Home » News » Rogue Antispyware » Remove Windows Enterprise Defender, WindowsEnterpriseDefender removal

Remove Windows Enterprise Defender, WindowsEnterpriseDefender removal

By Jason on October 12, 2009 | Rogue Antispyware, Windows Enterprise Defenderm, WindowsEnterpriseDefender, Windows EnterpriseDefender, WindowsEnterprise Defender Remove Windows Enterprise Defender, WindowsEnterpriseDefender removal

Windows Enterprise Defender looks similar to Windows Defender spyware remover, but it is actually a rogue application. It halts the infected system and interrupts web browsing. WindowsEnterpriseDefender is also known for its ability to generate loads of annoying pop-ups.

Once onboard, Windows EnterpriseDefender displays an imitation of computer scan and notifies the victim about numerous infection. The threats reported by WindowsEnterprise Defender are all made up. These actions are supposed to trick people into buying the program as it was of any use. Not only Windows Enterprise Defender is a waste but it is also dangerous for a computer.

Windows Enterprise Defender websites

windowsenterprisedefender.com Learn how to block rogue websites

New processes created

ppal.exe
energy.exe
WindowsEDefender.exe Learn how to remove malicious processes

New Windows Enterprise Defender registry entries created

HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\WindowsEDefender.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=7&q={searchTerms}"
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes "URL"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "[xSP_2:61a6083b6194a2314e3dd54cf9615e36_7]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "876902803"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Enterprise Defender" Download RegistryBooster 2010 to scan your registry errors
Learn how to remove malicious registry entries

New files and directories created

c:\Documents and Settings\All Users\Application Data\c9ba
c:\Documents and Settings\All Users\Application Data\c9ba\83.mof
c:\Documents and Settings\All Users\Application Data\c9ba\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\c9ba\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\c9ba\unins000.dat
c:\Documents and Settings\All Users\Application Data\c9ba\WED.ico
c:\Documents and Settings\All Users\Application Data\c9ba\WindowsEDefender.exe
c:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys
c:\Documents and Settings\All Users\Application Data\c9ba\WEDDSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\WEDDSys
c:\Documents and Settings\All Users\Application Data\WEDDSys\wed.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Enterprise Defender.lnk
%UserProfile%\Application Data\Windows Enterprise Defender
%UserProfile%\Application Data\Windows Enterprise Defender\cookies.sqlite
%UserProfile%\Desktop\Windows Enterprise Defender.lnk
%UserProfile%\Recent\cb.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\energy.exe
%UserProfile%\Recent\pal.sys
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\ppal.exe
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Start Menu\Windows Enterprise Defender.lnk
%UserProfile%\Start Menu\Programs\Windows Enterprise Defender.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml Learn how to unregister malicious DLL files

How to remove Windows Enterprise Defender

To remove Windows Enterprise Defender manually you must block rogue Windows Enterprise Defender related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious Windows Enterprise Defender files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.

Scan your computer

More Rogue Antispyware news

Windows 7 Antispyware 2012 removal tutorial

Windows 7 Antispyware 2012 is a fake computer protection application which spreads via trojan horse and is a copy of Win 7 Antispyware 2012 scam as well. The parasite is distributed online and is usually difficult to avoid if one does not employ reputable security service. Once installed it will display false system security warnings and the will prompt you buy a "full" version of this program to remove threats that don't even exist. For example:Malware Intrusion! Read more.


News categories

Latest news