How to Remove APCDefender | How to Remove SysProtector | How to Remove InSysSecure | How to Remove SysDefenders



It looks like we’ve been awash in variants of the wini family lately so I’m combining three of the latest rogue antivirus applications in that family into one post. This post will talk about removing APCDefender, removing Sysprotector and Removing InSysSecure and removing SysDefenders. Some of the same steps would be taken for each anyway. The main thing that they have unique are the names of the rogues and the filenames that they make use of once they install on your system. They all of course are from the wini family of rogue antivirus software and are typically promoted through trojan or other malware activity. Once installed on your system each of this rogues will run scans of your machine and claim that you have security issues on your pc and that there are even viruses on your computer. These viruses are usually either files that the rogue itself creates, or files that are already normally on your computer. Read on for how to remove APCDefender, how to remove Sysprotector and how to remove InSysSecure and how to remove sysdefenders.


Among the warnings that each of these rogues pops up are warnings 4 languages that read something like the following:
(German/English/French/Italian)

German Alert:
Spzprogramm Warnzeichen!
Ihr Computer ist mit Spionprogramm infektioniert. Das kann Ihren Dateien und die im Internet zugänglich machen. Klicken bitte hier, um Ihre Kopie von SysDefenders zu registrieren und Ihr PC von Spyprogramm frei zu machen.

English Alert:
Spyware Alert!
Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of BlockProtector and remove spyware threats from your PC.

French Alert:
Spyware Alerte!
Votre ordinateur est infecté de spyware. Il pourrait endommager vos fichiers critiques ou exposer vos données prives sur ‘Internet. Cliquez ici pour enregistrer votre copie de SysDefenders et enléver des menaces spyware de votre OP.

Italian Alert:
Spyware miniaccia!
Il suo computer è infetto di spyware. Puo dannegiare i suoi files criticali rivelare i suoi dati personali nell’Internet. Clicca qui per registrare la sua coppia di SysDefenders e rimouvere le minacce di spyware dal suo computer.

The first removal step you really should consider for any piece of software is to go to the control panel, find the add/remove programs area and try to uninstall it. So, in this case, go and look for apcdefender, sysprotector, insyssecure, or sysdefenders and try to uninstall apcdefender or uninstall sysprotector, or uninstall insyssecure, or uninstall sysdefenders. Likely this will not worth but is always worth a first try. Even if it does work will we really trust the makers of this rogue with truly uninstalling all of their goodies? No. Follow up, even if it looks to have successfully uninstalled the rogue by scanning your computer with a good malware removal tool and a good, reputable antivirus application. By reputable antivirus I mean: trendmicro, avira, avg, avast, norton, mcafee, etc. An online scan is fine, free is fine as well as it’s a reputable antivirus application.

For a more automated removal of these rogues you may wish to download a tool such as malwarebytes antimalware or superantispyware. I have a link to malwarebytes antimalware on my virus removal toolkit page. Once that is downloaded start the installer and see if it will install. If so, update and scan. Then clean out what it finds. If it will not install there are a few tricks you may try to get it onto the system. 1) rename the installer from mbam-setup.exe (or whatever it may be) to explorer.exe and then launch this to install. 2) reboot into safe mode (with networking so you can update) and install in safe mode and then update and scan. 3) try to follow the next manual removal step which is killing off the running processes associated with these rogues and after that retry the install of your malware removal tool.

The next groups will list the running processes associated with each of the rogues we’re covering in this writeup. Each should be killed off using the task manager in order to continue with the removal of the rogue. If you are unable to launch the task manager you may try a few tricks here too….. 1) copy and paste taskmgr.exe to the desktop and then rename it to iexplore.exe and launch this program to kill off the listed processes. 2) Boot into safe mode (with networking is fine) and verify if the processes listed are running. 3) use process explorer instead of task manager (link to it is on the same virus removal toolkit page.

The running processes associated with apcdefender are:

uninstall.exe
apcdefender.exe
RANDOM.exe

The running processes associated with insyssecure are:

uninstall.exe
insyssecure.exe
RANDOM.exe

The running processes associated with sysprotector are:

uninstall.exe
Sysprotector.exe
RANDOM.exe

The running processes associated with Sysdefenders are:

uninstall.exe
sysdefenders.exe
RANDOM.exe

The above lists of running processes include names that are randomized when the rogue is installed on your system. This will likely be different for each computer and you really should look at the lists of files below, their locations as well as the file names you find on your system to help you make the judgment call as to which running processes (above) should be killed off or which files (below) should be deleted.

After the running processes are killed off you should now be able to install your malware removal tool and automatically remove the rogue or you may wish to continue to manually remove insyssecure, or manually remove apcdefender, or manually remove sysprotector or manually remove sysdefenders depending on which of these rogues you are afflicted with.

For manual removal the following lists of files should be deleted from your system. Again, there is randomization with some of the filenames. Use what you find on your system to help you determine which files match the naming and location patterns listed.

