Defender-review.com Description

Defender-review.com is a rogue website that promotes the fake anti-spyware application Personal Defender 2009. Once the PC is infected the user’s homepage will be redirected to the rogue site. False pop-ups and alerts will appear stating that Trojan-Spy.Win32.Banker.aiw has infected the user’s computer. It is important to remember that these fabricated infections and alerts appear for the sole purpose of misleading the user into purchasing the full version Personal Defender 2009 application. It is advisable that the user remove the infection without hesitation.

Type: Rogue Websites

Automatic Detection of Defender-review.com

Defender-review.com Technical Report

As new Defender-review.com details are reported by our customers and findings from our Threat Research Center, we will update this section.

URLs, domains, and websites related or accessed by Defender-review.com (do not visit them):

• Defender-review.com

Defender-review.com has typically the following processes in memory:

• ictun.exe
• isfun.exe
• pmmon.exe
• VideoAccessCodecInstall.exe
• zafhemm.dll
• isfmntr.exe
• isfmm.exe
• msmsgs.exe
• xbaqktfv.exe
• gtawclv.dll
• icmntr.exe
• icun.exe
• nvctrl.exe
• spwoqbmv.exe
• duzakwq.dll

Defender-review.com creates the following registry entries:

• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70d17a5f-ef27-4295-90f5-20ad6f24834f}

Important Article Disclaimer