English 
Deutsch
Español
Français
Portuguese
Windows Enterprise Defender Windows Enterprise Defender
By
JubileeX in Rogue Anti-Spyware Program |
0 views
(No Ratings Yet)
Loading ...
Windows Enterprise Defender Description
From the same family as Windows PC Defender, Windows Enterprise Defender is another fake security application out to swindle unsuspecting users out of their money. With the help of other malware, Windows Enterprise Defender is able to secretly penetrate a targeted system.
Once inside a system, Windows Enterprise Defender creates malicious files and registry values, enabling the rogue program to run every time you start Windows. Like all fake antispyware programs, Windows Enterprise Defender first runs a scan then displays annoying pop-ups informing you that your computer is infected and needs to be cleaned with ‘Windows Enterprise Defender’ itself. Windows Enterprise Defender is actually a harmful program that should not to be trusted.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows Enterprise Defender?
Windows Enterprise Defender Technical Report
As new Windows Enterprise Defender details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following Windows Enterprise Defender files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| SetupRelease[1].exe | 2376282 | de3b1c86ae9706766fab94daff64413b |
| WindowsEDefender.exe | 2104832 | 06b62b83338860ebe70074db8732dc25 |
| WEb5ef.exe | 2228224 | f75a45dd02cb5ea351d4f40ba09b2d7e |
| WE7af5.exe | 2188288 | f48094e52ff99759004982857e95ffdc |
| WEe514.exe | 2224128 | 7b4534361bbba2e3d66391a781d98f0b |
| WE664b.exe | 2126336 | 6006db05015b6431987f36d0ceb9389e |
Windows Enterprise Defender has typically the following processes in memory:
- C:\Documents and Settings\All Users\Application Data\c9ba\WindowsEDefender.exe
- %UserProfile%\Recent\eb.sys
- %UserProfile%\Recent\ppal.exe
- C:\Documents and Settings\All Users\Application Data\c9ba\sqlite3.dll
- %UserProfile%\Recent\ddv.dll
- %UserProfile%\Recent\pal.sys
- C:\Documents and Settings\All Users\Application Data\c9ba\mozcrt19.dll
- %UserProfile%\Recent\cb.sys
- %UserProfile%\Recent\energy.exe
- WindowsEDefender.exe
Windows Enterprise Defender created the following directories, files, paths:
- %AppData%\Windows Enterprise Defender
- %AllUsersProfile%\Application Data\WEDDSys
Important Article Disclaimer
October 16th, 2009 at %I:%M %p
I am trying to get rid of the enterprise defender download, i have not registered , and I already have a anti virus , how do I do this? I tried deleting in my system but it will not take it out keeps on coming up on my monitor….
Thank You, L Dwonch
November 11th, 2009 at %I:%M %p
I have been able to get this far…
I’ve been using the business end of a 2 by 4 for the past two days fighting Windows Enterprise Defender. I have isolated it, but it’s not completely gone. Had to block IP for search-gala.com, fake alerts gone… and perfomance has improved greatly… However I still can’t open task manager or spydoctor (pc tools). Better than it was before, I could not open anything. Downloaded “process explorer” WED did not recognize the .exe, so I was able to get in their and stop the process. Finally Malwarebytes would open and I cleared out 808 infected files. Ran Microsoft’s version of their malware checker and still saw the wed***.exe and others resident on the machine, but just like Obie One, ‘Don’t pay any attention us, we are not the ones you are looking for.”
Sorry, back to the point… I was able to remove 1 regkey manually, but search is not finding anything else? Manually looked still nothing… no file or folders. Safe mode w/ and wo/ networking… nothing. Even tried a command prompt, but I failed the history exam!
I’m just trying to help an unemployed friend and want to finish the job right… can anyone point me in the right direction?
Any help greatly appreciated!!!
Thanks
Steve