Windows Enterprise Defender is a new rogue antispyware program. It is a clone of another rogue antispyware application called Virus Doctor. When the rogue is installed it will be set to start automatically when Windows loads. Also Windows Enterprise Defender will create numerous files with random names that are made to appear as infections, but are in reality harmless.
Immediately after launch, Windows Enterprise Defender will begin to scan your computer and list previously created files as infections to trick you to buy the paid version of the software. All of these infections are fake, so you can safely ignore them.
Windows Enterprise Defender
While Windows Enterprise Defender is running you will also see numerous security notifications appear from your Windows task bar. It will state that your computer is infected or is under attack by an Internet virus. Some of the notifications:
System message
Your PC may still be infected with dangerous viruses. Windiws
Enterprise Defender protection is needed to prevent data loss
and avoid theft of your personal and credit card details. Click
here to activate protection.
System alert
malicious applications, which cn contain trojans, were found
on your PC and need to be immediately removed. Click here to
remove these potentially harmful items using Windows
Enterprise Defender.
Unauthorized remote connection!
Your system is making an authorized personal data transfer to remote
computer!
However, all of these alerts are a fake and like scan false results should be ignored. If your computer infected with Windows Enterprise Defender, then use these free instructions below to remove Windows Enterprise Defender and any associated malware from your computer.
More Windows Enterprise Defender screen shoots
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [Windows Enterprise Defender] “C:\Documents and Settings\All Users\Application Data\472f\WindowsEDefender.exe” /s /d
Use the following instructions to remove Windows Enterprise Defender (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows Enterprise Defender infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Windows Enterprise Defender removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Windows Enterprise Defender creates the following files and folders
C:\Documents and Settings\comp\Application Data\Windows Enterprise Defender
C:\Documents and Settings\All Users\Application Data\WEDDSys
C:\Documents and Settings\All Users\Application Data\472f\WindowsEDefender.exe
C:\Documents and Settings\comp\Application Data\Windows Enterprise Defender\cookies.sqlite
C:\Documents and Settings\comp\Application Data\Windows Enterprise Defender\Instructions.ini
C:\Documents and Settings\All Users\Application Data\WEDDSys\wed.cfg
C:\Documents and Settings\comp\Desktop\Windows Enterprise Defender.lnk
C:\Documents and Settings\comp\Start Menu\Windows Enterprise Defender.lnk
C:\Documents and Settings\comp\Start Menu\Programs\Windows Enterprise Defender.lnk
C:\Documents and Settings\comp\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Defender.lnk
Windows Enterprise Defender creates the following registry keys and values
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows enterprise defender
hi yeh i got this thing but the malware wont really work and it stoped my spyware from working and wont allow any spyware to really run soo?? i have no idea whats goin on
Try these steps: Malwarebytes won`t install, run or update – How to fix it. Also you can ask for help in our Spyware removal forum.
I am totally computer challenged but I knew that this Windows Enterprise Defender is for the purpose of buying their program. But I don’t understand how to download the Malwarebytes Anti Malware; where do you get it from? Is it also bad? Please instruct someone who is computer programming install/uninstall challenged.
Thank you.
Amparo, open these instructions how to use Malwarebytes Anti-malware and scroll down to download direct link.
I believe I got this virus while searching EBAY for converter antennas. It is nasty, and I have not been able to get rid of it. It got through my Panda Global Security, and manages to disable Panda from running. I have run MalwareBytes Anti-malware four times, and as soon as I reboot the PC, it comes right back. I am running XP, SP3. When I tried to restore the system from old data, it says there have been no changes in the system, so there is nothing to restore. That tool has always fixed the problems I have had before. Does anybody have any suggestions before I have to format and start over??
Syrl, ask for help in our Spyware removal forum.
I am having the same problem as Syrl:
“I have run MalwareBytes Anti-malware four times, and as soon as I reboot the PC, it comes right back. I am running XP, SP3. When I tried to restore the system from old data, it says there have been no changes in the system, so there is nothing to restore. That tool has always fixed the problems I have had before. Does anybody have any suggestions before I have to format and start over??”
Gentle Giant, make a new topic in our Spyware removal forum.
It was one of the worst experience with my system. Windows Enterprise suite was the nastiest program I encountered with. It had got through my Avast security system and deactivated it. Thanks to MalwareBytes Anti-malware that I got it removed.Thanks
I have gotten this far, but still not done!!!
I’ve been using the business end of a 2 by 4 for the past two days fighting Windows Enterprise Defender. I have isolated it, but it’s not completely gone. Had to block IP for search-gala.com, fake alerts gone… and perfomance has improved greatly… However I still can’t open task manager or spydoctor (pc tools). Better than it was before, I could not open anything. Downloaded \
Steve, ask for help in our Spyware removal forum.