Home > Rogue Anti-Spyware > System Defender

How to remove System Defender?

November 17th, 2009

What is System Defender?

System Defender is a rogue anti-spyware application from the Virus Doctor rogue family. Basically, it’s just a new version of Windows System Defender which was released three weeks ago. The rogue application uses false scan results and fake security alerts to scare the user of the compromised computer into purchasing the program. Do not pay for this bogus program. This is nothing more but a scam. A lot better idea is to remove this malware from your computer upon detection. Please note that removal delay will only worsen the situation, because this parasite is able to download more malware onto the infected computer.

When running, the rogue program creates several harmless files which later will be detected as serious security threats. Those files are: ANTIGEN.dll, ANTIGEN.sys, ANTIGEN.tmp, cid.dll, CLSV.dll, ddv.tmp, PE.dll, PE.drv, PE.sys, ppal.exe, runddlkey.drv, std.sys, tempdoc.dll, tjd.exe, tjd.sys.Then, System Defender imitates system scan and list a variety of infections, but won’t let you to remove them unless you first purchase the program. In reality, though, your PC will be infected even if you purchase this application. What is more, System Defender will display fake security alerts, notifications and other pop-ups stating that your computer is under attack or infected by vary dangerous virus. That’s obviously a lie too. In order to protect itself, this parasite blocks Task Manager, System Restore and other system tools as well as security and anti-virus related websites. Internet Explorer will be also hijacked. You will see search results from search-gala.com. If you find that your computer is infected with this malware, please read the removal guide below and remove System Defender from your PC as soon as possible.

System Defender is Extremely dangerous

System Defender is a corrupt Anti-Spyware program

System Defender may spread via Trojans

System Defender may display fake security messages

System Defender may install additional spyware to your computer

System Defender may repair its files, spread or update by itself

System Defender violates your privacy and compromises your security

for System Defender
removal

System Defender screenshots

Manual System Defender removal

Important Note: Although it is possible to manually remove System Defender, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using automatic spyware removal applications found on 2-viruses.com.

Stop these System Defender processes:

WS339.exe
ppal.exe
tjd.exe

Disable these System Defender DLL files::

mozcrt19.dll
tempdoc.dll
sqlite3.dll
CLSV.dll
PE.dll

Remove these System Defender Registry Entries:

HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\xp_7a9be.DocHostUIHandler
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=220&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=220&q={searchTerms}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "System Defender"

Remove these System Defender files:

c:\Documents and Settings\All Users\Application Data\117fc
c:\Documents and Settings\All Users\Application Data\117fc\WS339.exe
c:\Documents and Settings\All Users\Application Data\117fc\WSD.ico
c:\Documents and Settings\All Users\Application Data\WSDDSys
c:\Documents and Settings\All Users\Application Data\WSDDSys\wsd.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\System Defender.lnk
%UserProfile%\Application Data\System Defender
%UserProfile%\Application Data\System Defender\cookies.sqlite
%UserProfile%\Application Data\System Defender\Instructions.ini
%UserProfile%\Desktop\System Defender.lnk
%UserProfile%\Desktop\xp_7a9be\
%UserProfile%\Desktop\xp_7a9be\68.mof
%UserProfile%\Desktop\xp_7a9be\mozcrt19.dll
%UserProfile%\Desktop\xp_7a9be\sqlite3.dll
%UserProfile%\Desktop\xp_7a9be\WSDDSys
%UserProfile%\Desktop\xp_7a9be\WSDDSys\vd952342.bd
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\ANTIGEN.sys
%UserProfile%\Recent\ANTIGEN.tmp
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\ddv.tmp
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\std.sys
%UserProfile%\Recent\tempdoc.dll
%UserProfile%\Recent\tjd.exe
%UserProfile%\Recent\tjd.sys
%UserProfile%\Start Menu\System Defender.lnk
%UserProfile%\Start Menu\Programs\System Defender.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml

for System Defender
removal

System Defender is classified as Rogue Anti-Spyware. After infecting a user’s system, it proceeds to scare its victim into buying the “product” by displaying fake security messages, stating that your computer is infected with spyware and only System Defender can help you to remove it after you download the trial version. As soon as the victim downloads System Defender trial version, it pretends to scan your computer and shows a grossly exaggerated amount of non-existent errors. Then, System Defender offers to buy the full version to fix these false errors. If the user agrees, System Defender does not only fix the errors, but it also takes the user’s money and may even install additional spyware into the victim’s computer.

Some Rogue Anti-Spyware, such as System Defender, may offer users to buy it after the victim clicks on a banner or a pop-up while surfing the internet. Usually, a Trojan is installed to a victim’s computer after clicking on the advertisement. It then proceeds to download or even install System Defender, which is another way for Rogue Anti-Spyware to spread itself.

Most of rogue Anti-Spyware, such as System Defender, is nearly impossible to remove manually.

How to tell if your PC has been infected by a Rogue Anti-Spyware such as System Defender?

Numerous undesirable and annoying pop-ups: A typical Rogue Anti-Spyware parasite keeps track of your internet browsing habits, sending your browsing history data to remote servers, owned by third party companies that use this information to advertise their products via numerous pop-ups, toolbars, hijacked homepages and spam letters. All these undesirable advertising methods are used on the victims of Rogue Anti-Spyware.

Changed or new icons: Sometimes, Rogue Anti-Spyware installs unwanted software to a victim’s PC without user’s knowledge and consent. This may lead to slower PC performance and stability, as well as more unwanted programs you can't remove.

Rogue Anti-Spyware system defender

Comments (1) Trackbacks (0) Leave a comment Trackback

123456

November 21st, 2009 at 10:06 | #1

Reply | Quote

Thanks. This was very helpful. After using Malwarebytes I could tell it wasn’t entirely gone. This was confirmed when my google searches were being sent to Gala. I found it useful to go through the files manually and delete whatever was left over (there were tons of things Malwarebytes missed). I couldn’t find anything in the registry and I was scared of obliterating my computer so that is where I had to stop. Hopefully everything is fine now. I am still a little on edge about it.

No trackbacks yet.

Clearway Shield Personal Protector

How to remove System Defender?

What is System Defender?

System Defender screenshots

Manual System Defender removal

How to tell if your PC has been infected by a Rogue Anti-Spyware such as System Defender?

System Defender removal quick links

Related parasites to System Defender