How to Remove APCDefender | How to Remove SysProtector | How to Remove InSysSecure | How to Remove SysDefenders



It looks like we’ve been awash in variants of the wini family lately so I’m combining three of the latest rogue antivirus applications in that family into one post. This post will talk about removing APCDefender, removing Sysprotector and Removing InSysSecure and removing SysDefenders. Some of the same steps would be taken for each anyway. The main thing that they have unique are the names of the rogues and the filenames that they make use of once they install on your system. They all of course are from the wini family of rogue antivirus software and are typically promoted through trojan or other malware activity. Once installed on your system each of this rogues will run scans of your machine and claim that you have security issues on your pc and that there are even viruses on your computer. These viruses are usually either files that the rogue itself creates, or files that are already normally on your computer. Read on for how to remove APCDefender, how to remove Sysprotector and how to remove InSysSecure and how to remove sysdefenders.


Among the warnings that each of these rogues pops up are warnings 4 languages that read something like the following:
(German/English/French/Italian)

German Alert:
Spzprogramm Warnzeichen!
Ihr Computer ist mit Spionprogramm infektioniert. Das kann Ihren Dateien und die im Internet zugänglich machen. Klicken bitte hier, um Ihre Kopie von SysDefenders zu registrieren und Ihr PC von Spyprogramm frei zu machen.

English Alert:
Spyware Alert!
Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of BlockProtector and remove spyware threats from your PC.

French Alert:
Spyware Alerte!
Votre ordinateur est infecté de spyware. Il pourrait endommager vos fichiers critiques ou exposer vos données prives sur ‘Internet. Cliquez ici pour enregistrer votre copie de SysDefenders et enléver des menaces spyware de votre OP.

Italian Alert:
Spyware miniaccia!
Il suo computer è infetto di spyware. Puo dannegiare i suoi files criticali rivelare i suoi dati personali nell’Internet. Clicca qui per registrare la sua coppia di SysDefenders e rimouvere le minacce di spyware dal suo computer.

The first removal step you really should consider for any piece of software is to go to the control panel, find the add/remove programs area and try to uninstall it. So, in this case, go and look for apcdefender, sysprotector, insyssecure, or sysdefenders and try to uninstall apcdefender or uninstall sysprotector, or uninstall insyssecure, or uninstall sysdefenders. Likely this will not worth but is always worth a first try. Even if it does work will we really trust the makers of this rogue with truly uninstalling all of their goodies? No. Follow up, even if it looks to have successfully uninstalled the rogue by scanning your computer with a good malware removal tool and a good, reputable antivirus application. By reputable antivirus I mean: trendmicro, avira, avg, avast, norton, mcafee, etc. An online scan is fine, free is fine as well as it’s a reputable antivirus application.

For a more automated removal of these rogues you may wish to download a tool such as malwarebytes antimalware or superantispyware. I have a link to malwarebytes antimalware on my virus removal toolkit page. Once that is downloaded start the installer and see if it will install. If so, update and scan. Then clean out what it finds. If it will not install there are a few tricks you may try to get it onto the system. 1) rename the installer from mbam-setup.exe (or whatever it may be) to explorer.exe and then launch this to install. 2) reboot into safe mode (with networking so you can update) and install in safe mode and then update and scan. 3) try to follow the next manual removal step which is killing off the running processes associated with these rogues and after that retry the install of your malware removal tool.

The next groups will list the running processes associated with each of the rogues we’re covering in this writeup. Each should be killed off using the task manager in order to continue with the removal of the rogue. If you are unable to launch the task manager you may try a few tricks here too….. 1) copy and paste taskmgr.exe to the desktop and then rename it to iexplore.exe and launch this program to kill off the listed processes. 2) Boot into safe mode (with networking is fine) and verify if the processes listed are running. 3) use process explorer instead of task manager (link to it is on the same virus removal toolkit page.

The running processes associated with apcdefender are:

uninstall.exe
apcdefender.exe
RANDOM.exe

The running processes associated with insyssecure are:

uninstall.exe
insyssecure.exe
RANDOM.exe

The running processes associated with sysprotector are:

uninstall.exe
Sysprotector.exe
RANDOM.exe

The running processes associated with Sysdefenders are:

uninstall.exe
sysdefenders.exe
RANDOM.exe

The above lists of running processes include names that are randomized when the rogue is installed on your system. This will likely be different for each computer and you really should look at the lists of files below, their locations as well as the file names you find on your system to help you make the judgment call as to which running processes (above) should be killed off or which files (below) should be deleted.

After the running processes are killed off you should now be able to install your malware removal tool and automatically remove the rogue or you may wish to continue to manually remove insyssecure, or manually remove apcdefender, or manually remove sysprotector or manually remove sysdefenders depending on which of these rogues you are afflicted with.

For manual removal the following lists of files should be deleted from your system. Again, there is randomization with some of the filenames. Use what you find on your system to help you determine which files match the naming and location patterns listed.

