How to Remove APCDefender | How to Remove SysProtector | How to Remove InSysSecure | How to Remove SysDefenders



It looks like we’ve been awash in variants of the wini family lately so I’m combining three of the latest rogue antivirus applications in that family into one post. This post will talk about removing APCDefender, removing Sysprotector and Removing InSysSecure and removing SysDefenders. Some of the same steps would be taken for each anyway. The main thing that they have unique are the names of the rogues and the filenames that they make use of once they install on your system. They all of course are from the wini family of rogue antivirus software and are typically promoted through trojan or other malware activity. Once installed on your system each of this rogues will run scans of your machine and claim that you have security issues on your pc and that there are even viruses on your computer. These viruses are usually either files that the rogue itself creates, or files that are already normally on your computer. Read on for how to remove APCDefender, how to remove Sysprotector and how to remove InSysSecure and how to remove sysdefenders.


Among the warnings that each of these rogues pops up are warnings 4 languages that read something like the following:
(German/English/French/Italian)

German Alert:
Spzprogramm Warnzeichen!
Ihr Computer ist mit Spionprogramm infektioniert. Das kann Ihren Dateien und die im Internet zugänglich machen. Klicken bitte hier, um Ihre Kopie von SysDefenders zu registrieren und Ihr PC von Spyprogramm frei zu machen.

English Alert:
Spyware Alert!
Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of BlockProtector and remove spyware threats from your PC.

French Alert:
Spyware Alerte!
Votre ordinateur est infecté de spyware. Il pourrait endommager vos fichiers critiques ou exposer vos données prives sur ‘Internet. Cliquez ici pour enregistrer votre copie de SysDefenders et enléver des menaces spyware de votre OP.

Italian Alert:
Spyware miniaccia!
Il suo computer è infetto di spyware. Puo dannegiare i suoi files criticali rivelare i suoi dati personali nell’Internet. Clicca qui per registrare la sua coppia di SysDefenders e rimouvere le minacce di spyware dal suo computer.

The first removal step you really should consider for any piece of software is to go to the control panel, find the add/remove programs area and try to uninstall it. So, in this case, go and look for apcdefender, sysprotector, insyssecure, or sysdefenders and try to uninstall apcdefender or uninstall sysprotector, or uninstall insyssecure, or uninstall sysdefenders. Likely this will not worth but is always worth a first try. Even if it does work will we really trust the makers of this rogue with truly uninstalling all of their goodies? No. Follow up, even if it looks to have successfully uninstalled the rogue by scanning your computer with a good malware removal tool and a good, reputable antivirus application. By reputable antivirus I mean: trendmicro, avira, avg, avast, norton, mcafee, etc. An online scan is fine, free is fine as well as it’s a reputable antivirus application.

For a more automated removal of these rogues you may wish to download a tool such as malwarebytes antimalware or superantispyware. I have a link to malwarebytes antimalware on my virus removal toolkit page. Once that is downloaded start the installer and see if it will install. If so, update and scan. Then clean out what it finds. If it will not install there are a few tricks you may try to get it onto the system. 1) rename the installer from mbam-setup.exe (or whatever it may be) to explorer.exe and then launch this to install. 2) reboot into safe mode (with networking so you can update) and install in safe mode and then update and scan. 3) try to follow the next manual removal step which is killing off the running processes associated with these rogues and after that retry the install of your malware removal tool.

The next groups will list the running processes associated with each of the rogues we’re covering in this writeup. Each should be killed off using the task manager in order to continue with the removal of the rogue. If you are unable to launch the task manager you may try a few tricks here too….. 1) copy and paste taskmgr.exe to the desktop and then rename it to iexplore.exe and launch this program to kill off the listed processes. 2) Boot into safe mode (with networking is fine) and verify if the processes listed are running. 3) use process explorer instead of task manager (link to it is on the same virus removal toolkit page.

The running processes associated with apcdefender are:

uninstall.exe
apcdefender.exe
RANDOM.exe

The running processes associated with insyssecure are:

uninstall.exe
insyssecure.exe
RANDOM.exe

The running processes associated with sysprotector are:

uninstall.exe
Sysprotector.exe
RANDOM.exe

The running processes associated with Sysdefenders are:

uninstall.exe
sysdefenders.exe
RANDOM.exe

The above lists of running processes include names that are randomized when the rogue is installed on your system. This will likely be different for each computer and you really should look at the lists of files below, their locations as well as the file names you find on your system to help you make the judgment call as to which running processes (above) should be killed off or which files (below) should be deleted.

After the running processes are killed off you should now be able to install your malware removal tool and automatically remove the rogue or you may wish to continue to manually remove insyssecure, or manually remove apcdefender, or manually remove sysprotector or manually remove sysdefenders depending on which of these rogues you are afflicted with.

For manual removal the following lists of files should be deleted from your system. Again, there is randomization with some of the filenames. Use what you find on your system to help you determine which files match the naming and location patterns listed.

