)
System Defender manual removal:Kill processes:WS339.exe ppal.exe tjd.exe Delete registry values: HKEY_CLASSES_ROOTCLSID{3F2BBC05-40DF-11D2-9455-00104BC936FF} HKEY_CLASSES_ROOTxp_7a9be.DocHostUIHandler HKEY_CURRENT_USERSoftwareClassesSoftwareMicrosoftInternet ExplorerSearchScopes "URL" = "http://search-gala.com/?&uid=220&q={searchTerms}" HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = "1" HKEY_CLASSES_ROOTSoftwareMicrosoftInternet ExplorerSearchScopes "URL" = "http://search-gala.com/?&uid=220&q={searchTerms}" HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "System Defender" Unregister DLLs: mozcrt19.dll sqlite3.dll ANTIGEN.dll CLSV.dll PE.dll tempdoc.dll Delete files: WS339.exe WSD.ico wsd.cfg System Defender.lnk cookies.sqlite Instructions.ini 68.mof mozcrt19.dll sqlite3.dll vd952342.bd ANTIGEN.dll ANTIGEN.sys ANTIGEN.tmp cid.dll CLSV.dll ddv.tmp PE.dll PE.drv PE.sys ppal.exe runddlkey.drv std.sys tempdoc.dll tjd.exe tjd.sys C:\Program Files\Mozilla Firefox\searchplugins\search.xml Delete directories: c:Documents and SettingsAll UsersApplication Data[RANDOM DIRECTORY NAME] c:Documents and SettingsAll UsersApplication Data117fc %UserProfile%Application DataSystem Defender %UserProfile%Desktop[RANDOM DIRECTORY NAME] %UserProfile%Desktopxp_7a9be 
Information added: 2009-11-16 00:31:03
Information updated: 2011-03-09 10:46:08 Additional resources related to System Defender:Attention: If you know or you have a website or page about System Defender removal, feel free to add a link to this list: add url |
Latest spyware news:
Subscribe to news
Similar parasites:
Related discussions:
|
FORUM:
HELP:
Spreading the knowledge:
It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your
visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
Post Comment: