Security Defender is the newest rouge and malicious malware that infects many computer systems. Security Defender acts as a fake anti-virus scanner, pretending to have scanned the system and alert the user to serious (but probably false and non-existent except for itself, if it lists itself) malware threats, and then ask user to activate the Security Defender to full version with money payment, in order to cheat for financial gains.

Security Defender should be removed and cleaned from the computer at earliest opportunity. As it’s a fake anti-malware scanner and effectively a scam, it won’t detect nor able to remove any malware, virus or even any threats. Security Defender has been of the variant of similar scams which posed as fake antivirus software.

Security Defender Malware

Once a system is infected with Security Defender, the malware runs automatically on Windows startup, and then regularly and persistently displays dialog window to ask user to activate and upgrade to full version with a payment, although the full version is also a fake. It also modifies browser settings with a proxy server for redirection to the purchase payment form page. What makes Security Defender a dangerous and malicious malware is that it authomatically shuts down, stops and prevents the genuine anti-virus and anti-malware software from running and execution, including blocks the ability for end user to install any anti-malware scanner program in a bid to remove Security Defender.

Security Defender

Many anti-malware programs such as Spyware Doctor or Malwarebytes Anti-Malware can automatically remove and delete any traces of Security Defender. But the challenge is to install the anti-malware software in the presence of Security Defender, which tries to block such security software from running or installing.

Try to install and run the anti-malware scanner in Safe Mode or after terminating the Security Defender processes in Task Manager. And if automatic removal of Security Defender fails, here’s the manual removal instructions to delete and clean Security Defender from the system.

  1. Restart the computer to Safe Mode so that Security Defender does not start, by pressing F8 during initial startup, and select either Safe Mode or Safe Mode with Networking (if required Internet connection).

    Alternatively, run Task Manager and terminate the Security Defender process.

  2. Run Registry Editor (RegEdit), and delete the following Remove Security Defender registry keys:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56a10a26-dc02-40f1-a4da-8fa92d06b357}
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “56a10a26-dc02-40f3-a4da-8fa92d06b357_33”
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “56a10a26-dc02-40f3-a4da-8fa92d06b357_33”
    • HKEY_CLASSES_ROOT\CLSID\{56a10a26-dc02-40f1-a4da-8fa92d06b357}
  3. Open an elevated command prompt as administrator, and run the following commands to unregister Security Defender DLL files:

    regsvr32 /u "%Temp%\[RANDOM CHARACTERS].dll"
    regsvr32 /u "C:\Program Files\Security Defender\Security Defender.dll"

    Note: Find out and replace [RANDOM CHARACTERS].dll with the actual file name that located in %Temp% directory.

  4. Delete the following Security Defender files:

    %Temp%\[RANDOM CHARACTERS].dll
    %UserProfile%\Start Menu\Programs\Startup\56a10a26-dc02-40f3-a4da-8fa92d06b357_33.lnk
    %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Defender.lnk
    %UserProfile%\Desktop\Security Defender.lnk
    c:\Documents and Settings\All Users\Start Menu\Programs\Startup\56a10a26-dc02-40f3-a4da-8fa92d06b357_33.lnk
    c:\Documents and Settings\All Users\Application Data\56a10a26-dc02-40f3-a4da-8fa92d06b357_33.avi
    c:\Documents and Settings\All Users\Application Data\56a10a26-dc02-40f3-a4da-8fa92d06b357_.mkv
    c:\Documents and Settings\All Users\Application Data\56a10a26-dc02-40f3-a4da-8fa92d06b357_33.ico
    c:\Program Files\Security Defender\Security Defender.dll
    c:\Program Files\Security Defender