System Defender
System Defender, which mimics the console of “Windows Advanced Security Center”, is another rogue security application. System Defender spreads over the Internet via misleading advertisements and scam security websites. Upon installation of System Defender virus on computer, it directly modify Windows registry to ensure that it will run automatically when Windows starts. System Defender virus can disable legit antivirus programs installed on victim’s computer. It also attempts to block Internet access and prevent downloading of any security programs.
In order to misinform users, System Defender virus will drop harmless files that it will detect during simulated virus scan as infected and needs immediate removal. Getting rid of these threats may require a purchase of the registered version of System Defender, a common techniques that fake security program applies to generate an income from this fraudulent undertaking.
Stay away from System Defender. Effectively prevent its intrusion by installing a legitimate security application that provides active scanning to guard your PC against malicious activities online.
Screen Shot Image:
A new version of System Defender is spotted. It may have a new graphical user interface but the purpose of stealing money from its victim’s remains unchanged.
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Characteristics (Analysis)
System Defender is counterfeit security software. Unlike Trojans and viruses, rogues do not reproduce once it enters the system. They usually propagate by means of another infection. Once inside the computer, it alters Internet browser settings and registry to gain an advantage on Windows operation. This rogue adds the following registry entry to run itself automatically.
HKCU/Software/Microsoft/Windows/Current/Version/Run “[random].exe”
Malware Behavior
While System Defender is running on the computer, it will repeatedly display false pop-up warning stating several virus infections. This alert may contain messages that read like these:
Added Registry Entries:System Defender Firewall Alert
System Defender has prevent a program from accessing the Internet.
“iexplore.exe” is infected with Trojan. This worm has tried to use “iexplore.exe” to connect to remove host and send your credit card information.System Defender
Spyware.IEMonster process is found. The virus is going to send your passwords from Internet browser (Explorer, Mozilla Firefox, Outlook & others) to the third-parties. Click here for further protection of your data with System Defender.
HKCU/Software/Microsoft/Windows/Current/Version/Run “[random]” HKCU/Software/Microsoft/Windows/Current/Version/Run “[random].exe”Associated Files and Folders:
%TempDir%/[random] %TempDir%/[random].exe %TempDir%/dfrg %TempDir%/dfrgr %Desktop%/System Defender.lnk %Programs%/System Defender/ %Programs%/System Defender/System Defender.lnk %Programs%/System Defender/Uninstall System Defender.lnk
How to Remove System Defender
1. Download Norton Power Eraser here. Save it to your desktop.
4. Once the file is downloaded, there is a possibility that you cannot browse the folder because Data Recovery made files and folders hidden. So we will use keyboard shortcut key. Press [Windows key]+R.
5. In Open dialog box type %UserProfile%desktop. Click OK.
6. You will now see the contents of your desktop. Double click on NPE.Exe
7. Norton Power Eraser will run. If it prompts for End User License Agreement please click on Accept.
8. On NPE main window, click on Scan.
9. On next window, select Exclude Rootkit Scan and click on Continue.
10. NPE will proceed with the scan. This may take a while.
11. When scan is complete. All detected risks is listed.
Important! If there are any detected threats under Suspicious, remove the check mark. Only threats in Detected category are necessary to remove at this point.Make sure that you mark the Create System Restore Point before proceeding with the fix.
12. Now click on Fix to start removing the threats.
13. Norton Power Eraser will restart the computer. Then after a reboot, it will initialize and display the eliminated threats.
14. You may now close NPE. Data Recovery has been removed.