Delete System Defender

Belonging to the Virus Doctor family of notorious fake anti-spyware programs, System Defender is closely related to its predecessor, Windows System Defender. This rogue software uses scare tactics to try and trick users into buying a license for the software. System Defender is promoted heavily by advertisers and online scammers who use social engineering techniques to trick users into downloading and installing System Defender. Once installed, this rogue anti-spyware creates a number of harmless files on the hard disk, which it later identifies and viruses. It also performs regular fake virus scans, generating pop-ups from the Windows taskbar claiming that the user’s system is at risk. Furthermore, it may block useful Windows utilities like Task Manager and Registry Editor to prevent users from trying to delete System Defender manually. This rogue software claims that its currently installed ‘trial’ version is insufficient to clean the false ‘threats’ to the user’s system, and insists that the user pay for the ‘full’ version of System Defender. It is important to remember that no version of System Defender, ‘trial’ or ‘full’, is capable of cleaning any computer system.

System Defender
As System Defender aggressively tries to prevent its removal by blocking Windows utilities, you will have to restart your computer in Safe Mode before you attempt to remove it. In order to delete System Defender, you will have to stop its processes, unregister its DLLs, delete its files and folders and remove its registry entries.

File Removal Procedures

The first step you must take to delete System Defender is to kill the following processes:

  • WS339.exe
  • ppal.exe
  • tjd.exe

Next, it is necessary to unregister the following DLL files which are related to System Defender:

  • mozcrt19.dll
  • tempdoc.dll
  • sqlite3.dll
  • CLSV.dll
  • PE.dll

The next step is to delete the following files and folders from your hard drive:

  • c:\Documents and Settings\All Users\Application Data\117fc
  • c:\Documents and Settings\All Users\Application Data\117fc\WS339.exe
  • c:\Documents and Settings\All Users\Application Data\117fc\WSD.ico
  • c:\Documents and Settings\All Users\Application Data\WSDDSys
  • c:\Documents and Settings\All Users\Application Data\WSDDSys\wsd.cfg
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\System Defender.lnk
  • %UserProfile%\Application Data\System Defender
  • %UserProfile%\Application Data\System Defender\cookies.sqlite
  • %UserProfile%\Application Data\System Defender\Instructions.ini
  • %UserProfile%\Desktop\System Defender.lnk
  • %UserProfile%\Desktop\xp_7a9be\
  • %UserProfile%\Desktop\xp_7a9be\68.mof
  • %UserProfile%\Desktop\xp_7a9be\mozcrt19.dll
  • %UserProfile%\Desktop\xp_7a9be\sqlite3.dll
  • %UserProfile%\Desktop\xp_7a9be\WSDDSys
  • %UserProfile%\Desktop\xp_7a9be\WSDDSys\vd952342.bd
  • %UserProfile%\Recent\ANTIGEN.dll
  • %UserProfile%\Recent\ANTIGEN.sys
  • %UserProfile%\Recent\ANTIGEN.tmp
  • %UserProfile%\Recent\cid.dll
  • %UserProfile%\Recent\CLSV.dll
  • %UserProfile%\Recent\ddv.tmp
  • %UserProfile%\Recent\PE.dll
  • %UserProfile%\Recent\PE.drv
  • %UserProfile%\Recent\PE.sys
  • %UserProfile%\Recent\ppal.exe
  • %UserProfile%\Recent\runddlkey.drv
  • %UserProfile%\Recent\std.sys
  • %UserProfile%\Recent\tempdoc.dll
  • %UserProfile%\Recent\tjd.exe
  • %UserProfile%\Recent\tjd.sys
  • %UserProfile%\Start Menu\System Defender.lnk
  • %UserProfile%\Start Menu\Programs\System Defender.lnk
  • c:\Program Files\Mozilla Firefox\searchplugins\search.xml

After deletion of these files and folders has been completed, your file system is safe from System Defender. However, in order to make sure that no additional malicious components have been left behind it is recommended to use a genuine antivirus software such as Spyware Doctor with Antivirus.

Registry Removal Procedures

In order to completely delete System Defender, remove the following entries from the Windows Registry:

  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\xp_7a9be.DocHostUIHandler
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = http://search-gala.com/?&uid=220&q={searchTerms}
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
  • HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = http://search-gala.com/?&uid=220&q={searchTerms}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “System Defender”

After this step has been completed, you have completely removed System Defender from your computer.

Conclusion

Inexperienced users should not try to manually delete System Defender as any mistake made due to inexperience could harm your operating system. Therefore the best way to get rid of this rogue program is to use a web-based online computer repair service such as www.onlinecomputerrepair.org, a remote method of removing System Defender that functions under the end-user umbrella of a money-back guarantee.