Welcome to remove-malware.net

How to remove Windows Enterprise Defender rogue anti-spyware

Malware Description:
The rogue anti-spyware called Windows Enterprise Defender is a clone application of Windows PC Defender and Windows Protection Suite ransomware. Windows Enterprise Defender acts in a really invasive and at the same time sneaky manner. Windows Enterprise Defender commences its activity by infecting a random machine and does it really stealthily, one must say; that’s because the rogue uses backdoor trojans to contaminate a PC. Having got promoted this way onto one’s computer, Windows Enterprise Defender creates some files of its own, as well as a number of registry values. In the context of the compromised system on the whole, these unwanted manipulations with the system will cause the OS to get hacked by Windows Enterprise Defender. It means, Windows Enterprise Defender makes it problematic to go online, use the Task Manager, Add/Remove Programs GUI and some other essential features. And that’s a major problem because Windows Enterprise Defender blocks every user attempt to stop its processes and remove the malware. It’s not the worst thing about Windows Enterprise Defender, though. When running on your PC, Windows Enterprise Defender floods the system with its super-annoying ads which pop up from the system tray or, it seems, out of nowhere and report the detection of insecure activity on your machine. In addition to this adware, Windows Enterprise Defender won’t fail to display its fabricated system scanners that return false results too. All this trickery pursues the one and only objective – to make you buy Windows Enterprise Defender license and thus resolve the ‘detected’ computer security issues (which are not there in fact). Since Windows Enterprise Defender is a threat to your system stability and your own privacy, you should take immediate measures to uninstall it and set your PC free from this cyber invader.

Malware Type: Rogue Anti-Spyware

Malware Author: dreamakerlab

Threat Level: Critical

Advice: Immediately remove and scan for additional malware

Windows Enterprise Defender Free Scanner and Remover: Download Now

Windows Enterprise Defender Screenshot:

How to remove Windows Enterprise Defender manually:
Manual removal of Windows Enterprise Defender is feasible if you have sufficient expertise in working with program files, system processes, .dll files and registry entries.

The associated files to be deleted are listed below:

• %Documents and Settings%\All Users\Application Data\c9ba
• %Documents and Settings%\All Users\Application Data\c9ba\83.mof
• %Documents and Settings%\All Users\Application Data\c9ba\mozcrt19.dll
• %Documents and Settings%\All Users\Application Data\c9ba\sqlite3.dll
• %Documents and Settings%\All Users\Application Data\c9ba\unins000.dat
• %Documents and Settings%\All Users\Application Data\c9ba\WED.ico
• %Documents and Settings%\All Users\Application Data\c9ba\WindowsEDefender.exe
• %Documents and Settings%\All Users\Application Data\c9ba\WEDDSys
• %Documents and Settings%\All Users\Application Data\c9ba\WEDDSys\vd952342.bd
• %Documents and Settings%\All Users\Application Data\WEDDSys
• %Documents and Settings%\All Users\Application Data\WEDDSys\wed.cfg
• %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Defender.lnk
• %UserProfile%\Application Data\Windows Enterprise Defender
• %UserProfile%\Application Data\Windows Enterprise Defender\cookies.sqlite
• %UserProfile%\Desktop\Windows Enterprise Defender.lnk
• %UserProfile%\Recent\cb.sys
• %UserProfile%\Recent\ddv.dll
• %UserProfile%\Recent\eb.sys
• %UserProfile%\Recent\energy.exe
• %UserProfile%\Recent\pal.sys
• %UserProfile%\Recent\PE.drv
• %UserProfile%\Recent\ppal.exe
• %UserProfile%\Recent\tempdoc.tmp
• %UserProfile%\Start Menu\Windows Enterprise Defender.lnk
• %UserProfile%\Start Menu\Programs\Windows Enterprise Defender.lnk
• %Program Files%\Mozilla Firefox\searchplugins\search.xml

The related registry entries to be removed are as follows:

• HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
• HKEY_CLASSES_ROOT\WindowsEDefender.DocHostUIHandler
• HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” => “http://search-gala.com/?&uid=7&q={searchTerms}”
• HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes “URL”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “[xSP_2:61a6083b6194a2314e3dd54cf9615e36_7]“
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “876902803″
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Windows Enterprise Defender”

Please, be aware that manual removal of Windows Enterprise Defender is a cumbersome procedure and does not ensure complete deletion of the malware, due to the fact that some files might be hidden or may automatically reanimate themselves afterwards. Moreover, manual interference of this kind may cause damage to the system. That’s why we strongly recommend automatic removal of Windows Enterprise Defender, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.