Home Malware Programs Rogue Anti-Spyware Programs SystemDefender

SystemDefender

Posted: September 24, 2007

Threat Metric

Threat Level: 10/10
Infected PCs: 42
First Seen: July 24, 2009
Last Seen: February 13, 2023
OS(es) Affected: Windows

ScreenshotSystemDefender is a rogue security product that creates junk files on your system for the purpose of falsely labeling them as well-known infections. SystemDefender is also a serious security threat since SystemDefender may block a wide range of security and diagnostic programs that Windows needs to run properly. It's important to delete SystemDefender if you should find it on your PC, and to take preemptive defensive measures to prevent SystemDefender's infection; SystemDefender is likely to be spread by Trojans and other malware, as well as dangerous websites.

A Chip Off the Ol' (Malicious) Block

Windows SystemDefender, AntiMalware Defender, and Security Defender are all just a few samples of the other rogue security products that are virtually identical to SystemDefender. All of these programs use very similar attack methods, making them easy to spot as fake once you're no longer fooled by the different name. However, the profusion of SystemDefender clones and knock-offs makes it vital to have full updates on your anti-malware applications, or your security may not be able to identify the threat in time.

Many types of SystemDefender clones are distributed by Trojans. Some Trojans will attempt to deceive the user into thinking the rogue security product is a Windows update or otherwise useful security measure, while some may drop SystemDefender without warning. Be skeptical of any official-seeming alerts that advise downloading software other than the standard Malicious Software Removal Tool.

Attacks Shared by this SystemDefender Family Include:

  • Trash files dropped onto your PC for later exploitation. These files aren't dangerous in and of themselves but will add clutter to your hard drive. Such SystemDefender-spawned files largely consist of .dll and .sys. file types.
  • SystemDefender will scan your system and indicate that the above dropped files are infections; this can be fairly alarming for users who unaware of the fact that SystemDefender made those files itself! Supposedly detected infections may use legitimate and well-known names like Hiloti.gen!A, BaiduSobar or Conficker.B.
  • Besides being a rogue scanner, SystemDefender is also a web browser hijacker. SystemDefender may alter popular search engine results to display search-gala.com results instead, or redirect you to a dangerous website. SystemDefender may also use this function to block security websites from being displayed.
  • SystemDefender is known to block many different programs and processes that are necessary for Windows to work right, including Task Manager and the system restore function. You should completely discount all infection alert messages related to this application-blocking.
  • Grinding the SystemDefender Chip Down to Dust

    Ordinarily, deleting SystemDefender should be done via anti-malware programs designed to remove such PC threats efficiently. Be certain that SystemDefender isn't running when you attempt to delete SystemDefender, since this will usually prevent the deletion from being successful; you should take similar precautions for any Trojans that might be related to your SystemDefender infection.

    Entering the registration code of D13F-3B7D-B3C5-BD84 will prevent SystemDefender from sounding excessive alerts in the future. However, SystemDefender's other damaging attributes will remain in place, so consider registration a stopgap until you can actually remove SystemDefender.

    Aliases

    Adware Generic2.PZW [AVG]not-a-virus:AdWare.Win32.Agent.iv [Kaspersky]Suspicious file [Panda]Adware Generic2.PZX [AVG]Adware/Agent [Fortinet]Generic.Dropper.xCodec [Prevx1]not-a-virus:AdWare.Win32.Agent.iw [Kaspersky]SystemDefender [Symantec]Ultimate SecuritySuite [Sunbelt]High Risk Fraudulent Security Program [Prevx1]Adware/SystemDefender [Panda]Win32/Adware.UltimateDefender [NOD32]Program:Win32/UltimateDefender [Microsoft]Riskware.Fake.SystemDef [McAfee-GW-Edition]potentially unwanted program WinFixer [McAfee]
    More aliases (33)

    Technical Details

    File System Modifications

    Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

    The following files were created in the system:



    SystemDefender.exe File name: SystemDefender.exe
    Size: 1.37 MB (1376256 bytes)
    MD5: 2e1fb8db25da94dacd01847494557090
    Detection count: 62
    File type: Executable File
    Mime Type: unknown/exe
    Group: Malware file
    Last Updated: December 11, 2009
    SystemDefender.exe File name: SystemDefender.exe
    Size: 1.37 MB (1376256 bytes)
    MD5: 441d594812bde8509a922c179ea04fa5
    Detection count: 54
    File type: Executable File
    Mime Type: unknown/exe
    Group: Malware file
    Last Updated: December 11, 2009
    %WINDIR%\msmhost.dll File name: msmhost.dll
    Size: 184.32 KB (184320 bytes)
    MD5: 1ff9614951c642d41b44f852cfc43cf0
    Detection count: 5
    File type: Dynamic link library
    Mime Type: unknown/dll
    Path: %WINDIR%
    Group: Malware file
    Last Updated: February 1, 2011

    Additional Information

    The following cookies were detected:
    system-defender

    2 Comments

    • Sophie Crudgington says:

      hi, i had this windows security thing popping up on my laptop almost every minute. it was so annoying, so this website was so helpful to me!!! i just wanted to leave a message to say thankyou so much to you guys who helped me!!!!!!!!!! so thanx!!!!!!!!! xxx

    • Annabelle Noah says:

      Guys no worries about it,its easy to fix just follow the given locations above and just simply delete those random characters. Don't forget to boot your computer to safemode with networking before doing that,so that there is no pop-up.

    Loading...