Windows Enterprise Defender

11 October 2009 Rogue 1 Comment

Windows Enterprise Defender can conquer a computer by every means using an Internet connection. Just like the older version called Windows PC Defender, it can be dropped to computers when user visits a malicious website. Windows Enterprise Defender can also come embed with another Trojan that will download and execute it without user’s knowledge. An earlier method of transmission is by prompting user to download a fake multimedia coder/decoder (codec). Whatever means of infection this malware will make sure that once it gets into and compromised a system it will do everything to convince a user to obtain the registered version of it.

Windows Enterprise Defender virus will keep on reminding users about a security threats found on computer. Either by pop-up alerts, task bar messages and virus scans which displays self-generated results. Only available option it will present is via payment website and obtain the licensed version. Before doing that, please try first the Windows Enterprise Defender removal tool we made available on this page. This is sure to remove malware and other sorts on computer without spending a penny.

Screen Shot Images:

windows-enterprise-defender

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Characteristics (Analysis)

Windows Enterprise Defender is a counterfeit security application. Unlike Trojans and viruses, rogues do not reproduce once it enters the system. They usually propagate by means of another Trojan infection, fake security web sites, bogus software updates and cracked programs. When executed, Windows Enterprise Defender instantly alters Windows registry to gain a spot on start-up process. Then, the rogue program will disable system tools like task manager, registry editor and folder options to avert own removal.

Added Registry Entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "df21478963"  
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009
HKEY_CLASSES_ROOT\CLSID\{425882B0-B0BF-11CE-B59F-00AA006CB37D}
HKEY_LOCAL_MACHINE\SOFTWARE\df21478963

Associated Files and Folders:

C:\Program Files\Mozilla Firefox\searchplugins\search.xml
C:\Documents and Settings\All Users\Application Data\n8fc
C:\Documents and Settings\All Users\Application Data\n8fc\83.mof
C:\Documents and Settings\All Users\Application Data\n8fc\mozcrt19.dll
C:\Documents and Settings\All Users\Application Data\n8fc\sqlite3.dll
C:\Documents and Settings\All Users\Application Data\n8fc\unins000.dat
C:\Documents and Settings\All Users\Application Data\n8fc\WED.ico
C:\Documents and Settings\All Users\Application Data\n8fc\WindowsEDefender.exe
C:\Documents and Settings\All Users\Application Data\n8fc\WEDDSys
C:\Documents and Settings\All Users\Application Data\n8fc\WEDDSys\vd952342.bd
C:\Documents and Settings\All Users\Application Data\WEDDSys
C:\Documents and Settings\All Users\Application Data\WEDDSys\wed.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Defender.lnk
%UserProfile%\Application Data\Windows Enterprise Defender
%UserProfile%\Application Data\Windows Enterprise Defender\cookies.sqlite
%UserProfile%\Desktop\Windows Enterprise Defender.lnk
%UserProfile%\Recent\cb.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\pal.sys
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Start Menu\Windows Enterprise Defender.lnk
%UserProfile%\Start Menu\Programs\Windows Enterprise Defender.lnk

How to Remove Windows Enterprise Defender

1. Kill any running process that belongs to Windows Enterprise Defender.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
WindowsEDefender.exe or (random).exe

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit. This will open registry editor.
- Find and delete the following:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "df21478963"
- Close registry editor. Changes made will be save automatically.

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Windows Enterprise Defender.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'

Automatic Removal of Windows Enterprise Defender

In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

What to do next...

Comments and Suggestions

On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to Windows Enterprise Defender payment refund or lost serial key, kindly check the FAQ for rogue program first.

One Comment

flo vaughan
May 03, 2010 @ 23:26:33
I ordered vista defender, it is not on my desk top or any where I can find it. my computer is loaded with viruses and I can not get on. if you can not clean my comjputer or stop viruses from my computer I would like a full refund and I will buy another anti-virus, please contact me