SystemDefender

SystemDefender Description

ScreenshotSystemDefender is a rogue security product that creates junk files on your system for the purpose of falsely labeling them as well-known infections. SystemDefender is also a serious security threat since SystemDefender may block a wide range of security and diagnostic programs that Windows needs to run properly. It's important to delete SystemDefender if you should find it on your PC, and to take preemptive defensive measures to prevent SystemDefender's infection; SystemDefender is likely to be spread by Trojans and other malware, as well as dangerous websites.

A Chip Off the Ol' (Malicious) Block

Windows SystemDefender, AntiMalware Defender, and Security Defender are all just a few samples of the other rogue security products that are virtually identical to SystemDefender. All of these programs use very similar attack methods, making them easy to spot as fake once you're no longer fooled by the different name. However, the profusion of SystemDefender clones and knock-offs makes it vital to have full updates on your anti-malware applications, or your security may not be able to identify the threat in time.

Many types of SystemDefender clones are distributed by Trojans. Some Trojans will attempt to deceive the user into thinking the rogue security product is a Windows update or otherwise useful security measure, while some may drop SystemDefender without warning. Be skeptical of any official-seeming alerts that advise downloading software other than the standard Malicious Software Removal Tool.

Attacks Shared by this SystemDefender Family Include:

  • Trash files dropped onto your PC for later exploitation. These files aren't dangerous in and of themselves but will add clutter to your hard drive. Such SystemDefender-spawned files largely consist of .dll and .sys. file types.
  • SystemDefender will scan your system and indicate that the above dropped files are infections; this can be fairly alarming for users who unaware of the fact that SystemDefender made those files itself! Supposedly detected infections may use legitimate and well-known names like Hiloti.gen!A, BaiduSobar or Conficker.B.
  • Besides being a rogue scanner, SystemDefender is also a web browser hijacker. SystemDefender may alter popular search engine results to display search-gala.com results instead, or redirect you to a dangerous website. SystemDefender may also use this function to block security websites from being displayed.
  • SystemDefender is known to block many different programs and processes that are necessary for Windows to work right, including Task Manager and the system restore function. You should completely discount all infection alert messages related to this application-blocking.
  • Grinding the SystemDefender Chip Down to Dust

    Ordinarily, deleting SystemDefender should be done via anti-malware programs designed to remove such PC threats efficiently. Be certain that SystemDefender isn't running when you attempt to delete SystemDefender, since this will usually prevent the deletion from being successful; you should take similar precautions for any Trojans that might be related to your SystemDefender infection.

    Entering the registration code of D13F-3B7D-B3C5-BD84 will prevent SystemDefender from sounding excessive alerts in the future. However, SystemDefender's other damaging attributes will remain in place, so consider registration a stopgap until you can actually remove SystemDefender.

    Aliases


    Adware Generic2.PZW [AVG]not-a-virus:AdWare.Win32.Agent.iv [Kaspersky]Suspicious file [Panda]Adware Generic2.PZX [AVG]Adware/Agent [Fortinet]Win32/Adware.Agent.NFRGeneric.Dropper.xCodec [Prevx1]not-a-virus:AdWare.Win32.Agent.iw [Kaspersky]W32/Agent.CHZWAdware/Agent.iwBackdoor.UltimateDefender.BOAdware.UltimateDefender.1376256SystemDefender [Symantec]Ultimate SecuritySuite [Sunbelt]High Risk Fraudulent Security Program [Prevx1]
    More aliases (33)

    Use SpyHunter to Detect and Remove PC Threats

    If you are concerned that malware or PC threats similar to SystemDefender may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

    Download SpyHunter's Malware Scanner

    Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

    Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

    Technical Details

    File System Modifications

    Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

    The following files were created in the system:



    SystemDefender_Installer[1].exe File name: SystemDefender_Installer[1].exe
    Size: 96.32 KB (96328 bytes)
    MD5: 5c8e056f2a4e362555be28986351a5df
    Detection count: 77
    File type: Executable File
    Mime Type: unknown/exe
    Group: Malware file
    Last Updated: December 11, 2009
    SystemDefender.exe File name: SystemDefender.exe
    Size: 1.37 MB (1376256 bytes)
    MD5: 441d594812bde8509a922c179ea04fa5
    Detection count: 54
    File type: Executable File
    Mime Type: unknown/exe
    Group: Malware file
    Last Updated: December 11, 2009
    %WINDIR%msmhost.dll File name: msmhost.dll
    Size: 184.32 KB (184320 bytes)
    MD5: 1ff9614951c642d41b44f852cfc43cf0
    Detection count: 5
    File type: Dynamic link library
    Mime Type: unknown/dll
    Path: %WINDIR%
    Group: Malware file
    Last Updated: February 1, 2011
    %WINDIR%msmdev.dll File name: msmdev.dll
    Size: 225.28 KB (225280 bytes)
    MD5: 2781ca3ebc80c1195fe80d9593106e86
    Detection count: 5
    File type: Dynamic link library
    Mime Type: unknown/dll
    Path: %WINDIR%
    Group: Malware file
    Last Updated: February 1, 2011

    More files

    Registry Modifications


    The following newly produced Registry Values are:

    Cookiessystem-defenderDirectory%AppData%\SystemDefender%ProgramFiles%\SystemDefender

    Additional Information

    The following cookies were detected:
    system-defender
    Posted: September 24, 2007
    Threat Metric
    Threat Level: 10/10
    Infected PCs 28

    2 Comments

    Leave a Reply

    Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.