System Defender is a rogue antispyware program. It is a clone of Windows System Defender rogue antispyware. Both programs are from the family of VirusDoctor malware. System Defender spreads mostly with the help of fake online spyware scanners that reports that your PC is infected with a lot of infections and you must install the software to clean your computer. Once started, the installer will create some files with random names in the %UserProfile%\Recent folder which later during the scan will determine as trojans and spyware.
Once installed, System Defender will run fake system scan and report numerous infections to make you think that your computer is infected with spyware, worm, trojans and other viruses. However, it won’t remove those infections unless you first purchase the program. Of course, this is a scam, because System Defender identifies harmless files as dangerous infections. So, the scan results are fake and you can safely ignore them.
When running, System Defender will display fake security alerts and notifications from Windows task bar. It will state that your computer is infected or is under attack from the Internet. All of these warnings are supposed to scare you into thinking your computer is in danger. You should ignore all of them! Do not be fooled into buying System Defender. Instead of doing so, follow these removal instructions below in order to remove System Defender and any associated malware from your computer for free.
More screen shoots of System Defender
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [System Defender] “C:\Documents and Settings\All Users\Application Data\17c1f\WSf9a.exe” /s /d
Use the following instructions to remove System Defender (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for System Defender infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start System Defender removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
System Defender creates the following files and folders
C:\Documents and Settings\All Users\Application Data\WSDDSys
%UserProfile%\Application Data\System Defender
C:\Documents and Settings\All Users\Application Data\17c1f\WSf9a.exe
C:\Documents and Settings\All Users\Application Data\WSDDSys\wsd.cfg
%UserProfile%\Application Data\System Defender\Instructions.ini
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\System Defender.lnk
%UserProfile%\Start Menu\System Defender.lnk
%UserProfile%\Start Menu\Programs\System Defender.lnk
System Defender creates the following registry keys and values