How to Remove SysDefence | Sysdefence Removal Guide



Sysdefence is another rogue antivirus application from the wini family. This family of rogues has been quite prolific lately and typically is pushed on computer users through aggressive trojans that will appear on web pages masquerading as an update for flash player or a video codec for a video that may be well sought after. Once the user consents to installing this “update” or “codec” the trojan will then continue on to install sysdefence and complain about security alerts on the computer. It will complain about virus infected files and other security problems (all bogus claims) and will further say that it cannot repair these problems unless you purchase their software. Read on for how to remove SysDefence.


First you should go to the control panel and use the add/remove programs feature to attempt to uninstall sysdefence. If it works, that is great and this will be easier. Follow up now with a full scan of your computer with a malware removal tool such as superantispyware or malwarebytes antimwalware. Then do a full scan with a reputable antivirus such as trendmicro’s online housecall scan or avg/avira/fprot, etc.

You can find a download link for malwarebytes antimalware on my virus removal toolkit page. While you are there you may also wish to download process explorer as it is a useful tool and you may need it further in this removal process.

If you are unable to install malwarebytes or your chosen malware removal tool you may try the following tricks to get it installed on your system. 1) rename the installer file from mbam-setup.exe to something like firefox.exe, then retry installing, update and scan. 2) reboot into safe mode (with networking) and retry the install (possibly using trick 1 as well. 3) kill off the processes associated with the sysdefence rogue which is the next step of a manual removal and then retry the install of your malware removal tool, update and scan.

The following processes are associated with this rogue and should be killed off using the task manager. If you cannot launch the task manager you may try the following tricks. 1) copy the task manager executable (taskmgr.exe) to the desktop and then try to rename it to something like iexplore.exe and then retry launching it. 2) reboot into safe mode and see if the files listed are running (if not go ahead and try to install in safe mode (you’ll need safe mode with networking for an update of your antimalware software.)). 3) Use process explorer instead of task manager to kill off the following applications:

sysdefence.exe
uninstall.exe
RANDOM.exe

Some of the above and below listed files are created using a RANDOM name when this rogue installs itself on your system. Please use the locations below and the patterns on your system to determine which files to delete or kill off using process explorer or task manager.

The following files should be deleted for a manual removal of sysdefence:

%docs%\All Users\Desktop\SysDefence.lnk
%docs%\All Users\Start Menu\Programs\SysDefence
%docs%\All Users\Start Menu\Programs\SysDefence\1 SysDefence.lnk
%docs%\All Users\Start Menu\Programs\SysDefence\2 Homepage.lnk
%docs%\All Users\Start Menu\Programs\SysDefence\3 Uninstall.lnk
%progfiles%\SysDefence Software
%progfiles%\SysDefence Software\SysDefence
%progfiles%\SysDefence Software\SysDefence\SysDefence.exe
%progfiles%\SysDefence Software\SysDefence\uninstall.exe
%win%\10011sp9z5b.dll
%win%\10158spy289z.exe
%win%\system32\2z398virus865.exe
%win%\system32\RANDOM.exe
%win%\system32\2z605hacktoo95ba5.dll
%win%\system32\2z7a9par5e943.bin
%tmp%\RANDOM.exe

After you have removed the above files you will have completed most of a manual removal of sysdefence and should follow up with scans using malware removal tools such as superantispyware or malwarebytes antimalware. Follow that up with a full scan with a reputable antivirus such as norton, trendmicro, avg, avira or other well known, reputable programs.

   Send article as PDF   

Similar Posts