How to Remove APCDefender | How to Remove SysProtector | How to Remove InSysSecure | How to Remove SysDefenders
It looks like we’ve been awash in variants of the wini family lately so I’m combining three of the latest rogue antivirus applications in that family into one post. This post will talk about removing APCDefender, removing Sysprotector and Removing InSysSecure and removing SysDefenders. Some of the same steps would be taken for each anyway. The main thing that they have unique are the names of the rogues and the filenames that they make use of once they install on your system. They all of course are from the wini family of rogue antivirus software and are typically promoted through trojan or other malware activity. Once installed on your system each of this rogues will run scans of your machine and claim that you have security issues on your pc and that there are even viruses on your computer. These viruses are usually either files that the rogue itself creates, or files that are already normally on your computer. Read on for how to remove APCDefender, how to remove Sysprotector and how to remove InSysSecure and how to remove sysdefenders.
Among the warnings that each of these rogues pops up are warnings 4 languages that read something like the following:
Ihr Computer ist mit Spionprogramm infektioniert. Das kann Ihren Dateien und die im Internet zugänglich machen. Klicken bitte hier, um Ihre Kopie von SysDefenders zu registrieren und Ihr PC von Spyprogramm frei zu machen.
Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of BlockProtector and remove spyware threats from your PC.
Votre ordinateur est infecté de spyware. Il pourrait endommager vos fichiers critiques ou exposer vos données prives sur ‘Internet. Cliquez ici pour enregistrer votre copie de SysDefenders et enléver des menaces spyware de votre OP.
Il suo computer è infetto di spyware. Puo dannegiare i suoi files criticali rivelare i suoi dati personali nell’Internet. Clicca qui per registrare la sua coppia di SysDefenders e rimouvere le minacce di spyware dal suo computer.
The first removal step you really should consider for any piece of software is to go to the control panel, find the add/remove programs area and try to uninstall it. So, in this case, go and look for apcdefender, sysprotector, insyssecure, or sysdefenders and try to uninstall apcdefender or uninstall sysprotector, or uninstall insyssecure, or uninstall sysdefenders. Likely this will not worth but is always worth a first try. Even if it does work will we really trust the makers of this rogue with truly uninstalling all of their goodies? No. Follow up, even if it looks to have successfully uninstalled the rogue by scanning your computer with a good malware removal tool and a good, reputable antivirus application. By reputable antivirus I mean: trendmicro, avira, avg, avast, norton, mcafee, etc. An online scan is fine, free is fine as well as it’s a reputable antivirus application.
For a more automated removal of these rogues you may wish to download a tool such as malwarebytes antimalware or superantispyware. I have a link to malwarebytes antimalware on my virus removal toolkit page. Once that is downloaded start the installer and see if it will install. If so, update and scan. Then clean out what it finds. If it will not install there are a few tricks you may try to get it onto the system. 1) rename the installer from mbam-setup.exe (or whatever it may be) to explorer.exe and then launch this to install. 2) reboot into safe mode (with networking so you can update) and install in safe mode and then update and scan. 3) try to follow the next manual removal step which is killing off the running processes associated with these rogues and after that retry the install of your malware removal tool.
The next groups will list the running processes associated with each of the rogues we’re covering in this writeup. Each should be killed off using the task manager in order to continue with the removal of the rogue. If you are unable to launch the task manager you may try a few tricks here too….. 1) copy and paste taskmgr.exe to the desktop and then rename it to iexplore.exe and launch this program to kill off the listed processes. 2) Boot into safe mode (with networking is fine) and verify if the processes listed are running. 3) use process explorer instead of task manager (link to it is on the same virus removal toolkit page.
The above lists of running processes include names that are randomized when the rogue is installed on your system. This will likely be different for each computer and you really should look at the lists of files below, their locations as well as the file names you find on your system to help you make the judgment call as to which running processes (above) should be killed off or which files (below) should be deleted.
After the running processes are killed off you should now be able to install your malware removal tool and automatically remove the rogue or you may wish to continue to manually remove insyssecure, or manually remove apcdefender, or manually remove sysprotector or manually remove sysdefenders depending on which of these rogues you are afflicted with.
