Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 18
First Seen: July 24, 2009
Last Seen: February 13, 2023
OS(es) Affected: Windows

SystemDefender Image

Do not be tricked into thinking that SystemDefender is some kind of Windows product. SystemDefender is malware that pretends to be security software, in order to scare you into paying money for nothing.

Signs of Infection with SystemDefender

SystemDefender preys on PC users by making itself look like a Microsoft product or a Windows component. Accordingly, the first sign you'll see of an infection will likely be a fake update window that is produced by a Trojan. The Trojan that promotes SystemDefender is hidden in unrelated, harmless-looking downloads, or in fake Windows updates on third-party sites. Once the Trojan has found its way in, SystemDefender will alert you that you need to download an anti-malware update for Windows. If you agree to the update, as most people would, then you are allowing SystemDefender to download.

When SystemDefender becomes active, SystemDefender can't be ignored. The SystemDefender interface will frequently appear, and SystemDefender will use it to run fake scans of your computer. In order to make the scan results believable, SystemDefender creates some junk files for itself to detect later. That way, if you go looking for the malware files that SystemDefender claims to find, you will find some of them, although they are empty. After each scan, SystemDefender will warn you that to remove these "threats", you need to upgrade to the licensed or registered version of SystemDefender. SystemDefender will try to take you to the SystemDefender website, where you can pay for the malware by credit card. No matter what SystemDefender may tell you, paying that money will not get you anything.

SystemDefender will also try to get you to go to SystemDefender's payment site by showing frequent phony security alerts. These alerts will say some really scary things about threats to your computer, but you can disregard all of that as scare tactics. Likewise, SystemDefender will show error messages when you try to use other programs and SystemDefender will prevent them from running, on the basis that they are malicious or infected. The real reason that SystemDefender disables other programs is to prevent you from deleting SystemDefender, and to that end, SystemDefender will disable Task Manager and the Control Panel.

SystemDefender means to leave you feeling as if you have no way out of the bind SystemDefender has you in, other than by paying the money SystemDefender demands. So, don't think that SystemDefender will let you look for help online. SystemDefender will redirect you to malicious websites by interfering with your computer's settings. In the worst cases of SystemDefender infection, users may be unable to access the Internet at all, or may find that their computers become unstable and crash.

Malware Related to SystemDefender

SystemDefender comes from a family of fake security programs that imitate Windows Defender, which is a real, useful Microsoft product. The malware in SystemDefender's family uses the Windows name, logos, fonts, and styling in SystemDefender's interfaces and alerts in order to convince people that SystemDefender is a real Microsoft software. Some of these other fake security applications are Internet Defender, Security Defender, and Antimalware Defender, although this is by no means a complete list. The malware in this family is all part of a scam which can be traced back to Russia, and it is likely that new names for the same scam will crop up. SystemDefender appeared in March 2011.


15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AVG Adware Generic2.PZW
Kaspersky not-a-virus:AdWare.Win32.Agent.iv
Panda Suspicious file
AVG Adware Generic2.PZX
Fortinet Adware/Agent
Prevx1 Generic.Dropper.xCodec
Kaspersky not-a-virus:AdWare.Win32.Agent.iw
Symantec SystemDefender
Sunbelt Ultimate SecuritySuite
Prevx1 High Risk Fraudulent Security Program
Panda Adware/SystemDefender
NOD32 Win32/Adware.UltimateDefender
Microsoft Program:Win32/UltimateDefender
McAfee-GW-Edition Riskware.Fake.SystemDef
McAfee potentially unwanted program WinFixer

SpyHunter Detects & Remove SystemDefender

SystemDefender Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

SystemDefender may create the following file(s):
# File Name MD5 Detections
1. msmhost.dll 1ff9614951c642d41b44f852cfc43cf0 2
2. msmdev.dll 2781ca3ebc80c1195fe80d9593106e86 2
3. SystemDefender.exe 441d594812bde8509a922c179ea04fa5 0
4. SystemDefender.exe 2e1fb8db25da94dacd01847494557090 0
5. SystemDefender_Installer[1].exe 5c8e056f2a4e362555be28986351a5df 0


The following cookies were found:



Most Viewed