Sysdefence is another rogue antivirus application from the wini family. This family of rogues has been quite prolific lately and typically is pushed on computer users through aggressive trojans that will appear on web pages masquerading as an update for flash player or a video codec for a video that may be well sought after. Once the user consents to installing this “update” or “codec” the trojan will then continue on to install sysdefence and complain about security alerts on the computer. It will complain about virus infected files and other security problems (all bogus claims) and will further say that it cannot repair these problems unless you purchase their software. Read on for how to remove SysDefence.
First you should go to the control panel and use the add/remove programs feature to attempt to uninstall sysdefence. If it works, that is great and this will be easier. Follow up now with a full scan of your computer with a malware removal tool such as superantispyware or malwarebytes antimwalware. Then do a full scan with a reputable antivirus such as trendmicro’s online housecall scan or avg/avira/fprot, etc.
You can find a download link for malwarebytes antimalware on my virus removal toolkit page. While you are there you may also wish to download process explorer as it is a useful tool and you may need it further in this removal process.
If you are unable to install malwarebytes or your chosen malware removal tool you may try the following tricks to get it installed on your system. 1) rename the installer file from mbam-setup.exe to something like firefox.exe, then retry installing, update and scan. 2) reboot into safe mode (with networking) and retry the install (possibly using trick 1 as well. 3) kill off the processes associated with the sysdefence rogue which is the next step of a manual removal and then retry the install of your malware removal tool, update and scan.
The following processes are associated with this rogue and should be killed off using the task manager. If you cannot launch the task manager you may try the following tricks. 1) copy the task manager executable (taskmgr.exe) to the desktop and then try to rename it to something like iexplore.exe and then retry launching it. 2) reboot into safe mode and see if the files listed are running (if not go ahead and try to install in safe mode (you’ll need safe mode with networking for an update of your antimalware software.)). 3) Use process explorer instead of task manager to kill off the following applications:
Some of the above and below listed files are created using a RANDOM name when this rogue installs itself on your system. Please use the locations below and the patterns on your system to determine which files to delete or kill off using process explorer or task manager.
The following files should be deleted for a manual removal of sysdefence:
%docs%All UsersStart MenuProgramsSysDefence
%docs%All UsersStart MenuProgramsSysDefence1 SysDefence.lnk
%docs%All UsersStart MenuProgramsSysDefence2 Homepage.lnk
%docs%All UsersStart MenuProgramsSysDefence3 Uninstall.lnk
After you have removed the above files you will have completed most of a manual removal of sysdefence and should follow up with scans using malware removal tools such as superantispyware or malwarebytes antimalware. Follow that up with a full scan with a reputable antivirus such as norton, trendmicro, avg, avira or other well known, reputable programs.
Related PostsRelated Posts
- How to Remove SiteVillain | SiteVillain Removal Guide SiteVillain is another new rogue security or rogue antivirus program from the Wini family. Like a couple other of the recent rogue applications from the wini group, this one sports their new user interface. Among it's claims of infected files and that the only way to fix them are to......
- How to Remove DefendAPC | DefendAPC Removal Guide DefendAPC is the latest variation on the Wini family of rogue antivirus. It is typically promoted via the use of trojans, malware and aggressive advertising. Once installed on the system it will run supposed scans of the system claiming that you have viruses on your system and that you have......
- How to Remove TheDefend | TheDefend Removal Guide TheDefend is a rogue antivirus program that is one of the latest incarnations of the wini family of rogues. It will introduce itself onto your system through aggressive advertising claiming to be a video codec update or flash player update that may be required to see a highly sought after......
- Turn Any File into an EXE with Convert to EXE If you're a geek like me, you may on occasion have run into a situation where you had a file that you needed to convert to exe. I had read a few forum posts and tutorials on how to do this with self-extracting installers, and I even managed to do......
- Hard Drive Data Recovery And Benefits Of Saving Files A hard drive data recovery is utilized to get back the important files from a corrupt or defective hard drive. The most usual issue that this occurs is when the computer is freezing up and becomes not responsive, sometimes the system is restarting continuously or the system is shutting......
- World Wide Web Security Essentials Is Not A Real Spyware Remover. It Resembles The Functions And Looks World wide web Security Essentials is not a real spyware remover. It resembles the functions and looks of genuine spyware removal software but has no capacity to eliminate any virus, trojan or malware. Web Security Essentials is the newest addition to the growing list of rogue Antivirus programs. Internet Security......
- How to Remove Malware Professional 2010 | Malware Professional 2010 Removal Guide
- How to Remove IGuardPC | IGuardPC Removal Guide
- How to Remove AntiTroy | AntiTroy Removal Guide
- How to Remove GreatDefender | GreatDefender Removal Guide
- How to Remove APCProtect | APCProtect Removal Guide