Oct 11

How to Remove Windows Enterprise Defender – Windows Enterprise Defender Removal Guide

Rogue Anti-Spyware Add comments

Windows Enterprise Defender Description:

Windows Enterprise Defender is a new rogueware tool that recently joined the so-called VirusDoctor family which was recently represented by such badwares as Windows System Suite, Windows Protection Suite and Windows PC Defender. You are highly unlikely to notice Windows Enterprise Defender install onto your computer because the rogue tends to employ rootkit tactics to spread its contagious executables that constitute its freeware application. Once on board, Windows Enterprise Defender configures the infected system to run its commands upon startup thus making the user view its counterfeit scanners after each system boot. In addition to that, Windows Enterprise Defender creates some files which it later claims to detect as infections. The primary goal of Windows Enterprise Defender is to get the victim confused and worried about the integrity of his/her Operating System and all the stored data. By producing this false impression, Windows Enterprise Defender finds it easier to make the user register its full version which is misleadingly stated to aid in removing the ‘exposed’ infections. Along with the deceitful part of its technique, Windows Enterprise Defender also greatly affects the compromised system’s performance parameters. The infected PC will get slow, the internet access may be limited or blocked at all. Not to mention probable difficulties using the Task Manager and System Restore options. The only way to avoid all the above symptoms is to remove Windows Enterprise Defender malware. Please, review Windows Enterprise Defender removal guide below.

Find out if your PC is infected with Windows Enterprise Defender:

Download Windows Enterprise Defender Free Scanner with Remover

Windows Enterprise Defender GUI snapshot:

Windows Enterprise Defender

How to remove Windows Enterprise Defender manually:

To perform manual removal of Windows Enterprise Defender, you should do the following:

Delete Windows Enterprise Defender corrupt files:

  • %Documents and Settings%\All Users\Application Data\c9ba
  • %Documents and Settings%\All Users\Application Data\c9ba\83.mof
  • %Documents and Settings%\All Users\Application Data\c9ba\mozcrt19.dll
  • %Documents and Settings%\All Users\Application Data\c9ba\sqlite3.dll
  • %Documents and Settings%\All Users\Application Data\c9ba\unins000.dat
  • %Documents and Settings%\All Users\Application Data\c9ba\WED.ico
  • %Documents and Settings%\All Users\Application Data\c9ba\WindowsEDefender.exe
  • %Documents and Settings%\All Users\Application Data\c9ba\WEDDSys
  • %Documents and Settings%\All Users\Application Data\c9ba\WEDDSys\vd952342.bd
  • %Documents and Settings%\All Users\Application Data\WEDDSys
  • %Documents and Settings%\All Users\Application Data\WEDDSys\wed.cfg
  • %Program Files%\Mozilla Firefox\searchplugins\search.xml
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Defender.lnk
  • %UserProfile%\Application Data\Windows Enterprise Defender
  • %UserProfile%\Application Data\Windows Enterprise Defender\cookies.sqlite
  • %UserProfile%\Desktop\Windows Enterprise Defender.lnk
  • %UserProfile%\Recent\cb.sys
  • %UserProfile%\Recent\ddv.dll
  • %UserProfile%\Recent\eb.sys
  • %UserProfile%\Recent\energy.exe
  • %UserProfile%\Recent\pal.sys
  • %UserProfile%\Recent\PE.drv
  • %UserProfile%\Recent\ppal.exe
  • %UserProfile%\Recent\tempdoc.tmp
  • %UserProfile%\Start Menu\Windows Enterprise Defender.lnk
  • %UserProfile%\Start Menu\Programs\Windows Enterprise Defender.lnk

Remove Windows Enterprise Defender associated registry entries:

  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CLASSES_ROOT\WindowsEDefender.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” => “http://search-gala.com/?&uid=7&q={searchTerms}”
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes “URL”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “[xSP_2:61a6083b6194a2314e3dd54cf9615e36_7]“
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “876902803″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Windows Enterprise Defender”

Please, note that manual removal of Windows Enterprise Defender is a procedure of high complexity and should be performed with extreme caution. Lack of the required skills and even the slightest deviation from the instructions may lead to irreparable system damage. To ensure trouble-free deletion, it is recommended to use the automatic Windows Enterprise Defender removal tool below:

Download Windows Enterprise Defender Removal Tool

Leave a Reply