System Defender
Written by Tomas Meskauskas on (updated)
What is System Defender?
System Defender is a security program that should not be trusted, since it is a scam released by cyber criminals. This fake antivirus software is designed to scare PC users into believing that their computers are infected with malware and viruses.
To achieve this deceptive goal, System Defender uses fake security scans, fake malware detection lists, and fake security warning messages. The program usually installs on PCs without users' consent and immediately starts a security scan that results in the detection of various 'high-risk spyware' threats.
Furthermore, this rogue software modifies the registry entries of the infected operating system and blocks execution of installed software. The creators of this scam intend to give the impression that the targeted PC is infected with high-risk malware and that System Defender can offer a security software solution to fix these issues.
In fact, none of the 'detected' viruses or malware exist on your computer - this bogus program is designed to make you believe otherwise in an attempt to sell its promoted fake antivirus programs.
At time of testing, System Defender encouraged computer users to purchase “Spyware Defender 2014”, “Antivirus WIN 2014 Ultimate”, and “Antivirus MAC 2014”. Cyber criminals responsible for creating the System Defender scam hope that PC users will fall for the fake security scans performed by their rogue software and then purchase the programs offered.
None of the programs promoted by System Defender are legitimate - computer users who pay for them will lose their money and their computers will remain infected.
Update 25 March 2015 - Cyber criminals have changed the name of "System Defender" to "Security Defender". The updated variant forces users to buy a non existent fake antivirus program supposedly called "Defender PRO 2015".
Updated variant of System Defender forces users to buy a fake antivirus called "Antivirus Defender 2015":
Another variant of System Defender promoting "Malware Defender 2015":
The purpose of System Defender distribution is to convince PC users into believing that their computers are at risk, and then to sell useless license keys. Paying for any program listed by System Defender is equivalent to sending your money to cyber criminals - you will lose your money and divulge your banking information, potentially leading to further thefts from your account.
This fake antivirus program is usually distributed via fake online security scanners. These pop-ups are incorporated into malicious websites. Upon visiting these sites, PC users are presented with a message stating that their computers are infected and that they need to download and install antivirus software to remove the 'detected' infections.
Other deceptive methods of proliferating System Defender include using fake software updates, fake video codecs, Trojans, and drive-by downloads. If you observe this program scanning your PC for security infections, ignore it and eliminate this scam from your PC.
System Defender generating fake security warning messages:
PC status: Potentially unprotected
Potential threat was detected!
View the items that were detected as potentially harmful and the actions that you took on them:
Downloader.JS.Snall.fi
Category: High
Description: This Trojan downloads other files via the Internet and launches them for execution on the victim machine. This program is an HTML page which contains Java Script scenarios. It is 1432 bytes in size.
System Defender rogue antivirus performing a fake computer security scan:
System Defender generating lists of non-existent security infections to scare computer users into believing that their computers are infected with high-risk malware:
System Defender encouraging computer users into purchasing an antivirus program (“Spyware Defender 2014”, “Antivirus WIN 2014 Ultimate”, and “Antivirus MAC 2014” - all of them fake) to remove the previously 'detected' malware (not actually present on users' computers):
A screenshot of a website used to promote Defender PRO 2015 (a fake antivirus program promoted by Security Defender):
A screenshot of a website (hxxp://spyware-defender.com) used to promote Spyware Defender (a fake antivirus program promoted by System Defender):
A screenshot of a website (hxxp://avsdefender.com) used to promote Antivirus Defender 2015:
A payment page used for selling Spyware Defender (a fake antivirus program promoted by System Defender):
A payment page used for selling Antivirus Defender 2015:
A screenshot of a website used to promote Malware Defender 2015 (non-existent antivirus program):
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is System Defender?
- STEP 1. Remove System Defender using Safe Mode with Networking.
- STEP 2. Optional System Defender removal method.
- STEP 3. Manual System Defender removal.
System Defender removal using Safe Mode with Networking:
Windows 7 users:
Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users:
Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click the "Restart now" button. Your computer will now restart into "Advanced Startup options menu".
Click the "Troubleshoot" button, then click the "Advanced options" button. In the advanced option screen, click "Startup settings". Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking.
Video showing how to start Windows 8 in "Safe Mode with Networking":
After booting your computer in Safe Mode with Networking, try downloading and running the recommended antimalware software. If the download is blocked, follow the instructions presented below.
