Windows System Defender
Windows System Defender is another fake computer security program with sole purpose of misleading users employing various tactics. Attackers behind this application are hopeful to achieve success in this moneymaking fraudulent activity. The creation of Windows System Defender aims to fool users by showing fake security alerts and falsified virus scan results. This technique will eventually force users into buying the licensed version of the program. Even though it has warned before not to acquire unknown programs like this, still so many falls as victim to this online counterfeit activities. Its misleading tactics seems to succeed in influencing user and misguide them on improper way of dealing with malware. Windows System Defender’s disguise is so true that one might even think it was all part of the Windows functions.
Instead of registering Windows System Defender, get rid of it and other related files using only trusted and effective security program. It is also crucial to disconnect computer’s Internet connection to avoid further download of additional threats coming from a remote server. Slightly compromised system can recover with ease by selecting earlier restore points from Windows System Restore. The method will bring back computer’s configuration to an earlier and clean state.
Screen Shot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
[expand title="View More" swaptitle="Hide This"]Characteristics (Analysis)
Once the malware is installed, it creates registry entry to run the program when Windows starts. The registry calls for the main executable file ‘WS83b.exe.’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Windows System Defender”
Malware Behavior
Windows System Defender attempts to persuade users by displaying fake pop-up warnings. It also continuously shows alert messages from system tray that contains the following notice:
Added Registry Entries:System alert
malicious applications, which can contain trojans, were found on your PC and need to be immediately removed. Click here to remove these potentially harmful items using Windows System Defender.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows System Defender"
KEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=222&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" => "1"
Associated Files and Folders:C:\Program Files\Mozilla Firefox\searchplugins\search.xml C:\Documents and Settings\All Users\Application Data\21f32\WSDDSys C:\Documents and Settings\All Users\Application Data\21f32 C:\Documents and Settings\All Users\Application Data\21f32\WS83b.exe C:\Documents and Settings\All Users\Application Data\21f32\8727.mof C:\Documents and Settings\All Users\Application Data\21f32\mozcrt19.dll C:\Documents and Settings\All Users\Application Data\21f32\sqlite3.dll C:\Documents and Settings\All Users\Application Data\21f32\WSD.ico C:\Documents and Settings\All Users\Application Data\21f32\WSDDSys\vd952342.bd C:\Documents and Settings\All Users\Application Data\WSDDSys C:\Documents and Settings\All Users\Application Data\WSDDSys\wsd.cfg %UserProfile%\Application Data\Windows System Defender %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows System Defender.lnk %UserProfile%\Application Data\Windows System Defender\cookies.sqlite %UserProfile%\Desktop\Windows System Defender.lnk %UserProfile%\Recent\ANTIGEN.dll %UserProfile%\Recent\cid.dll %UserProfile%\Recent\ddv.dll %UserProfile%\Recent\eb.sys %UserProfile%\Recent\eb.tmp %UserProfile%\Recent\energy.sys %UserProfile%\Recent\exec.dll %UserProfile%\Recent\exec.tmp %UserProfile%\Recent\FS.exe %UserProfile%\Recent\kernel32.drv %UserProfile%\Recent\PE.drv %UserProfile%\Recent\PE.sys %UserProfile%\Recent\PE.tmp %UserProfile%\Recent\ppal.dll %UserProfile%\Recent\SICKBOY.exe %UserProfile%\Start Menu\Windows System Defender.lnk %UserProfile%\Start Menu\Programs\Windows System Defender.lnk
How to Remove Windows System Defender
1. Kill any running process that belongs to Windows System Defender.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
WS83b.exe or SICKBOY.exe
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit. This will open registry editor.
- Find and delete the following:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows System Defender"
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by Windows System Defender.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'
Thomas
Nov 01, 2009 @ 19:26:03
Note: Windows System Defender may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.
Thats is whats happening to my computer. It keeps saying that it is unable to execute. What do you mean by download and rename the program from a different computer?
ramprakash
Mar 07, 2011 @ 15:29:39
hi sir,
pls help me i want system defender key for activation.