The files associated with apcdefender are:

%docs%All UsersDesktopAPcDefender.lnk
%docs%All UsersStart MenuProgramsAPcDefender
%docs%All UsersStart MenuProgramsAPcDefender1 APcDefender.lnk
%docs%All UsersStart MenuProgramsAPcDefender2 Homepage.lnk
%docs%All UsersStart MenuProgramsAPcDefender3 Uninstall.lnk
%progfiles%APcDefender Software
%progfiles%APcDefender SoftwareAPcDefender
%progfiles%APcDefender SoftwareAPcDefenderAPcDefender.exe
%progfiles%APcDefender SoftwareAPcDefendermain_config.xml
%progfiles%APcDefender SoftwareAPcDefenderuninstall.exe
%tmp%RANDOM.exe
%win%10040spz5229.exe
%win%10134noz5a-viru93b5.exe
%win%10658not-a-vir9s7z25.ocx
%win%system3222813virus9fz5.bin
%win%system3222929zpa5bot57e.exe
%win%system3222988spambzt58c9.cpl
%win%system32RANDOM.exe

The files associated with sysprotector are:

%docs%All UsersDesktopSysProtector.lnk
%docs%All UsersStart MenuProgramsSysProtector
%docs%All UsersStart MenuProgramsSysProtector1 SysProtector.lnk
%docs%All UsersStart MenuProgramsSysProtector2 Homepage.lnk
%docs%All UsersStart MenuProgramsSysProtector3 Uninstall.lnk
%progfiles%SysProtector Software
%progfiles%SysProtector SoftwareSysProtector
%progfiles%SysProtector SoftwareSysProtectormain_config.xml
%progfiles%SysProtector SoftwareSysProtectorSysProtector.exe
%progfiles%SysProtector SoftwareSysProtectoruninstall.exe
%tmp%RANDOM.exe
%win%10327s5ambzt98b.cpl
%win%10390wzrmac5.cpl
%win%10555hacktoo9309z.dll
%win%system322dz4th95at18116.dll
%win%system322e6aadd9arz2815.ocx
%win%system32RANDOM.exe

The files associated with InSysSecure are:

%docs%All UsersDesktopInSysSecure.lnk
%docs%All UsersStart MenuProgramsInSysSecure
%docs%All UsersStart MenuProgramsInSysSecure1 InSysSecure.lnk
%docs%All UsersStart MenuProgramsInSysSecure2 Homepage.lnk
%docs%All UsersStart MenuProgramsInSysSecure3 Uninstall.lnk
%progfiles%InSysSecure Software
%progfiles%InSysSecure SoftwareInSysSecure
%progfiles%InSysSecure SoftwareInSysSecureInSysSecure.exe
%progfiles%InSysSecure SoftwareInSysSecuremain_config.xml
%progfiles%InSysSecure SoftwareInSysSecureuninstall.exe
%tmp%RANDOM.exe
%win%103215zoj198.dll
%win%10543v5zus929.bin
%win%system3229495zy1d5.exe
%win%system32295859pz6ec.bin
%win%system322959spzrse1354.cpl
%win%system32RANDOM.exe

The files associated with SysDefenders are:

%docs%All UsersDesktopSysDefenders.lnk
%docs%All UsersStart MenuProgramsSysDefenders
%docs%All UsersStart MenuProgramsSysDefenders1 SysDefenders.lnk
%docs%All UsersStart MenuProgramsSysDefenders2 Homepage.lnk
%docs%All UsersStart MenuProgramsSysDefenders3 Uninstall.lnk
%progfiles%SysDefenders Software
%progfiles%SysDefenders SoftwareSysDefenders
%progfiles%SysDefenders SoftwareSysDefendersmain_config.xml
%progfiles%SysDefenders SoftwareSysDefendersSysDefenders.exe
%progfiles%SysDefenders SoftwareSysDefendersuninstall.exe
%tmp%RANDOM.exe
%win%1036thrzat52459.ocx
%win%104z95acktool7e89.ocx
%win%107zvi59576.bin
%win%system3230946zp5377.cpl
%win%system323104ha59toolz09.bin
%win%system3231530virz9173.cpl
%win%system32RANDOM.exe

Even after you have manually deleted all of the above files you should follow up with a scan from a malware removal tool such as superantispyware or malwarebytes antimalware and then scan your pc with a trusted reputable antivirus such as avira, avg, avast, trendmicro, etc. etc. (Yes an online or free scanner is fine as long as it’s reputable.) This final scanning is to clean up any other leftovers of the malware or the means it used to establish itself on the system.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove SoftStronghold | Soft Stronghold Removal Guide SoftStronghold is the latest rogue antivirus application in the LONG line of Wini rogues... Softveteran was the most recent (see the softveteran removal guide) but.... SoftCop (see the SoftCop removal guide.) But, the line goes much further back.... Softsoldier (How to remove SoftSoldier), ( TrustFighter TrustFighter Removal Guide, TrustSoldier removal......
  • How to Remove PCSecure | PCSecure Removal Guide PCSecure is a recent rogue antivirus from the notorious and prolific wini family of rogue security software. It is typically promoted via trojan downloaders. Usually these will be on a website with a video that may be highly sought after. In order to see the video though you are told......
  • How to Remove BlockProtector | Removal Guide So... the tail end of last week saw another new variant in the Wini family of rogue antivirus: blockprotector. It's the successor to..... Blockscanner (blockscanner removal guide) as well as the long list of prior variants that you can find on that page. (Sorry... it's just getting to be ridiculously......
Blog Traffic Exchange Related Websites
  • Handling The Equity Curve Trading A money management technique that can sometimes improve trading performance is to modify the position sizing based on crossovers of a moving average of the equity curve. The basic idea is to either trade more or fewer contracts when the equity curve crosses above or below its moving average.......
  • Game Preview: Florida Gators vs. Mississippi State Bulldogs Turnovers are Sticking in the Mind of Urban Meyer! With a game against Mississippi State pending, Urban Meyer is looking at the team's current capabilities to determine whether or not the Florida Gators are going to continue their winning streak for another round. In terms of the offense, the gators......
  • World Wide Web Security Essentials Is Not A Real Spyware Remover. It Resembles The Functions And Looks World wide web Security Essentials is not a real spyware remover. It resembles the functions and looks of genuine spyware removal software but has no capacity to eliminate any virus, trojan or malware. Web Security Essentials is the newest addition to the growing list of rogue Antivirus programs. Internet Security......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site