« 4cleanspyware.com
SaveArmor »

SaveDefender

No Comments
JubileeX By JubileeX in Rogue Anti-Spyware Program | 0 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

SaveDefender Description

 
 
Image Screenshot
[+] Click Image to Enlarge
 
 

SaveDefender is a rogue anti-spyware program that is directly related to the fake security applications SoftSafeness and SafetyKeeper. SaveDefender, once active after installation, is able to scan a users system to trick them into purchasing a full version of SaveDefender. The use of falsified popup alerts and system scan results are many of the deceiving actions that SaveDefender takes to persuade computer users into purchasing a full version of SaveDefender. SaveDefender is completely unable to detect and rid a computer of parasites including Trojans, viruses, malware and spyware.

Type: Rogue AntiSpyware Programs

How Can You Detect SaveDefender?

 
 

Download SpyHunter’s Detection Scanner
to Detect SaveDefender.

 
 

SaveDefender Technical Report

As new SaveDefender details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following SaveDefender files with its MD5s were created in the system:

File Name File Size MD5
setup[1].exe 919187 5eed8a35861f2b3064f94cc8b8fba061
setup[1].exe 467456 1cc12491dd47cfdeb3e3458355b67703
SaveDefender.exe 831488 38ebfbebf948fd019d37298314a8a92c

SaveDefender has typically the following processes in memory:

  • ri2aqoym.exe
  • 10203hack9z5l284.ocx
  • 14397szambot506.exe
  • 13598viruz5b9.ocx
  • SaveDefender.exe
  • 101919py365z.ocx

SaveDefender created the following directories, files, paths:

  • %ProgramFiles%\SaveDefender Software\SaveDefender
  • %AllUsersProfile%\Start Menu\Programs\SaveDefender

SaveDefender creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\SaveDefender
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SaveDefenderSvc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveDefender
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVEDEFENDERSVC
  • HKEY_CURRENT_USER\Software\SaveDefender
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SaveDefender”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ri2aqoym.exe”

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 09/21/09 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Top Malware

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs

Follow Us on Twitter

Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.