IronDefender

By Sumo3000 in Rogue Anti-Spyware Program | 26 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Translate To:     Español  |   Português
 More... More

IronDefender Description

IronDefender is a fake security application that spreads with the help of sneaky Trojans. IronDefender will display fake scanners, security alerts and pop-up warnings in an attempt to convince a user that his/her machine is infested with malware. Then IronDefender will coerce the user into paying for its “full version” in order to remove the purportedly detected malware. IronDefender is unable to detect or remove computer malware therefore users should never waste their money on this rogueware.

Type: Rogue AntiSpyware Programs

How Can You Detect IronDefender?

Download SpyHunter’s Detection Scanner
to Detect IronDefender.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

IronDefender Technical Report

As new IronDefender details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for IronDefender:

The following fake error message(s) appears for IronDefender:

Spyware Alert!
Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of IronDefender and remove spyware threats from your PC.

Warning
Your computer is under a great risk! Malware applications are still running. This will lead to the loss of personal date and system damage.
Do you want to remove the malware and protect your system?

Security Center Alert!
Infiltration Alert!
Your computer is being at

IronDefender Removal Details

IronDefender has typically the following processes in memory:

  • c:\WINDOWS\[random characters].exe
  • c:\WINDOWS\system32\[random characters].dll
  • c:\Program Files\FDFCA\Uninstall.exe
  • c:\WINDOWS\system32\[random characters].exe
  • c:\Program Files\FDFCA\F0E84.exe
  • c:\WINDOWS\[random characters].dll
  • %UserProfile%\Local Settings\Temp\[random characters].exe

IronDefender creates the following files in the system:

  • c:\WINDOWS\[random characters].bin
  • c:\WINDOWS\system32\[random characters].cpl
  • c:\Program Files\FDFCA\
  • c:\WINDOWS\system32\[random characters].bin
  • %UserProfile%\Desktop\IronDefender.lnk
  • c:\Documents and Settings\All Users\Start Menu\Programs\IronDefender.lnk
  • c:\WINDOWS\[random characters].cpl
  • %UserProfile%\Desktop\hash

IronDefender creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IronDefender
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “F0E84.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\IronDefender
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “vur4.exe”
  • HKEY_CURRENT_USER\Software\IronDefender
  • HKEY_CURRENT_USER\Software “Install_Dir” = “C:\Program Files\FDFCA”

Important Article Disclaimer

ESG Support Center

This entry was last updated on 09/13/10 and posted on 09/13/10. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« Antivircat.com
Rogue Anti-virus Programs Adopt the Agressive Ransom Malware Tactics Used by Botnets and Rootkits »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.