How to Remove Windows Enterprise Defender (Removal Guide)



Windows Enterprise Defender is a rogue antivirus application that uses the name of Windows Defender and the similarities of their name to appear as an official product or add on to windows. Of course, the real Windows Defender is a legitimate application, but Windows Enterprise Defender is a rogue antivirus application that gives false warnings about security problems (which are also falsified) and it encourages you to pay for the ability to fix the problems. So, read on for information that will help you to remove Windows Enterprise Defender.


One of the interesting “tricks” this rogue antivirus plays is creating the following files that it claims are viral:

%userprof%Recentcb.sys
%userprof%Recentddv.dll
%userprof%Recenteb.sys
%userprof%Recentenergy.exe
%userprof%Recentpal.sys
%userprof%RecentPE.drv
%userprof%Recentppal.exe
%userprof%Recenttempdoc.tmp

The files are harmless, but are used as evidence by Windows Enterprise Defender that you need to purchase their software and then you will be able to remove the “threat” that these files pose.

The following site is related to Windows Enterprise Defender and it would be good to block it at the firewall or router if possible:

windowsenterprisedefender.com

You may also want to go ahead and download malwarebytes antimalware from the virus removal toolkit page. If you are not able to run the install for the program there are a couple things you could try. 1) rename the install file (mbam.exe) to something else (bob.exe) and then attempt to run the installer, update and scan. 2) boot into safe mode and retry the installer. 3) The last idea is to kill off the following processes via task manager (the same as you would do to start a manual removal of Windows Enterprise Defender.)

The following processes should be killed off using task manager (or Process explorer – which you can download on the virus removal toolkit page.)

ppal.exe
energy.exe
WindowsEDefender.exe

There may be a variable component to the naming of these files, you may want to be alert to possible variations in the naming above. If task manager is not able to be opened so that you can disable the processes, you may try process explorer as an alternative or rename task managers executable file. (taskmgr.exe) (My preference is to copy and paste then rename the file.)

The following dll files should be unregistered and deleted:

ddv.dll
mozcrt19.dll
sqlite3.dll

The following files and folders should also be deleted to remove Windows Enterprise Defender:

%docs%All UsersApplication Datac9ba
%docs%All UsersApplication Datac9ba83.mof
%docs%All UsersApplication Datac9bamozcrt19.dll
%docs%All UsersApplication Datac9basqlite3.dll
%docs%All UsersApplication Datac9baunins000.dat
%docs%All UsersApplication Datac9baWED.ico
%docs%All UsersApplication Datac9baWindowsEDefender.exe
%docs%All UsersApplication Datac9baWEDDSys
%docs%All UsersApplication Datac9baWEDDSysvd952342.bd
%docs%All UsersApplication DataWEDDSys
%docs%All UsersApplication DataWEDDSyswed.cfg
%userprof%Application DataMicrosoftInternet ExplorerQuick LaunchWindows Enterprise Defender.lnk
%userprof%Application DataWindows Enterprise Defender
%userprof%Application DataWindows Enterprise Defendercookies.sqlite
%userprof%DesktopWindows Enterprise Defender.lnk
%userprof%Recentcb.sys
%userprof%Recentddv.dll
%userprof%Recenteb.sys
%userprof%Recentenergy.exe
%userprof%Recentpal.sys
%userprof%RecentPE.drv
%userprof%Recentppal.exe
%userprof%Recenttempdoc.tmp
%userprof%Start MenuWindows Enterprise Defender.lnk
%userprof%Start MenuProgramsWindows Enterprise Defender.lnk
%progfiles%Mozilla Firefoxsearchpluginssearch.xml

After all of the above files are removed you still will want to run a reputable antivirus/spyware removal tool (perhaps a run with each…) such as malwarebytes antimalware (which you can download on the virus removal toolkit page.) You will want to do this so that you can be sure to remove Windows Enterprise Defender completely.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Data Doctor 2010 | Data Doctor 2010 Removal Guide Data Doctor 2010 is a rogue antivirus application. It will pop up warnings and claim that your system is infected with viruses or has other security problems. In reality the worst problem you have is that Data Doctor 2010 is on your system. It will further claim that it can......
  • How to Remove ActiveSecurity | Active Security Removal Guide ActiveSecurity is a rogue antivirus application that uses graphics to indicate a similarity with Microsoft Security Center. It installs via malware including trojans and brings several files along with it when it installs that it then claims are viral and that in order to clean up the mess the user......
  • How to Remove AntiMalware | Antimalware Removal Guide Antimalware is the name of a particularly interesting rogue antivirus and rogue antimalware application. One tip off that it is a rogue application is that one of it's first actions is the attempted removal of the following trusted and legitimate antivirus, security and antimalware applications: AVG, Nod32, Agnitum, Sophos, Avira,......
Blog Traffic Exchange Related Websites
  • Pirates Posing Threats; UN Backing Pirate Crackdown in Somalia The UN Security Council has recently voted to urge a stepped up international crackdown against piracy occurring along the coast of Somalia. The vote was unanimous, and intended to urge this stepped up action from all countries that have any kind of a stake in maritime safety. The UN Security......
  • Windows Help Center Application Pose Grave Threat to Windows XP/Server 2003 "A new vulnerability has been reported to the general public this morning via the “Full-Disclosure” mailing list, and it is quite troubling", stated by Jonathan Davis, an IT Security Consultant in the Washington DC metro area.  He further stated, "There is a vulnerability that exists in the Windows help center......
  • Web Application Security: An Overview An area of information security that has been gaining a lot more focus in recent years is the security of web applications.   This area is of particular interest because of the growing complexity of websites which makes them a strong target for those with malicious intent.  Websites are attractive to......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site