What kind of program is Windows Enterprise Defender ? It is a malware. A very bad software program trying to damage your computer and make money on your behalf by pretending you need their full registered version to clean your system. For now your system is infected with it.
Windows Enterprise Defender
» Download Windows Enterprise Defender Removal Software
Fully read this guide to know how to remove Windows Enterprise Defender and clean your computer. Malware like Windows Enterprise Defender propagate themselves in many ways, maybe you know some. Be careful of the following ones:
- Many trojans will masquerade themselves as fake codecs. Windows Enterprise Defender is well known to propagate through zlob/MediaAccess Codec installers.
Such installers can be downloaded as a 'drive by download' feature as found in many sites hacked or even created by hackers. So you were visiting such site and either the threat was a new one or your security software not really recent….you downloaded the rouge program (in fact the website pushed it onto your computer) and got infected ! So downloaded, Windows Enterprise Defender will quickly start to create many, many fake files ! The next step would be for it to scan and report those files as infections, threats and more ! As you guessed, it was a fake scans for…fake files ! That fake Windows Defender window we talked at the beginning will report those (fake !) infections with the requirement (not true…) to buy the registered version. Since we know those reports are fake, we know Windows Enterprise Defender only wants to deceive you and to steal your money ! No need to make that purchase: it will never work. This virus removal guide should help you remove the current strain of this. Since those hackers are not so stupid, they have programmed Windows Enterprise Defender to block many features related to anti-virus programs so you won't delete it. Like your own security program might not work at all and you might not be able to access any others online. Others features, like System Restore and the Registry Editor, were programmed not to function once this rouge software would infect a given system. Windows Enterprise Defender will modify your browser settings, will show you many advertisements and finally this malware will stays resident in the background.
Some symptoms of Windows Enterprise Defender:
- Bogus Scan results
- Auto Scans on Start-up
- Warning coming out of a fake shield in the system tray
- pop-ups and re-directs to the fake software's website
- constant warnings of being infected as well as false statements of other trojans
Manual removal instructions for Windows Enterprise Defender ( Please read our disclaimer below )
Kill Windows Enterprise Defender processes: ( Learn How to Kill a Process Here. Opens in new Window )
- WindowsEDefender.exe
We do recommend you run a full scan using SpyHunter. Even if you do not intend on purchasing the product it will help to stop the virus from re-installing and re-activating while you manually remove it. Also it will inform you of any new changes to the file names. You may need this if it mutates. Delete Windows Enterprise Defender registry values: ( Learn How to Edit Registry Here. Opens in new Window )
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CLASSES_ROOT\WindowsEDefender.DocHostUIHandler
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” => “http://search-gala.com/?&uid=7&q={searchTerms}”
- HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes “URL”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “[xSP_2:61a6083b6194a2314e3dd54cf9615e36_7]“
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “876902803″
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Windows Enterprise Defender”
Delete files: ( Hint ) Most of these files will be in the %All Users%\Application Data\c9ba\ directory.
- Windows Enterprise Defender.lnk
- WindowsEDefender.exe
- Windows Enterprise Defender
- %UserProfile%\Start Menu\Programs\Windows Enterprise Defender.lnk
- %UserProfile%\Start Menu\Windows Enterprise Defender.lnk
- %UserProfile%\Recent\tempdoc.tmp
- %UserProfile%\Recent\ppal.exe
- %UserProfile%\Recent\PE.drv
- %UserProfile%\Recent\pal.sys
- %UserProfile%\Recent\energy.exe
- %UserProfile%\Recent\eb.sys
- %UserProfile%\Recent\ddv.dll
- %UserProfile%\Recent\cb.sys
- %UserProfile%\Desktop\Windows Enterprise Defender.lnk
- %UserProfile%\Application Data\Windows Enterprise Defender\cookies.sqlite
- %UserProfile%\Application Data\Windows Enterprise Defender
- %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Defender.lnk
- C:\Documents and Settings\All Users\Application Data\WEDDSys\wed.cfg
- C:\Documents and Settings\All Users\Application Data\WEDDSys
- C:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys
- C:\Documents and Settings\All Users\Application Data\c9ba\WindowsEDefender.exe
- C:\Documents and Settings\All Users\Application Data\c9ba\WED.ico
- C:\Documents and Settings\All Users\Application Data\c9ba\unins000.dat
- C:\Documents and Settings\All Users\Application Data\c9ba\sqlite3.dll
- C:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys\vd952342.bd
- C:\Documents and Settings\All Users\Application Data\c9ba\mozcrt19.dll
- C:\Documents and Settings\All Users\Application Data\c9ba\83.mof
- C:\Program Files\Mozilla Firefox\searchplugins\search.xml
- C:\Documents and Settings\All Users\Application Data\c9ba
Delete directories: ( Please note that in most cases everything in this folder can be deleted. Just be sure it's the correct folder 😉
- %AllUsersProfile%\Application Data\c9ba
- %AllUsersProfile%\Application Data\c9ba\WEDDSys
- %AllUsersProfile%\Application Data\WEDDSys
- %UserProfile%\Application Data\Windows Enterprise Defender
Outside Resources:
http://www.bleepingcomputer.com/virus-removal/remove-windows-enterprise-defender
Speak Your Mind