Windows Enterprise Defender Removal

What kind of program is Windows Enterprise Defender ? It is a malware. A very bad software program trying to damage your computer and make money on your behalf by pretending you need their full registered version to clean your system. For now your system is infected with it.

Windows Enterprise Defender

Windows Enterprise Defender

» Download Windows Enterprise Defender Removal Software

Fully read this guide to know how to remove Windows Enterprise Defender and clean your computer. Malware like Windows Enterprise Defender propagate themselves in many ways, maybe you know some. Be careful of the following ones:

  • Many trojans will masquerade themselves as fake codecs. Windows Enterprise Defender is well known to propagate through zlob/MediaAccess Codec installers.

Such installers can be downloaded as a 'drive by download' feature as found in many sites hacked or even created by hackers. So you were visiting such site and either the threat was a new one or your security software not really recent….you downloaded  the rouge program (in fact the website pushed it onto your computer) and got infected ! So downloaded, Windows Enterprise Defender will quickly start to create many, many fake files ! The next step would be for it to scan and report those files as infections, threats and more ! As you guessed, it was a fake scans for…fake files ! That fake Windows Defender window we talked at the beginning will report those (fake !) infections with the requirement (not true…) to buy the registered version. Since we know those reports are fake, we know Windows Enterprise Defender only wants to deceive you and to steal your money ! No need to make that purchase: it will never work.  This virus removal guide should help you remove the current strain of this. Since those hackers are not so stupid, they have programmed Windows Enterprise Defender to block many features related to anti-virus programs so you won't delete it. Like your own security program might not work at all and you might not be able to access any others online. Others features, like System Restore and the Registry Editor, were programmed not to function once this rouge software would infect a given system. Windows Enterprise Defender will modify your browser settings, will show you many advertisements and finally this malware will stays resident in the background.

Some symptoms of Windows Enterprise Defender:

  • Bogus Scan results
  • Auto Scans on Start-up
  • Warning coming out of a fake shield in the system tray
  • pop-ups and re-directs to the fake software's website
  • constant warnings of being infected as well as false statements of other trojans

Manual removal instructions for Windows Enterprise Defender ( Please read our disclaimer below )

Kill Windows Enterprise Defender processes: ( Learn How to Kill a Process Here. Opens in new Window )

  • WindowsEDefender.exe

We do recommend you run a full scan using SpyHunter. Even if you do not intend on purchasing the product it will help to stop the virus from re-installing and re-activating while you manually remove it. Also it will inform you of any new changes to the file names. You may need this if it mutates. Delete Windows Enterprise Defender registry values: ( Learn How to Edit Registry Here. Opens in new Window )

  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\WindowsEDefender.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” => “http://search-gala.com/?&uid=7&q={searchTerms}”
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes “URL”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “[xSP_2:61a6083b6194a2314e3dd54cf9615e36_7]“
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “876902803″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Windows Enterprise Defender”

Delete files: ( Hint ) Most of these files will be in the %All Users%\Application Data\c9ba\ directory.

  • Windows Enterprise Defender.lnk
  • WindowsEDefender.exe
  • Windows Enterprise Defender
  • %UserProfile%\Start Menu\Programs\Windows Enterprise Defender.lnk
  • %UserProfile%\Start Menu\Windows Enterprise Defender.lnk
  • %UserProfile%\Recent\tempdoc.tmp
  • %UserProfile%\Recent\ppal.exe
  • %UserProfile%\Recent\PE.drv
  • %UserProfile%\Recent\pal.sys
  • %UserProfile%\Recent\energy.exe
  • %UserProfile%\Recent\eb.sys
  • %UserProfile%\Recent\ddv.dll
  • %UserProfile%\Recent\cb.sys
  • %UserProfile%\Desktop\Windows Enterprise Defender.lnk
  • %UserProfile%\Application Data\Windows Enterprise Defender\cookies.sqlite
  • %UserProfile%\Application Data\Windows Enterprise Defender
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Defender.lnk
  • C:\Documents and Settings\All Users\Application Data\WEDDSys\wed.cfg
  • C:\Documents and Settings\All Users\Application Data\WEDDSys
  • C:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys
  • C:\Documents and Settings\All Users\Application Data\c9ba\WindowsEDefender.exe
  • C:\Documents and Settings\All Users\Application Data\c9ba\WED.ico
  • C:\Documents and Settings\All Users\Application Data\c9ba\unins000.dat
  • C:\Documents and Settings\All Users\Application Data\c9ba\sqlite3.dll
  • C:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys\vd952342.bd
  • C:\Documents and Settings\All Users\Application Data\c9ba\mozcrt19.dll
  • C:\Documents and Settings\All Users\Application Data\c9ba\83.mof
  • C:\Program Files\Mozilla Firefox\searchplugins\search.xml
  • C:\Documents and Settings\All Users\Application Data\c9ba

Delete directories: ( Please note that in most cases everything in this folder can be deleted. Just be sure it's the correct folder 😉

  • %AllUsersProfile%\Application Data\c9ba
  • %AllUsersProfile%\Application Data\c9ba\WEDDSys
  • %AllUsersProfile%\Application Data\WEDDSys
  • %UserProfile%\Application Data\Windows Enterprise Defender

Outside Resources:

http://www.bleepingcomputer.com/virus-removal/remove-windows-enterprise-defender

http://www.myantispyware.com/2009/10/10/how-to-remove-windows-enterprise-defender-uninstall-instructions/

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.