IronDefender is a fake security application that spreads with the help of sneaky Trojans. IronDefender will display fake scanners, security alerts and pop-up warnings in an attempt to convince a user that his/her machine is infested with malware. Then IronDefender will coerce the user into paying for its “full version” in order to remove the purportedly detected malware. IronDefender is unable to detect or remove computer malware therefore users should never waste their money on this rogueware.
Type: Rogue AntiSpyware Programs
How Can You Detect IronDefender?
IronDefender Technical Report
As new IronDefender details are reported by our customers and findings from our Threat Research Center, we will update this section.
Fake message for IronDefender:
The following fake error message(s) appears for IronDefender:
Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of IronDefender and remove spyware threats from your PC.
Your computer is under a great risk! Malware applications are still running. This will lead to the loss of personal date and system damage.
Do you want to remove the malware and protect your system?
Security Center Alert!
Your computer is being at
IronDefender Removal Details
IronDefender has typically the following processes in memory:
- c:\WINDOWS\[random characters].exe
- c:\WINDOWS\system32\[random characters].dll
- c:\Program Files\FDFCA\Uninstall.exe
- c:\WINDOWS\system32\[random characters].exe
- c:\Program Files\FDFCA\F0E84.exe
- c:\WINDOWS\[random characters].dll
- %UserProfile%\Local Settings\Temp\[random characters].exe
IronDefender creates the following files in the system:
- c:\WINDOWS\[random characters].bin
- c:\WINDOWS\system32\[random characters].cpl
- c:\Program Files\FDFCA\
- c:\WINDOWS\system32\[random characters].bin
- c:\Documents and Settings\All Users\Start Menu\Programs\IronDefender.lnk
- c:\WINDOWS\[random characters].cpl
IronDefender creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “F0E84.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “vur4.exe”
- HKEY_CURRENT_USER\Software “Install_Dir” = “C:\Program Files\FDFCA”