The modern world is created in a way where we have to pay for almost everything. There is nothing we cannot buy, and there is none we can get for free. Unfortunately, we cannot be sure in a quality of what we purchase. WindowsEnterpriseDefender is not the quality of protection you are looking for. The problem is that this badware is nothing more but fake or rogue antispyware application. It main clue is to steal as much money from ordinary users as possible and put them in hackers purse. That is why every time you use WindowsEnterpriseDefender and its products you promote hackers illegal activities. After been settled down in your PC, WindowsEnterpriseDefender begins scanning your system immediately. Though you might think this rogue antispyware program is searching for threats on your computer, WindowsEnterpriseDefender is only making you believe in this. Actually all of those malicious files WindowsEnterpriseDefender shows you were created by the badware itself. They are harmless, but you really don not even guess about it. That is why every user will always look for some help, after he sees so many threats on his PC. WindowsEnterpriseDefender is the fastest way of help, but unfortunately this help is absolutely worthless as you buy a license to fight troubles that do not exist. What is more WindowsEnterpriseDefender will download the viruses on your computer, but you are not going to know about it. That is why we highly recommend you to get rid of WindowsEnterpriseDefender and of all of its products as soon as possible, because it is very sure you might face really huge problems letting this badware play its game inside your own PC.
Type: Rogue Anti-Spyware
Malware Author: Unknown
Threat Level: Critical
Screenshot:
How to remove WindowsEnterpriseDefender manually:
It's possible to remove WindowsEnterpriseDefender manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.
The files to be deleted:
c:\Documents and Settings\All Users\Application Data\c9ba
c:\Documents and Settings\All Users\Application Data\c9ba\83.mof
c:\Documents and Settings\All Users\Application Data\c9ba\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\c9ba\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\c9ba\unins000.dat
c:\Documents and Settings\All Users\Application Data\c9ba\WED.ico
c:\Documents and Settings\All Users\Application Data\c9ba\WindowsEDefender.exe
c:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys
c:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\WEDDSys
c:\Documents and Settings\All Users\Application Data\WEDDSys\wed.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Defender.lnk
%UserProfile%\Application Data\Windows Enterprise Defender
%UserProfile%\Application Data\Windows Enterprise Defender\cookies.sqlite
%UserProfile%\Desktop\Windows Enterprise Defender.lnk
%UserProfile%\Recent\cb.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\pal.sys
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Start Menu\Windows Enterprise Defender.lnk
%UserProfile%\Start Menu\Programs\Windows Enterprise Defender.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml
Remove registry entries:
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\WindowsEDefender.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes "URL"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "[xSP_2:61a6083b6194a2314e3dd54cf9615e36_7]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "876902803"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Enterprise Defender"
HKEY_CLASSES_ROOT\WindowsEDefender.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes "URL"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "[xSP_2:61a6083b6194a2314e3dd54cf9615e36_7]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "876902803"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Enterprise Defender"
Please be careful because manual removal of WindowsEnterpriseDefender may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So we strongly recommend you to use automatical removal tool.
No comments:
Post a Comment