SystemDefender

Posted: September 24, 2007

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	42

First Seen:	July 24, 2009
Last Seen:	February 13, 2023
OS(es) Affected:	Windows

SystemDefender is a rogue security product that creates junk files on your system for the purpose of falsely labeling them as well-known infections. SystemDefender is also a serious security threat since SystemDefender may block a wide range of security and diagnostic programs that Windows needs to run properly. It's important to delete SystemDefender if you should find it on your PC, and to take preemptive defensive measures to prevent SystemDefender's infection; SystemDefender is likely to be spread by Trojans and other malware, as well as dangerous websites.

A Chip Off the Ol' (Malicious) Block

Windows SystemDefender, AntiMalware Defender, and Security Defender are all just a few samples of the other rogue security products that are virtually identical to SystemDefender. All of these programs use very similar attack methods, making them easy to spot as fake once you're no longer fooled by the different name. However, the profusion of SystemDefender clones and knock-offs makes it vital to have full updates on your anti-malware applications, or your security may not be able to identify the threat in time.

Many types of SystemDefender clones are distributed by Trojans. Some Trojans will attempt to deceive the user into thinking the rogue security product is a Windows update or otherwise useful security measure, while some may drop SystemDefender without warning. Be skeptical of any official-seeming alerts that advise downloading software other than the standard Malicious Software Removal Tool.

Attacks Shared by this SystemDefender Family Include:

Trash files dropped onto your PC for later exploitation. These files aren't dangerous in and of themselves but will add clutter to your hard drive. Such SystemDefender-spawned files largely consist of .dll and .sys. file types.

SystemDefender will scan your system and indicate that the above dropped files are infections; this can be fairly alarming for users who unaware of the fact that SystemDefender made those files itself! Supposedly detected infections may use legitimate and well-known names like Hiloti.gen!A, BaiduSobar or Conficker.B.

Besides being a rogue scanner, SystemDefender is also a web browser hijacker. SystemDefender may alter popular search engine results to display search-gala.com results instead, or redirect you to a dangerous website. SystemDefender may also use this function to block security websites from being displayed.

SystemDefender is known to block many different programs and processes that are necessary for Windows to work right, including Task Manager and the system restore function. You should completely discount all infection alert messages related to this application-blocking.

Grinding the SystemDefender Chip Down to Dust

Ordinarily, deleting SystemDefender should be done via anti-malware programs designed to remove such PC threats efficiently. Be certain that SystemDefender isn't running when you attempt to delete SystemDefender, since this will usually prevent the deletion from being successful; you should take similar precautions for any Trojans that might be related to your SystemDefender infection.

Entering the registration code of D13F-3B7D-B3C5-BD84 will prevent SystemDefender from sounding excessive alerts in the future. However, SystemDefender's other damaging attributes will remain in place, so consider registration a stopgap until you can actually remove SystemDefender.

Aliases

Adware Generic2.PZW [AVG]not-a-virus:AdWare.Win32.Agent.iv [Kaspersky]Suspicious file [Panda]Adware Generic2.PZX [AVG]Adware/Agent [Fortinet]Generic.Dropper.xCodec [Prevx1]not-a-virus:AdWare.Win32.Agent.iw [Kaspersky]SystemDefender [Symantec]Ultimate SecuritySuite [Sunbelt]High Risk Fraudulent Security Program [Prevx1]Adware/SystemDefender [Panda]Win32/Adware.UltimateDefender [NOD32]Program:Win32/UltimateDefender [Microsoft]Riskware.Fake.SystemDef [McAfee-GW-Edition]potentially unwanted program WinFixer [McAfee]
More aliases (33)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

SystemDefender.exe

File name: SystemDefender.exe
Size: 1.37 MB (1376256 bytes)
MD5: 2e1fb8db25da94dacd01847494557090
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

SystemDefender.exe

File name: SystemDefender.exe
Size: 1.37 MB (1376256 bytes)
MD5: 441d594812bde8509a922c179ea04fa5
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

%WINDIR%\msmhost.dll

File name: msmhost.dll
Size: 184.32 KB (184320 bytes)
MD5: 1ff9614951c642d41b44f852cfc43cf0
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%
Group: Malware file
Last Updated: February 1, 2011

Additional Information

The following cookies were detected:

system-defender

2 Comments

Sophie Crudgington says:

April 1, 2011 at 1:40 pm

hi, i had this windows security thing popping up on my laptop almost every minute. it was so annoying, so this website was so helpful to me!!! i just wanted to leave a message to say thankyou so much to you guys who helped me!!!!!!!!!! so thanx!!!!!!!!! xxx
Annabelle Noah says:

February 18, 2012 at 1:54 pm

Guys no worries about it,its easy to fix just follow the given locations above and just simply delete those random characters. Don't forget to boot your computer to safemode with networking before doing that,so that there is no pop-up.