Win 7 Smart Defender Pro Description

Win 7 Smart Defender Pro is a fake anti-spyware application that pretends to be a genuine and reliable security program. Win 7 Smart Defender Pro is distributed via bogus online anti-malware scanners and insecure downloads from malicious sources. Win 7 Smart Defender Pro enters a vulnerable computer system via Trojans, which exploit security holes in web browsers. A Trojan enters the compromised PC without the attacked computer owner’s permission and knowledge. Once installed on the corrupted machine, Win 7 Smart Defender Pro starts a fraudulent system scan and generates numerous nonexistent malware threats in an effort to frighten victims into believing their computers are infected. Win 7 Smart Defender Pro will also display fake security alerts and notifications that report various security threats. All scan results and warning messages created by Win 7 Smart Defender Pro are false and inaccurate and, therefore, should be ignored. As a solution for getting rid of the imaginary malware infections, Win 7 Smart Defender Pro will offer you to purchase the so-called full version of phony security software to allegedly detect and uninstall found malware threats. Do not rely on or purchase Win 7 Smart Defender Pro because it’s an online scam designed by attackers to steal money from gullible computer users. ESG’s malware analysts highly recommend you to uninstall Win 7 Smart Defender Pro as soon as possible by using a legitimate anti-malware program.

Type: Rogue AntiSpyware Programs

How Can You Detect Win 7 Smart Defender Pro?

Win 7 Smart Defender Pro Technical Report

As new Win 7 Smart Defender Pro details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Win 7 Smart Defender Pro:

The following fake error message(s) appears for Win 7 Smart Defender Pro:

Win 7 Smart Defender Pro Firewall Alert
Win 7 Smart Defender Pro has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

System hijack!
System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.

System danger!
Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working in the background right now. Perform an in-depth scan and removal now, click here.

Privacy threat!
Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair.

Win 7 Smart Defender Pro Removal Details

Win 7 Smart Defender Pro has typically the following processes in memory:

• %AppData%\Local\[RANDOM CHARACTERS].exe

Win 7 Smart Defender Pro creates the following files in the system:

• %AppData%\Local\[RANDOM CHARACTERS]
• %AppData%\Roaming\Microsoft\Windows\Templates\[RANDOM CHARACTERS]
• %Temp%\[RANDOM CHARACTERS]
• %AllUsersProfile%\[RANDOM CHARACTERS]

Win 7 Smart Defender Pro creates the following registry entries:

• HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon “(Default)” = ‘%1′
• HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “(Default)” = ‘”%1″ %*’
• HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
• HKEY_CLASSES_ROOT\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1″ %*’
• HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon “(Default)” = ‘%1′ = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1″ %*’
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe” -safe-mode’
• HKEY_CURRENT_USER\Software\Classes\exefile “Content Type” = ‘application/x-msdownload’
• HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “IsolatedCommand” = ‘”%1″ %*’
• HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1″ %*’
• HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “IsolatedCommand” = ‘”%1″ %*’
• HKEY_CURRENT_USER\Software\Classes\.exe “Content Type” = ‘application/x-msdownload’
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Mozilla Firefox\firefox.exe”‘
• HKEY_CURRENT_USER\Software\Classes\exefile “(Default)” = ‘Application’
• HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%1″ %*’
• HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command “IsolatedCommand” – ‘”%1″ %*’
• HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command “(Default)” = ‘”%1″ %*’
• HKEY_CURRENT_USER\Software\Classes\.exe “(Default)” = ‘exefile’
• HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = ‘”%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe” /START “%Program Files%\Internet Explorer\iexplore.exe”‘

Important Article Disclaimer