How to Remove APCDefender | How to Remove SysProtector | How to Remove InSysSecure | How to Remove SysDefenders

It looks like we’ve been awash in variants of the wini family lately so I’m combining three of the latest rogue antivirus applications in that family into one post. This post will talk about removing APCDefender, removing Sysprotector and Removing InSysSecure and removing SysDefenders. Some of the same steps would be taken for each anyway. The main thing that they have unique are the names of the rogues and the filenames that they make use of once they install on your system. They all of course are from the wini family of rogue antivirus software and are typically promoted through trojan or other malware activity. Once installed on your system each of this rogues will run scans of your machine and claim that you have security issues on your pc and that there are even viruses on your computer. These viruses are usually either files that the rogue itself creates, or files that are already normally on your computer. Read on for how to remove APCDefender, how to remove Sysprotector and how to remove InSysSecure and how to remove sysdefenders.

Among the warnings that each of these rogues pops up are warnings 4 languages that read something like the following:

German Alert:
Spzprogramm Warnzeichen!
Ihr Computer ist mit Spionprogramm infektioniert. Das kann Ihren Dateien und die im Internet zugänglich machen. Klicken bitte hier, um Ihre Kopie von SysDefenders zu registrieren und Ihr PC von Spyprogramm frei zu machen.

English Alert:
Spyware Alert!
Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of BlockProtector and remove spyware threats from your PC.

French Alert:
Spyware Alerte!
Votre ordinateur est infecté de spyware. Il pourrait endommager vos fichiers critiques ou exposer vos données prives sur ‘Internet. Cliquez ici pour enregistrer votre copie de SysDefenders et enléver des menaces spyware de votre OP.

Italian Alert:
Spyware miniaccia!
Il suo computer è infetto di spyware. Puo dannegiare i suoi files criticali rivelare i suoi dati personali nell’Internet. Clicca qui per registrare la sua coppia di SysDefenders e rimouvere le minacce di spyware dal suo computer.

The first removal step you really should consider for any piece of software is to go to the control panel, find the add/remove programs area and try to uninstall it. So, in this case, go and look for apcdefender, sysprotector, insyssecure, or sysdefenders and try to uninstall apcdefender or uninstall sysprotector, or uninstall insyssecure, or uninstall sysdefenders. Likely this will not worth but is always worth a first try. Even if it does work will we really trust the makers of this rogue with truly uninstalling all of their goodies? No. Follow up, even if it looks to have successfully uninstalled the rogue by scanning your computer with a good malware removal tool and a good, reputable antivirus application. By reputable antivirus I mean: trendmicro, avira, avg, avast, norton, mcafee, etc. An online scan is fine, free is fine as well as it’s a reputable antivirus application.

For a more automated removal of these rogues you may wish to download a tool such as malwarebytes antimalware or superantispyware. I have a link to malwarebytes antimalware on my virus removal toolkit page. Once that is downloaded start the installer and see if it will install. If so, update and scan. Then clean out what it finds. If it will not install there are a few tricks you may try to get it onto the system. 1) rename the installer from mbam-setup.exe (or whatever it may be) to explorer.exe and then launch this to install. 2) reboot into safe mode (with networking so you can update) and install in safe mode and then update and scan. 3) try to follow the next manual removal step which is killing off the running processes associated with these rogues and after that retry the install of your malware removal tool.

The next groups will list the running processes associated with each of the rogues we’re covering in this writeup. Each should be killed off using the task manager in order to continue with the removal of the rogue. If you are unable to launch the task manager you may try a few tricks here too….. 1) copy and paste taskmgr.exe to the desktop and then rename it to iexplore.exe and launch this program to kill off the listed processes. 2) Boot into safe mode (with networking is fine) and verify if the processes listed are running. 3) use process explorer instead of task manager (link to it is on the same virus removal toolkit page.

The running processes associated with apcdefender are:


The running processes associated with insyssecure are:


The running processes associated with sysprotector are:


The running processes associated with Sysdefenders are:


The above lists of running processes include names that are randomized when the rogue is installed on your system. This will likely be different for each computer and you really should look at the lists of files below, their locations as well as the file names you find on your system to help you make the judgment call as to which running processes (above) should be killed off or which files (below) should be deleted.

After the running processes are killed off you should now be able to install your malware removal tool and automatically remove the rogue or you may wish to continue to manually remove insyssecure, or manually remove apcdefender, or manually remove sysprotector or manually remove sysdefenders depending on which of these rogues you are afflicted with.

For manual removal the following lists of files should be deleted from your system. Again, there is randomization with some of the filenames. Use what you find on your system to help you determine which files match the naming and location patterns listed.

