SysDefence is a rogue antispyware program that installed through the use of trojans that come from fake online malware scanners or misleading websites that ask users to install a fake codec or an update of Flash Player needed to view a video online. When the trojan is installed, it will download and install SysDefence onto your computer and configure it to run automatically when Windows starts.
When running, SysDefence will perform a fake system scan. It states that your computer is infected with trojans, adware or malware and that you should purchase the program to remove these infections. Of course, this is nothing more but a scam, because SysDefence identifies harmless files as dangerous infections. So, the scan results are fake and you may easily ignore them.
Last, but not least, the same trojan that installs SysDefence will download and install a variant of trojan FakeAlert. When the trojan is running, you will see fake Windows Security Center and fake security notifications, that stats:
Spyware Alert!
Your computer is infected with spyware. It could damage your
critical files or expose your private data on the Internet. Click
here to register your copy of SysDefence and remove spyware
threats from your PC.
Of course, all of these alerts are fake and like false scan results should be ignored!
So please ignore all that SysDefence gives you and remove it upon detection. Use the removal guide below to remove this malware for free.
More screen shoots of SysDefence
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [
O4 – HKCU\..\Run: [SysDefence.exe] C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe
Use the following instructions to remove SysDefence (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for SysDefence infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start SysDefence removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
SysDefence creates the following files and folders
C:\Documents and Settings\All Users\Start Menu\Programs\SysDefence
C:\Program Files\SysDefence Software
C:\Program Files\SysDefence Software\SysDefence
C:\Program Files\SysDefence Software\SysDefence\SysDefence.exe
C:\WINDOWS\system32\
C:\Documents and Settings\All Users\Start Menu\Programs\SysDefence\1 SysDefence.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SysDefence\2 Homepage.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SysDefence\3 Uninstall.lnk
C:\Program Files\SysDefence Software\SysDefence\uninstall.exe
C:\Documents and Settings\All Users\Desktop\SysDefence.LNK
SysDefence creates the following registry keys and values
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SysDefence
HKEY_LOCAL_MACHINE\SOFTWARE\SysDefence
HKEY_CURRENT_USER\SOFTWARE\SysDefence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysDefence.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
