Paladin Antivirus Description

 

 

[+] Click Image to Enlarge

 

 

CartCartCartCartCartCartCartCart

Paladin Antivirus is a rogue anti-virus application created by the same authors of the rogueware Malware Defense. Paladin Antivirus is distributed by Trojans that can sneak it onto a computer without a user’s knowledge or permission. Once inside a PC, Paladin Antivirus will launch a fake system scan and claim to detect numerous computer threats that can only be removed with its “full” version. Paladin Antivirus often creates a registry entry that will ensure that it is loaded with every system start-up. Paladin Antivirus will also locate a list of legitimate security applications and direct the user to uninstall them. These security applications include: F-Secure, Malwarebytes’ Anti-Malware, Avira AntiVir, NOD32, avast! and more. All scan reports or security alerts displayed by PaladinAntivirus should be ignored.

Type: Rogue Anti-Virus Program

How Can You Detect Paladin Antivirus?

Paladin Antivirus Technical Report

As new Paladin Antivirus details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following Paladin Antivirus files with its MD5s were created in the system:

Paladin Antivirus has typically the following processes in memory:

• %Program Files%\Paladin Antivirus\phook.dll
• %Program Files%\Paladin Antivirus\pavext.dll
• pavext.dll
• %Program Files%\Paladin Antivirus\pav.exe
• %Program Files%\Paladin Antivirus\uninstall.exe

Paladin Antivirus created the following directories, files, paths:

• %ProgramFiles%\Paladin Antivirus
• %UserProfile%\Start Menu\Programs\Paladin Antivirus

Paladin Antivirus creates the following registry entries:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Paladin Antivirus”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Paladin Antivirus
• HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus
• Paladin Antivirus

Important Article Disclaimer