NOTE: If you cannot run the remover, right-click on it and select "Run as administrator". If the installation of the malware remover fails, or you cannot open the .exe files, try one of the alternative download locations below:
- Location 1 (the file is renamed to "iexplore.exe", since most spyware does not block this file)
- Location 2
If, after or before, removal of this fake antivirus program you are unable to run any of your installed software, System Defender has modified your operating system's .exe file associations. To fix this, download the registry fix (link below). Save it to your computer, double click it, click "Yes", and then "OK". After rebooting your PC, file associations should function normally.
System Defender removal - optional method:
The System Defender rogue blocks execution of all installed software - this makes its removal complicated. The best way to eliminate this rogue is to login to an unaffected user account and run a security scan from it. If available, login to "Guest" account and follow the removal steps provided below. If your "Guest" user account is not activated, follow these steps:
Windows 7 users:
Click on the Windows logo (Start), select Control Panel.
In the opened window, select "User Accounts and Family Safety".
In the opened window, click the "Add or Remove User Accounts" link.
In the opened window, click "Guest Account".
In the next window, click the "Turn On" button.
Windows 8 users:
Right-click in the lower left corner of the screen. In the Quick Access Menu, select Control Panel.
In the opened window, click "Change account type" (under "User Accounts and Family Safety").
In the opened window, click "Guest".
In the next window, click the "Turn On" button.
Restart your PC, when the Windows logon screen appears, select "Guest" user, then continue with the removal steps provided below.
After logging in your Guest account, download recommended malware removal software and run a full system scan to completely eliminate this fake antivirus software from your PC.
Manual System Defender removal instructions
Some spyware can block the downloading of spyware removers. If you cannot download it using the default location, try one of the alternative download locations below:
- Location 1 (the file is renamed to "iexplore.exe", since most spyware does not block this file)
- Location 2
If installation of the remover fails, try downloading the customized installer, which was built by our technicians to bypass spyware infections. Download customized installer
If you still cannot download or run the spyware-removing software, perform these steps:
Step 1
Some variants of this spyware modify the system proxy settings so that you are unable to access the Internet (or website addresses are redirected to malicious or phishing websites). To reset the proxy settings to default, download and run this tool:
Step 2
System Defender modifies the system Hosts file. The Hosts file is used to resolve canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious sites, despite seeing legitimate URLs in address bar. It is difficult to determine which sites are genuine when the Hosts file is modified.
To fix this, download the Microsoft Fix It tool, which restores your Hosts file to the Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
Step 3
That's It! You can now try to download the Malware remover or install and run it if already downloaded.
Summary:
The fake antivirus programs (also known as "rogue antivirus programs" or "scareware") are applications that tries to lure computer users into paying for their non-existent full versions to remove the supposedly detected security infections (although the computer is actually clean). These bogus programs are created by cyber criminals who design them to look as legitimate antivirus software. Most commonly rogue antivirus programs infiltrate user's computer using poop-up windows or alerts which appear when users surf the Internet. These deceptive messages trick users into downloading a rogue antivirus program on their computers. Other known tactics used to spread scareware include exploit kits, infected email messages, online ad networks, drive-by downloads, or even direct calls to user's offering free support.
A computer that is infected with a fake antivirus program might also have other malware installed on it as rogue antivirus programs often are bundled with Trojans and exploit kits. Noteworthy that additional malware that infiltrates user's operating system remains on victim's computer regardless of whether a payment for a non-existent full version of a fake antivirus program is made. Here are some examples of fake security warning messages that are used in fake antivirus distribution:
Computer users who are dealing with a rogue security software shouldn't buy it's full version. By paying for a license key of a fake antivirus program users would send their money and banking information to cyber criminals. Users who have already entered their credit card number (or other sensitive information) when asked by such bogus software should inform their credit card company that they have been tricked into buying a rogue security software. Screenshot of a web page used to lure computer users into paying for a non-existent full version of system defender fake antivirus and other rogue antivirus programs:
To protect your computer from system defender fake antivirus and other rogue antivirus programs users should:
- Keep their operating system and all of the installed programs up-to-date.
- Use legitimate antivirus and anti-spyware programs.
- Use caution when clicking on links in social networking websites and email messages.
- Don't trust online pop-up messages which state that your computer is infected and offers you to download security software.
Symptoms indicating that your operating system is infected with a fake antivirus program:
- Intrusive security warning pop-up messages.
- Alerts asking to upgrade to a paid version of a program to remove the supposedly detected malware.
- Slow computer performance.
- Disabled Windows updates.
- Blocked Task Manager.
- Blocked Internet browsers or inability to visit legitimate antivirus vendor websites.
If you have additional information on system defender fake antivirus or it's removal please share your knowledge in the comments section below.
▼ Show Discussion