Posts Tagged ‘Windows’

Oct 26

Windows System Defender Adware Removal Instructions

The Emsi Software malware research team has discoverd a new outbreak of the Windows System Defender adware. a-squared Anti-Malware detects this malware as Adware.Win32.WindowsSystemDefender.

Windows System Defender is an rogue scanner program, it will act like security program. It show misleading scan results and fake security alerts to convince the user that their computer infected with malware. The author of WindowsSystemDefender is still the same as that made Live PC Care, Additional Guard, Enterprise Suite, System Defender, Windows Enterprise Defender, Windows PC Defender, etc. To more convince users, Windows System Defender will also create numerous files on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

  • %AllUsersProfile%\Application Data\b0cf5\WSba6.exe
  • %AllUsersProfile%\Application Data\WSDDSys\wsd.cfg
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows System Defender.lnk
  • %UserProfile%\Application Data\Windows System Defender\Instructions.ini
  • %UserProfile%\Desktop\Windows System Defender.lnk
  • %UserProfile%\Desktop\WSD.ico
  • %UserProfile%\Desktop\378.mof
  • %UserProfile%\Desktop\WSDDSys\vd952342.bd
  • %UserProfile%\Start Menu\Windows System Defender.lnk
  • %UserProfile%\Start Menu\Programs\Windows System Defender.lnk
  • %UserProfile%\Recent\ppal.tmp
  • %UserProfile%\Recent\runddlkey.exe
  • %UserProfile%\Recent\runddlkey.tmp
  • %UserProfile%\Recent\SICKBOY.exe
  • %UserProfile%\Recent\SICKBOY.tmp
  • %UserProfile%\Recent\sld.exe
  • %UserProfile%\Recent\SM.exe
  • %UserProfile%\Recent\std.drv
  • %UserProfile%\Recent\ANTIGEN.exe
  • %UserProfile%\Recent\ANTIGEN.sys
  • %UserProfile%\Recent\ddv.sys
  • %UserProfile%\Recent\ddv.tmp
  • %UserProfile%\Recent\eb.dll
  • %UserProfile%\Recent\energy.tmp
  • %UserProfile%\Recent\PE.exe

Create new registry entry:

  • HKEY_LOCAL_MACHINE|\software\microsoft\Windows\CurrentVersion\Run, “Windows System Defender”

Malware screenshots:

How to remove the infection of Adware.Win32.WindowsSystemDefender?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: , , ,
Posted in Malware Alerts, Removal Help | No Comments »