Windows Enterprise Defender Removal Software
»Download
On a new system boot or on the second one or since a while, your computer is always doing some system scan at first ?
Then a weird Windows having an header with ‘Windows Enterprise Defender’ appears on your screen ?
Eh ! That’s Windows Defender, right ? Of course not… then what is it ??
Well, this is Windows Enterprise Defender ! Bad news is that your computer just got (or was…) infected with that threat ! It is a clone of similar malware, like Virus Doctor.
First, always keep in mind those are bad programs (also called malware). Those programs only want to damage your computer and well, your budget ! (They want to steal you….). Windows Enterprise Defender will try to make you believe you need its registered version.
When was the last time you needed a video coded ? Was it recently ? Could it be the last program you installed before being hit by that Windows Enterprise Defender ? Well, some codec are fake ones and this particular malware is known to use them to infect computers ! Same thing for online scanners: Windows Enterprise Defender will also use them the most it can to infect systems ! In that case, we are talking of fake scanners !
Hackers are infecting good websites or making their own (bad !) websites and putting on them their own rouge programs like Windows Enterprise Defender. A good user, like you and I, will browse such website unaware of anything. That (infected) website will try to push a download onto ours computers, this is also called drive by download. Without a recent security program ready to defend our system or if the malware is very new, we have a high risk of being infected !
If such thing happens then this malware will start by changing the Registry… so on the next login, it will always run and stays resident in the background. The fake files creation will happen then the fake files scan followed by that fake Windows Enterprise Defender screen reporting lots of infected files and threats ! Trying to mimic Windows Defender (the real application…), we already know what the malware we installed really wants: for us to register a full (and fake…) version of that program ! It costs money of course ! Nothing is free here !
More threats are also done by the rouge program, here are some:
User’s Browser Settings are heavily compromised: no update to security programs are possible neither browsing such security related websites. As for your anti-virus programs, you will most likely be unable to use them !
You will get that fake looking-like Windows Defender window claiming your computer is fully infected. You might get notices some hacker is trying to hack your system too!
Useful Windows tools, like the Registry Editor and the System Restore, won’t work anymore until the malware is fully removed.
Always keep in mind, those reports (warnings, threats, attacks, viruses, ….) are all fakes ! This is how Windows Enterprise Defender wants to convince you (to trick you…) to buy a fake registered version and in fact, to get your money !
Since we know this is but fake, if you want (and you have to !) delete Windows Enterprise Defender from your system, I do recommend you something very useful: Spyware Doctor with Antivirus. This excellent software will do a full and in-depth scan of your system and will delete the present malware besides any others threats found.
I understand some people might be reluctant running such program, given the technicality. I do have something for you ! It is an online service ( www.onlinecomputerrepair.org . This website will delete Windows Enterprise Defender. It will be done online by experts. I do recommend this service because I think it is reliable, fast and cost a lot less than your local computer guy.
To manually remove Windows Enterprise Defender do the following:
Kill Processes:
C:\Documents and Settings\All Users\Application Data\c9ba\WindowsEDefender.exe
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\ppal.exe
C:\Documents and Settings\All Users\Application Data\c9ba\sqlite3.dll
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\pal.sys
C:\Documents and Settings\All Users\Application Data\c9ba\mozcrt19.dll
%UserProfile%\Recent\cb.sys
%UserProfile%\Recent\energy.exe
WindowsEDefender.exe
Delete Registry Values:
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\WindowsEDefender.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” => “http://search-gala.com/?&uid=7&q={searchTerms}”
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes “URL”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “[xSP_2:61a6083b6194a2314e3dd54cf9615e36_7]“
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “876902803″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Windows Enterprise Defender”
Delete Files:
Windows Enterprise Defender.lnk
WindowsEDefender.exe
Windows Enterprise Defender
%UserProfile%\Start Menu\Programs\Windows Enterprise Defender.lnk
%UserProfile%\Start Menu\Windows Enterprise Defender.lnk
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\pal.sys
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\cb.sys
%UserProfile%\Desktop\Windows Enterprise Defender.lnk
%UserProfile%\Application Data\Windows Enterprise Defender\cookies.sqlite
%UserProfile%\Application Data\Windows Enterprise Defender
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Defender.lnk
C:\Documents and Settings\All Users\Application Data\WEDDSys\wed.cfg
C:\Documents and Settings\All Users\Application Data\WEDDSys
C:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys
C:\Documents and Settings\All Users\Application Data\c9ba\WindowsEDefender.exe
C:\Documents and Settings\All Users\Application Data\c9ba\WED.ico
C:\Documents and Settings\All Users\Application Data\c9ba\unins000.dat
C:\Documents and Settings\All Users\Application Data\c9ba\sqlite3.dll
C:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys\vd952342.bd
C:\Documents and Settings\All Users\Application Data\c9ba\mozcrt19.dll
C:\Documents and Settings\All Users\Application Data\c9ba\83.mof
C:\Program Files\Mozilla Firefox\searchplugins\search.xml
C:\Documents and Settings\All Users\Application Data\c9ba
Delete Directories:
%AllUsersProfile%\Application Data\c9ba
%AllUsersProfile%\Application Data\c9ba\WEDDSys
%AllUsersProfile%\Application Data\WEDDSys
%UserProfile%\Application Data\Windows Enterprise Defender