The files associated with apcdefender are:

%docs%All UsersDesktopAPcDefender.lnk
%docs%All UsersStart MenuProgramsAPcDefender
%docs%All UsersStart MenuProgramsAPcDefender1 APcDefender.lnk
%docs%All UsersStart MenuProgramsAPcDefender2 Homepage.lnk
%docs%All UsersStart MenuProgramsAPcDefender3 Uninstall.lnk
%progfiles%APcDefender Software
%progfiles%APcDefender SoftwareAPcDefender
%progfiles%APcDefender SoftwareAPcDefenderAPcDefender.exe
%progfiles%APcDefender SoftwareAPcDefendermain_config.xml
%progfiles%APcDefender SoftwareAPcDefenderuninstall.exe
%tmp%RANDOM.exe
%win%10040spz5229.exe
%win%10134noz5a-viru93b5.exe
%win%10658not-a-vir9s7z25.ocx
%win%system3222813virus9fz5.bin
%win%system3222929zpa5bot57e.exe
%win%system3222988spambzt58c9.cpl
%win%system32RANDOM.exe

The files associated with sysprotector are:

%docs%All UsersDesktopSysProtector.lnk
%docs%All UsersStart MenuProgramsSysProtector
%docs%All UsersStart MenuProgramsSysProtector1 SysProtector.lnk
%docs%All UsersStart MenuProgramsSysProtector2 Homepage.lnk
%docs%All UsersStart MenuProgramsSysProtector3 Uninstall.lnk
%progfiles%SysProtector Software
%progfiles%SysProtector SoftwareSysProtector
%progfiles%SysProtector SoftwareSysProtectormain_config.xml
%progfiles%SysProtector SoftwareSysProtectorSysProtector.exe
%progfiles%SysProtector SoftwareSysProtectoruninstall.exe
%tmp%RANDOM.exe
%win%10327s5ambzt98b.cpl
%win%10390wzrmac5.cpl
%win%10555hacktoo9309z.dll
%win%system322dz4th95at18116.dll
%win%system322e6aadd9arz2815.ocx
%win%system32RANDOM.exe

The files associated with InSysSecure are:

%docs%All UsersDesktopInSysSecure.lnk
%docs%All UsersStart MenuProgramsInSysSecure
%docs%All UsersStart MenuProgramsInSysSecure1 InSysSecure.lnk
%docs%All UsersStart MenuProgramsInSysSecure2 Homepage.lnk
%docs%All UsersStart MenuProgramsInSysSecure3 Uninstall.lnk
%progfiles%InSysSecure Software
%progfiles%InSysSecure SoftwareInSysSecure
%progfiles%InSysSecure SoftwareInSysSecureInSysSecure.exe
%progfiles%InSysSecure SoftwareInSysSecuremain_config.xml
%progfiles%InSysSecure SoftwareInSysSecureuninstall.exe
%tmp%RANDOM.exe
%win%103215zoj198.dll
%win%10543v5zus929.bin
%win%system3229495zy1d5.exe
%win%system32295859pz6ec.bin
%win%system322959spzrse1354.cpl
%win%system32RANDOM.exe

The files associated with SysDefenders are:

%docs%All UsersDesktopSysDefenders.lnk
%docs%All UsersStart MenuProgramsSysDefenders
%docs%All UsersStart MenuProgramsSysDefenders1 SysDefenders.lnk
%docs%All UsersStart MenuProgramsSysDefenders2 Homepage.lnk
%docs%All UsersStart MenuProgramsSysDefenders3 Uninstall.lnk
%progfiles%SysDefenders Software
%progfiles%SysDefenders SoftwareSysDefenders
%progfiles%SysDefenders SoftwareSysDefendersmain_config.xml
%progfiles%SysDefenders SoftwareSysDefendersSysDefenders.exe
%progfiles%SysDefenders SoftwareSysDefendersuninstall.exe
%tmp%RANDOM.exe
%win%1036thrzat52459.ocx
%win%104z95acktool7e89.ocx
%win%107zvi59576.bin
%win%system3230946zp5377.cpl
%win%system323104ha59toolz09.bin
%win%system3231530virz9173.cpl
%win%system32RANDOM.exe

Even after you have manually deleted all of the above files you should follow up with a scan from a malware removal tool such as superantispyware or malwarebytes antimalware and then scan your pc with a trusted reputable antivirus such as avira, avg, avast, trendmicro, etc. etc. (Yes an online or free scanner is fine as long as it’s reputable.) This final scanning is to clean up any other leftovers of the malware or the means it used to establish itself on the system.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove BlockScanner | Removal Guide BlockScanner looks very much like it's sibling blockwatcher and indeed these two rogue antivirus applications come from the same prolific family (wini). This family includes numerous other rogue antivirus appications such as... Softbarrier (softbarrier removal) and many others have looked the same... Shieldsafeness (see the shieldsafeness removal guide) as well......
  • How to Remove IGuardPC | IGuardPC Removal Guide IGuardPC is one of the latest clones of the winisoft family of rogue antivirus applications. It is typically installed through the use of trojans and fake video codec and or (faked) flash player updates. This rogue will pop up warnings with the title Spyware Alert! and in it's scans will......
  • How to Remove ReAnti | ReAnti Removal Guide ReAnti is a rogue antivirus application from the Wini family. It is typically promoted through supposed flash player updates or video codec updates. Once on your system it will pretend to run a scan and find all sorts of files that it claims are infected with viruses. Of course, like......
Blog Traffic Exchange Related Websites
  • Securing Your Online Business With Internet Security Today, businesses are taking advantage of the Internet to market and sell their products and services. It is now considered a necessity for businesses to integrate the Internet in their operations in order to effectively compete with other businesses and become the best. The Internet offers many advantages in your......
  • Game Preview: Florida Gators vs. Mississippi State Bulldogs Turnovers are Sticking in the Mind of Urban Meyer! With a game against Mississippi State pending, Urban Meyer is looking at the team's current capabilities to determine whether or not the Florida Gators are going to continue their winning streak for another round. In terms of the offense, the gators......
  • Great Golf in Scottish Open and the John Deere Classic Many tuned in this weekend to watch as Luke Donald took control over the Scottish Open. His win is being hailed as a result of the flawless victory on Sunday. He was able to beat out the rest of the field by 4 strokes as a result his 9 under......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site