How to Remove System Defender | System Defender Removal Guide



System Defender is a rogue antivirus application that pushes itself to users through the use of scary popups and attack sites. The software, once it is installed will create numerous files and then claim that they are infected with viruses and they need to be cleaned. Of course, they cannot clean them up if you don’t pay for the software. When the software is running it will also bombard users with popups pushing them to purchase and a falsified Windows Security Center claiming that you need to activate System Defender. You are best off not financing these rogues. Read on for how to remove system defender:


Among the files that System Defender creates so that it can then claim they are infected are the following:

%user%\Recent\ANTIGEN.dll
%user%\Recent\ANTIGEN.sys
%user%\Recent\ANTIGEN.tmp
%user%\Recent\cid.dll
%user%\Recent\CLSV.dll
%user%\Recent\ddv.tmp
%user%\Recent\PE.dll
%user%\Recent\PE.drv
%user%\Recent\PE.sys
%user%\Recent\ppal.exe
%user%\Recent\runddlkey.drv
%user%\Recent\std.sys
%user%\Recent\tempdoc.dll
%user%\Recent\tjd.exe
%user%\Recent\tjd.sys

First you may wish to try uninstalling system defender from the control panel/add and remove programs. If it works successfully you will still want to scan your system using software such as malwarebytes antmalware as well as trusted antivirus software such as AVG/avira.

Download malwarebytes antimalware from my virus removal toolkit page. While you are there you may also wish to download process explorer. You may need it further in your removal of system defender.

If you are unable to install, update and run malwarebytes antimalware you may try the following tricks to help. 1) rename the installer of malwarebytes to something that the rogue should allow to run. So rename mbam-setup.exe to something like firefox.exe for example. Then retry the install, update and scan. 2) reboot into safe mode (with networking) and retry the installer, update and run a scan. 3) You may need to continue on and remove the processes associated with System Defender from memory using the task manager. Then you should be able to retry your installation, update and scan.

The following files should b killed off using task manager in order to continue with your removal of system defender. If you are unable to run the task manager you may 1) reboot into safe mode and verify that the programs listed below are not running 2) copy and paste task manager to a new file name (firefox.exe) and then retry running it. or 3) use process explorer to kill of the following programs:

ppal.exe
tjd.exe
WS339.exe

There may be some randomization involved in the creation of the filenames above. Please use the patterns above along with the file folders listed below to get an idea of what the names of the files associated with this rogue are on your system.

The following files and folders should be removed to fully remove system defender:

%docs%\All Users\Application Data\117fc
%docs%\All Users\Application Data\117fc\WS339.exe
%docs%\All Users\Application Data\117fc\WSD.ico
%docs%\All Users\Application Data\WSDDSys
%docs%\All Users\Application Data\WSDDSys\wsd.cfg
%user%\Application Data\Microsoft\Internet Explorer\Quick Launch\System Defender.lnk
%user%\Application Data\System Defender
%user%\Application Data\System Defender\cookies.sqlite
%user%\Application Data\System Defender\Instructions.ini
%user%\Desktop\System Defender.lnk
%user%\Desktop\xp_7a9be\
%user%\Desktop\xp_7a9be\68.mof
%user%\Desktop\xp_7a9be\mozcrt19.dll
%user%\Desktop\xp_7a9be\sqlite3.dll
%user%\Desktop\xp_7a9be\WSDDSys
%user%\Desktop\xp_7a9be\WSDDSys\vd952342.bd
%user%\Recent\ANTIGEN.dll
%user%\Recent\ANTIGEN.sys
%user%\Recent\ANTIGEN.tmp
%user%\Recent\cid.dll
%user%\Recent\CLSV.dll
%user%\Recent\ddv.tmp
%user%\Recent\PE.dll
%user%\Recent\PE.drv
%user%\Recent\PE.sys
%user%\Recent\ppal.exe
%user%\Recent\runddlkey.drv
%user%\Recent\std.sys
%user%\Recent\tempdoc.dll
%user%\Recent\tjd.exe
%user%\Recent\tjd.sys
%user%\Start Menu\System Defender.lnk
%user%\Start Menu\Programs\System Defender.lnk
%progfiles%\Mozilla Firefox\searchplugins\search.xml

Once you have removed the above files you should have finished your manual removal of System Defender. Even after a good manual removal you should still install, update and run a full scan with malwarebytes antimalware as well as with a trusted antivirus application such as AVG/AVIRA/TrendMicro/etc. This is to clean up any other files associated with the rogue as well as to clean up the registry entries associated with system defender.

   Send article as PDF   

Similar Posts