The files associated with apcdefender are:

%docs%\All Users\Desktop\APcDefender.lnk
%docs%\All Users\Start Menu\Programs\APcDefender
%docs%\All Users\Start Menu\Programs\APcDefender\1 APcDefender.lnk
%docs%\All Users\Start Menu\Programs\APcDefender\2 Homepage.lnk
%docs%\All Users\Start Menu\Programs\APcDefender\3 Uninstall.lnk
%progfiles%\APcDefender Software
%progfiles%\APcDefender Software\APcDefender
%progfiles%\APcDefender Software\APcDefender\APcDefender.exe
%progfiles%\APcDefender Software\APcDefender\main_config.xml
%progfiles%\APcDefender Software\APcDefender\uninstall.exe
%tmp%\RANDOM.exe
%win%\10040spz5229.exe
%win%\10134noz5a-viru93b5.exe
%win%\10658not-a-vir9s7z25.ocx
%win%\system32\22813virus9fz5.bin
%win%\system32\22929zpa5bot57e.exe
%win%\system32\22988spambzt58c9.cpl
%win%\system32\RANDOM.exe

The files associated with sysprotector are:

%docs%\All Users\Desktop\SysProtector.lnk
%docs%\All Users\Start Menu\Programs\SysProtector
%docs%\All Users\Start Menu\Programs\SysProtector\1 SysProtector.lnk
%docs%\All Users\Start Menu\Programs\SysProtector\2 Homepage.lnk
%docs%\All Users\Start Menu\Programs\SysProtector\3 Uninstall.lnk
%progfiles%\SysProtector Software
%progfiles%\SysProtector Software\SysProtector
%progfiles%\SysProtector Software\SysProtector\main_config.xml
%progfiles%\SysProtector Software\SysProtector\SysProtector.exe
%progfiles%\SysProtector Software\SysProtector\uninstall.exe
%tmp%\RANDOM.exe
%win%\10327s5ambzt98b.cpl
%win%\10390wzrmac5.cpl
%win%\10555hacktoo9309z.dll
%win%\system32\2dz4th95at18116.dll
%win%\system32\2e6aadd9arz2815.ocx
%win%\system32\RANDOM.exe

The files associated with InSysSecure are:

%docs%\All Users\Desktop\InSysSecure.lnk
%docs%\All Users\Start Menu\Programs\InSysSecure
%docs%\All Users\Start Menu\Programs\InSysSecure\1 InSysSecure.lnk
%docs%\All Users\Start Menu\Programs\InSysSecure\2 Homepage.lnk
%docs%\All Users\Start Menu\Programs\InSysSecure\3 Uninstall.lnk
%progfiles%\InSysSecure Software
%progfiles%\InSysSecure Software\InSysSecure
%progfiles%\InSysSecure Software\InSysSecure\InSysSecure.exe
%progfiles%\InSysSecure Software\InSysSecure\main_config.xml
%progfiles%\InSysSecure Software\InSysSecure\uninstall.exe
%tmp%\RANDOM.exe
%win%\103215zoj198.dll
%win%\10543v5zus929.bin
%win%\system32\29495zy1d5.exe
%win%\system32\295859pz6ec.bin
%win%\system32\2959spzrse1354.cpl
%win%\system32\RANDOM.exe

The files associated with SysDefenders are:

%docs%\All Users\Desktop\SysDefenders.lnk
%docs%\All Users\Start Menu\Programs\SysDefenders
%docs%\All Users\Start Menu\Programs\SysDefenders\1 SysDefenders.lnk
%docs%\All Users\Start Menu\Programs\SysDefenders\2 Homepage.lnk
%docs%\All Users\Start Menu\Programs\SysDefenders\3 Uninstall.lnk
%progfiles%\SysDefenders Software
%progfiles%\SysDefenders Software\SysDefenders
%progfiles%\SysDefenders Software\SysDefenders\main_config.xml
%progfiles%\SysDefenders Software\SysDefenders\SysDefenders.exe
%progfiles%\SysDefenders Software\SysDefenders\uninstall.exe
%tmp%\RANDOM.exe
%win%\1036thrzat52459.ocx
%win%\104z95acktool7e89.ocx
%win%\107zvi59576.bin
%win%\system32\30946zp5377.cpl
%win%\system32\3104ha59toolz09.bin
%win%\system32\31530virz9173.cpl
%win%\system32\RANDOM.exe

Even after you have manually deleted all of the above files you should follow up with a scan from a malware removal tool such as superantispyware or malwarebytes antimalware and then scan your pc with a trusted reputable antivirus such as avira, avg, avast, trendmicro, etc. etc. (Yes an online or free scanner is fine as long as it’s reputable.) This final scanning is to clean up any other leftovers of the malware or the means it used to establish itself on the system.

   Send article as PDF   

Similar Posts