English 
Deutsch
Español
Français
Portuguese
Windows PC Defender Windows PC Defender
By
GoldSparrow in Rogue Anti-Spyware Program |
0 views
Rate it: 
(No Ratings Yet)
Loading ...
(No Ratings Yet) Loading ...
Windows PC Defender Description
Windows PC Defender is a rogue anti-spyware program that comes from the same family of fake security applications as OmegaAntivir and Windows Additional Guard. Windows PC Defender, through the use of deceptive notifications and system scans, is able to trick computer users into believing that their computer is infected with parasites. Windows PC Defender is offered as a solution to the computer infections but is unable to detect or remove them.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows PC Defender?
Windows PC Defender Technical Report
As new Windows PC Defender details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following Windows PC Defender files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| WPf7dd.exe | 2185728 | 523a182504ce9ea68e1939d3a290286d |
| WP4648.exe | 2170368 | 543e7787861670b8471181a883038797 |
| WP858d.exe | 2107904 | 92daf9405cfd85e1ad791935caef0032 |
| WP0b77.exe | 2187264 | 7862f3e671f22b93c18a5ebdf2d5120a |
| WP8c07.exe | 2173952 | 0cb3e6e207482cddbbdb548baa3c775b |
| WPc0ef.exe | 2187264 | 1899de9cd15cfad4289f065bf549c7ee |
| WPdccb.exe | 2185216 | db50541ff7a46ddeb64fbccdb3bea9d9 |
| ReleaseXP[1].exe | 2185216 | db50541ff7a46ddeb64fbccdb3bea9d9 |
| WPa725.exe | 2171904 | 455c69a7acdeb87fc2304451e8a5c889 |
| WP65b6.exe | 2104832 | b26427e502ee2569d313fcd534da5f42 |
| WP9fd5.exe | 2337792 | 4229a9f7867d750a15b6fe7c383ad22e |
| WPd8da.exe | 2357760 | b8367a880ced906fdfb26e68478d0bf5 |
| WPb98c.exe | 2358272 | 3e3b60351c22a5255e369a2d13f28bd8 |
| WPd59d.exe | 2364416 | d37d687a14ee2a2b13e51cb139f3928b |
| WP49c6.exe | 2411008 | 28dcbbd7fa192e34ec4c02ce3be4e50f |
| WPbffb.exe | 2362368 | d2f7b4f323f568c17992fb13f10e002f |
| WP1f2d.exe | 2434048 | 142bf5bfb442b0d2fc42a4693c3f737a |
| WP9dbf.exe | 2339328 | 8e5818e9f9778b4f1c3b24c3ca14f076 |
| WP6b96.exe | 2416128 | c32cf00b41f6ed682d4f4e8625079cbd |
| WP0b5b.exe | 2377216 | 8050da5befb0d7d33e39b5478b6bcaa4 |
| WPd00d.exe | 2338304 | 7129a2afba49533dc001a65eb985b6d2 |
| WPb644.exe | 2423808 | c97fc3245614ef254cfd5dc380b7fb70 |
| WP2611.exe | 2341376 | 54e95ecac41a66ed245a0cb50c1e2671 |
| WP9b30.exe | 2339840 | 065b151e3c2c0c01a63afab2e7430b32 |
Windows PC Defender has typically the following processes in memory:
- ppal.exe
- ddv.dll
- tempdoc.dll
- fix.exe
- cid.dll
- sqlite3.dll
- eb.exe
- WP345d.exe
- mozcrt19.dll
Windows PC Defender created the following directories, files, paths:
- %AppData%\Windows PC Defender
- %AllUsersProfile%\Application Data\WPCDSys
Windows PC Defender creates the following registry entries:
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” => “http://search-gala.com/?&uid=201&q={searchTerms}”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “89770891803″
- HKEY_CLASSES_ROOT\WP345d.DocHostUIHandler
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “UID” = “201″
- HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” = “http://127.0.0.1:27777/?inj=%ORIGINAL%”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Windows PC Defender”
Important Article Disclaimer
This entry was posted on 09/17/09 and is filed under Rogue Anti-Spyware Program.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
