PC Defender

By Sumo3000 in Rogue Anti-Spyware Program | 226 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Translate To:     Español  |   Português
 More... More

PC Defender Description

PC Defender is a fake anti-spyware application that uses several misleading methods to tempt purchase of a full version of the PC Defender program. PCDefender has been known to display several false parasite alerts in the form of an annoying popup alert. In addition, PC Defender will conduct system scans that return several bogus parasite results. PC Defender does not have the ability to detect or remove legitimate parasites. It is suggested that users avoid use of PC Defender as it can cause damage to system registry entries.

Type: Rogue AntiSpyware Programs

How Can You Detect PC Defender?

Download SpyHunter’s Detection Scanner
to Detect PC Defender.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

PC Defender Technical Report

As new PC Defender details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following PC Defender files with its MD5s were created in the system:

File Name File Size MD5
proccheck.exe 58880 47bc3a198e6ba69d058381e9cfc21db2
Antispyware.exe 1165312 7d744b20ec17d42f55f5d61a29f56fd3
hook.dll 42496 ac37c81015f9d495442f8a8bc5299ea2
movie_1029644.avi[1].exe 898276 56464d15f4ca0ab818fc873e0d2ae3d2
_C507892FD1860AF6477A61.exe 21630 b84df77564555c63c899fce0fcec7edb
_BF2DDB0AC7FD40D5AAEDAF.exe 21630 b84df77564555c63c899fce0fcec7edb

PC Defender Removal Details

PC Defender has typically the following processes in memory:

  • 96222EB958BE7AE1F3D10F.exe
  • proccheck.exe
  • Antispyware.exe
  • E99A03E2B966DDBBBF0A73.exe

PC Defender created the following directories, files, paths:

  • %WinDir%\Installer\FC2ABC8E-3715-4A32-B8B5-559380F45282
  • %ProgramFiles%\Def Group\PC Defender

PC Defender creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Def Group\PC Defender\”" = “”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\WINDOWS\Installer\{FC2ABC8E-3715-4A32-B8B5-559380F45282}\”" = “”
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\VAS\”922RR651620485838S50SR09QS119674.rkr” = “1B 00 00 00 06 00 00 00 10 8D 5A 77 91 B0 CA 01″
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\”ScrollPos1280×1024(1).y” = “0″
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\”Col” = “0xFFFFFFFF”
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Def Group\PC Defender\”Antispyware.exe” = “PC Defender application main executable”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Userinit” = “C:\WINDOWS\system32\userinit.exe,”C:\Program Files\Def Group\PC Defender\Antispyware.exe”"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Documents and Settings\All Users\Start Menu\Programs\PC Defender\”" = “”
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Def Group\PC Defender\”proccheck.exe” = “proccheck”
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\”ScrollPos1280×1024(1).x” = “0″
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\”SortDir” = “1″
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\”REG.exe” = “Registry Console Tool”
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Def Group\PC Defender\”proccheck.exe” = “proccheck”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Userinit” = “C:\WINDOWS\system32\userinit.exe,”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Def Group\”" = “”
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\”{92780B25-18CC-41C8-B9BE-3C9C571A8263}” “0×00002001″
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\”Mode” = “4″
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\Bags\16\Shell\”Sort” = “0″
  • HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\INF\”922EE651620485838F50FE09DF119674.exe” = “922EE651620485838F50FE09DF119674″
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\”{92780B25-18CC-41C8-B9BE-3C9C571A8263}” = “0×00002001″

Important Article Disclaimer

ESG Support Center

This entry was last updated on 02/19/10 and posted on 02/19/10. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« Backdoor.Initor
Antivirus Protection Center »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.