Windows Enterprise Defender is a new rogue antispyware program. It is a clone of another rogue antispyware application called Virus Doctor. When the rogue is installed it will be set to start automatically when Windows loads. Also Windows Enterprise Defender will create numerous files with random names that are made to appear as infections, but are in reality harmless.
Immediately after launch, Windows Enterprise Defender will begin to scan your computer and list previously created files as infections to trick you to buy the paid version of the software. All of these infections are fake, so you can safely ignore them.
Windows Enterprise Defender
While Windows Enterprise Defender is running you will also see numerous security notifications appear from your Windows task bar. It will state that your computer is infected or is under attack by an Internet virus. Some of the notifications:
Your PC may still be infected with dangerous viruses. Windiws
Enterprise Defender protection is needed to prevent data loss
and avoid theft of your personal and credit card details. Click
here to activate protection.
malicious applications, which cn contain trojans, were found
on your PC and need to be immediately removed. Click here to
remove these potentially harmful items using Windows
Unauthorized remote connection!
Your system is making an authorized personal data transfer to remote
However, all of these alerts are a fake and like scan false results should be ignored. If your computer infected with Windows Enterprise Defender, then use these free instructions below to remove Windows Enterprise Defender and any associated malware from your computer.
More Windows Enterprise Defender screen shoots
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [Windows Enterprise Defender] “C:\Documents and Settings\All Users\Application Data\472f\WindowsEDefender.exe” /s /d
Use the following instructions to remove Windows Enterprise Defender (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows Enterprise Defender infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Windows Enterprise Defender removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Windows Enterprise Defender creates the following files and folders
C:\Documents and Settings\comp\Application Data\Windows Enterprise Defender
C:\Documents and Settings\All Users\Application Data\WEDDSys
C:\Documents and Settings\All Users\Application Data\472f\WindowsEDefender.exe
C:\Documents and Settings\comp\Application Data\Windows Enterprise Defender\cookies.sqlite
C:\Documents and Settings\comp\Application Data\Windows Enterprise Defender\Instructions.ini
C:\Documents and Settings\All Users\Application Data\WEDDSys\wed.cfg
C:\Documents and Settings\comp\Desktop\Windows Enterprise Defender.lnk
C:\Documents and Settings\comp\Start Menu\Windows Enterprise Defender.lnk
C:\Documents and Settings\comp\Start Menu\Programs\Windows Enterprise Defender.lnk
C:\Documents and Settings\comp\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Defender.lnk
Windows Enterprise Defender creates the following registry keys and values
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows enterprise defender