For manual removal the following lists of files should be deleted from your system. Again, there is randomization with some of the filenames. Use what you find on your system to help you determine which files match the naming and location patterns listed.
The files associated with apcdefender are:
%docs%All UsersStart MenuProgramsAPcDefender
%docs%All UsersStart MenuProgramsAPcDefender1 APcDefender.lnk
%docs%All UsersStart MenuProgramsAPcDefender2 Homepage.lnk
%docs%All UsersStart MenuProgramsAPcDefender3 Uninstall.lnk
The files associated with sysprotector are:
%docs%All UsersStart MenuProgramsSysProtector
%docs%All UsersStart MenuProgramsSysProtector1 SysProtector.lnk
%docs%All UsersStart MenuProgramsSysProtector2 Homepage.lnk
%docs%All UsersStart MenuProgramsSysProtector3 Uninstall.lnk
The files associated with InSysSecure are:
%docs%All UsersStart MenuProgramsInSysSecure
%docs%All UsersStart MenuProgramsInSysSecure1 InSysSecure.lnk
%docs%All UsersStart MenuProgramsInSysSecure2 Homepage.lnk
%docs%All UsersStart MenuProgramsInSysSecure3 Uninstall.lnk
The files associated with SysDefenders are:
%docs%All UsersStart MenuProgramsSysDefenders
%docs%All UsersStart MenuProgramsSysDefenders1 SysDefenders.lnk
%docs%All UsersStart MenuProgramsSysDefenders2 Homepage.lnk
%docs%All UsersStart MenuProgramsSysDefenders3 Uninstall.lnk
Even after you have manually deleted all of the above files you should follow up with a scan from a malware removal tool such as superantispyware or malwarebytes antimalware and then scan your pc with a trusted reputable antivirus such as avira, avg, avast, trendmicro, etc. etc. (Yes an online or free scanner is fine as long as it’s reputable.) This final scanning is to clean up any other leftovers of the malware or the means it used to establish itself on the system.
Related PostsRelated Posts
- How to Remove BlockScanner | Removal Guide BlockScanner looks very much like it's sibling blockwatcher and indeed these two rogue antivirus applications come from the same prolific family (wini). This family includes numerous other rogue antivirus appications such as... Softbarrier (softbarrier removal) and many others have looked the same... Shieldsafeness (see the shieldsafeness removal guide) as well......
- How to Remove ReAnti | ReAnti Removal Guide ReAnti is a rogue antivirus application from the Wini family. It is typically promoted through supposed flash player updates or video codec updates. Once on your system it will pretend to run a scan and find all sorts of files that it claims are infected with viruses. Of course, like......
- Total Security Antivirus Removal Total Security Antivirus is another rogue security application that poses as legitimate antivirus software to dupe people into installing and then paying for it. It is related to Antivirus 360 and is perhaps the followup software from the same group. This particular pest is possibly installing itself onto systems by......
- SVCHOST.exe - What is it and why are there so many of them? I get asked this a lot. When you run Task Manager in XP and look at the process list, you see tons of svchost.exe processes running. You can't kill them (you don't really want to) and there's no obvious reason that there are so many of them. What are they? ......
- Securing Your Online Business With Internet Security Today, businesses are taking advantage of the Internet to market and sell their products and services. It is now considered a necessity for businesses to integrate the Internet in their operations in order to effectively compete with other businesses and become the best. The Internet offers many advantages in your......
- Low Cost Computing for a Baby Boomer Lifestyle I rely heavily on personal computers for work and home activities. So do you. One of my objectives over the past couple of years has been to reduce the cost of computing in the one area where cost-control is easiest: software. I have found many free software applications that work......
- How to Remove TrustFighter | Trust Fighter Removal Guide
- How to Remove TrustSoldier | Trust Soldier Removal Guide
- How to Remove SafeFighter | Safe Fighter Removal Guide
- How to Remove AntiTroy | AntiTroy Removal Guide
- How to Remove SoftStronghold | Soft Stronghold Removal Guide