Remove Windows Enterprise Defender (Removal Instructions)
October 12th, 2009 | by Alex |Windows Enterprise Defender Descriptions:
Windows Enterprise Defender is a rogue anti-spyware program from the family of the Virus Doctor. After the installation, the application will be configured to start automatically on the registry. It will also create a numerous harmless files, including cb.sys, ddv.dll, eb.sys and some others.
As the program launches, it will detect the files above as infections. All of this is done due to the fact that people were convinced to purchase the full version of Windows Enterprise Defender. However, this is only a scam.
Do not also trust the security alerts which will be displayed on the screen as Windows Enterprise Defender is installed on your machine. This is just one more tactics to scare you.
All in all, do not have anything in common with Windows Enterprise Defender! This is the fake anti-spyware program and nothing more.
Download SpyHunter* Spyware Detection Utility.
Manual Windows Enterprise Defender Removal Instructions:
Stop These Windows Enterprise Defender Processes:
(Learn how to do this)
wed.exe
Windows Enterprise Defender.lnk
energy.exe
ppal.exe
Find and Delete These Windows Enterprise Defender Files:
(Learn how to do this)
c:\Documents and Settings\All Users\Application Data\c9ba
c:\Documents and Settings\All Users\Application Data\c9ba\83.mof
c:\Documents and Settings\All Users\Application Data\c9ba\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\c9ba\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\c9ba\unins000.dat
c:\Documents and Settings\All Users\Application Data\c9ba\WED.ico
c:\Documents and Settings\All Users\Application Data\c9ba\WindowsEDefender.exe
c:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys
c:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\WEDDSys
c:\Documents and Settings\All Users\Application Data\WEDDSys\wed.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Defender.lnk
%UserProfile%\Application Data\Windows Enterprise Defender
%UserProfile%\Application Data\Windows Enterprise Defender\cookies.sqlite
%UserProfile%\Desktop\Windows Enterprise Defender.lnk
%UserProfile%\Recent\cb.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\pal.sys
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Start Menu\Windows Enterprise Defender.lnk
%UserProfile%\Start Menu\Programs\Windows Enterprise Defender.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml
Remove These Windows Enterprise Defender Registry Values:
(Learn how to do this)
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\WindowsEDefender.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” => “http://search-gala.com/?&uid=7&q={searchTerms}”
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes “URL”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “[xSP_2:61a6083b6194a2314e3dd54cf9615e36_7]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “876902803″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Windows Enterprise Defender”
Download SpyHunter* Spyware Detection Utility
One Response to “Remove Windows Enterprise Defender (Removal Instructions)”
By John on Nov 1, 2009 | Reply
Latest version of this malware seems to install a Root Kit. The whole thing walked over my mothers anti-virus and in the end, I just re-installed Windows from the recovery discs.
Just don’t download it in the first place!