The files associated with apcdefender are:

%docs%All UsersDesktopAPcDefender.lnk
%docs%All UsersStart MenuProgramsAPcDefender
%docs%All UsersStart MenuProgramsAPcDefender1 APcDefender.lnk
%docs%All UsersStart MenuProgramsAPcDefender2 Homepage.lnk
%docs%All UsersStart MenuProgramsAPcDefender3 Uninstall.lnk
%progfiles%APcDefender Software
%progfiles%APcDefender SoftwareAPcDefender
%progfiles%APcDefender SoftwareAPcDefenderAPcDefender.exe
%progfiles%APcDefender SoftwareAPcDefendermain_config.xml
%progfiles%APcDefender SoftwareAPcDefenderuninstall.exe

The files associated with sysprotector are:

%docs%All UsersDesktopSysProtector.lnk
%docs%All UsersStart MenuProgramsSysProtector
%docs%All UsersStart MenuProgramsSysProtector1 SysProtector.lnk
%docs%All UsersStart MenuProgramsSysProtector2 Homepage.lnk
%docs%All UsersStart MenuProgramsSysProtector3 Uninstall.lnk
%progfiles%SysProtector Software
%progfiles%SysProtector SoftwareSysProtector
%progfiles%SysProtector SoftwareSysProtectormain_config.xml
%progfiles%SysProtector SoftwareSysProtectorSysProtector.exe
%progfiles%SysProtector SoftwareSysProtectoruninstall.exe

The files associated with InSysSecure are:

%docs%All UsersDesktopInSysSecure.lnk
%docs%All UsersStart MenuProgramsInSysSecure
%docs%All UsersStart MenuProgramsInSysSecure1 InSysSecure.lnk
%docs%All UsersStart MenuProgramsInSysSecure2 Homepage.lnk
%docs%All UsersStart MenuProgramsInSysSecure3 Uninstall.lnk
%progfiles%InSysSecure Software
%progfiles%InSysSecure SoftwareInSysSecure
%progfiles%InSysSecure SoftwareInSysSecureInSysSecure.exe
%progfiles%InSysSecure SoftwareInSysSecuremain_config.xml
%progfiles%InSysSecure SoftwareInSysSecureuninstall.exe

The files associated with SysDefenders are:

%docs%All UsersDesktopSysDefenders.lnk
%docs%All UsersStart MenuProgramsSysDefenders
%docs%All UsersStart MenuProgramsSysDefenders1 SysDefenders.lnk
%docs%All UsersStart MenuProgramsSysDefenders2 Homepage.lnk
%docs%All UsersStart MenuProgramsSysDefenders3 Uninstall.lnk
%progfiles%SysDefenders Software
%progfiles%SysDefenders SoftwareSysDefenders
%progfiles%SysDefenders SoftwareSysDefendersmain_config.xml
%progfiles%SysDefenders SoftwareSysDefendersSysDefenders.exe
%progfiles%SysDefenders SoftwareSysDefendersuninstall.exe

Even after you have manually deleted all of the above files you should follow up with a scan from a malware removal tool such as superantispyware or malwarebytes antimalware and then scan your pc with a trusted reputable antivirus such as avira, avg, avast, trendmicro, etc. etc. (Yes an online or free scanner is fine as long as it’s reputable.) This final scanning is to clean up any other leftovers of the malware or the means it used to establish itself on the system.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove IGuardPC | IGuardPC Removal Guide IGuardPC is one of the latest clones of the winisoft family of rogue antivirus applications. It is typically installed through the use of trojans and fake video codec and or (faked) flash player updates. This rogue will pop up warnings with the title Spyware Alert! and in it's scans will......
  • Total Security Antivirus Removal Total Security Antivirus is another rogue security application that poses as legitimate antivirus software to dupe people into installing and then paying for it. It is related to Antivirus 360 and is perhaps the followup software from the same group. This particular pest is possibly installing itself onto systems by......
  • How to Remove ReAnti | ReAnti Removal Guide ReAnti is a rogue antivirus application from the Wini family. It is typically promoted through supposed flash player updates or video codec updates. Once on your system it will pretend to run a scan and find all sorts of files that it claims are infected with viruses. Of course, like......
Blog Traffic Exchange Related Websites
  • SVCHOST.exe - What is it and why are there so many of them? I get asked this a lot.  When you run Task Manager in XP and look at the process list, you see tons of svchost.exe processes running.  You can't kill them (you don't really want to) and there's no obvious reason that there are so many of them. What are they? ......
  • Handling The Equity Curve Trading A money management technique that can sometimes improve trading performance is to modify the position sizing based on crossovers of a moving average of the equity curve. The basic idea is to either trade more or fewer contracts when the equity curve crosses above or below its moving average.......
  • Game Preview: Florida Gators vs. Mississippi State Bulldogs Turnovers are Sticking in the Mind of Urban Meyer! With a game against Mississippi State pending, Urban Meyer is looking at the team's current capabilities to determine whether or not the Florida Gators are going to continue their winning streak for another round. In terms of the offense, the gators......    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

Comments are closed.

Switch to our mobile site