SystemDefender
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 18 |
First Seen: | July 24, 2009 |
Last Seen: | February 13, 2023 |
OS(es) Affected: | Windows |
Do not be tricked into thinking that SystemDefender is some kind of Windows product. SystemDefender is malware that pretends to be security software, in order to scare you into paying money for nothing.
Table of Contents
Signs of Infection with SystemDefender
SystemDefender preys on PC users by making itself look like a Microsoft product or a Windows component. Accordingly, the first sign you'll see of an infection will likely be a fake update window that is produced by a Trojan. The Trojan that promotes SystemDefender is hidden in unrelated, harmless-looking downloads, or in fake Windows updates on third-party sites. Once the Trojan has found its way in, SystemDefender will alert you that you need to download an anti-malware update for Windows. If you agree to the update, as most people would, then you are allowing SystemDefender to download.
When SystemDefender becomes active, SystemDefender can't be ignored. The SystemDefender interface will frequently appear, and SystemDefender will use it to run fake scans of your computer. In order to make the scan results believable, SystemDefender creates some junk files for itself to detect later. That way, if you go looking for the malware files that SystemDefender claims to find, you will find some of them, although they are empty. After each scan, SystemDefender will warn you that to remove these "threats", you need to upgrade to the licensed or registered version of SystemDefender. SystemDefender will try to take you to the SystemDefender website, where you can pay for the malware by credit card. No matter what SystemDefender may tell you, paying that money will not get you anything.
SystemDefender will also try to get you to go to SystemDefender's payment site by showing frequent phony security alerts. These alerts will say some really scary things about threats to your computer, but you can disregard all of that as scare tactics. Likewise, SystemDefender will show error messages when you try to use other programs and SystemDefender will prevent them from running, on the basis that they are malicious or infected. The real reason that SystemDefender disables other programs is to prevent you from deleting SystemDefender, and to that end, SystemDefender will disable Task Manager and the Control Panel.
SystemDefender means to leave you feeling as if you have no way out of the bind SystemDefender has you in, other than by paying the money SystemDefender demands. So, don't think that SystemDefender will let you look for help online. SystemDefender will redirect you to malicious websites by interfering with your computer's settings. In the worst cases of SystemDefender infection, users may be unable to access the Internet at all, or may find that their computers become unstable and crash.
Malware Related to SystemDefender
SystemDefender comes from a family of fake security programs that imitate Windows Defender, which is a real, useful Microsoft product. The malware in SystemDefender's family uses the Windows name, logos, fonts, and styling in SystemDefender's interfaces and alerts in order to convince people that SystemDefender is a real Microsoft software. Some of these other fake security applications are Internet Defender, Security Defender, and Antimalware Defender, although this is by no means a complete list. The malware in this family is all part of a scam which can be traced back to Russia, and it is likely that new names for the same scam will crop up. SystemDefender appeared in March 2011.
Aliases
15 security vendors flagged this file as malicious.
Anti-Virus Software | Detection |
---|---|
AVG | Adware Generic2.PZW |
Kaspersky | not-a-virus:AdWare.Win32.Agent.iv |
Panda | Suspicious file |
AVG | Adware Generic2.PZX |
Fortinet | Adware/Agent |
Prevx1 | Generic.Dropper.xCodec |
Kaspersky | not-a-virus:AdWare.Win32.Agent.iw |
Symantec | SystemDefender |
Sunbelt | Ultimate SecuritySuite |
Prevx1 | High Risk Fraudulent Security Program |
Panda | Adware/SystemDefender |
NOD32 | Win32/Adware.UltimateDefender |
Microsoft | Program:Win32/UltimateDefender |
McAfee-GW-Edition | Riskware.Fake.SystemDef |
McAfee | potentially unwanted program WinFixer |
SpyHunter Detects & Remove SystemDefender
SystemDefender Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | msmhost.dll | 1ff9614951c642d41b44f852cfc43cf0 | 2 |
2. | msmdev.dll | 2781ca3ebc80c1195fe80d9593106e86 | 2 |
3. | SystemDefender.exe | 441d594812bde8509a922c179ea04fa5 | 0 |
4. | SystemDefender.exe | 2e1fb8db25da94dacd01847494557090 | 0 |
5. | SystemDefender_Installer[1].exe | 5c8e056f2a4e362555be28986351a5df | 0 |