AV Defender
AV Defender is a rogue anti-virus application that uses scare tactics to coerce users into paying for it. On entering a system, AV Defender will simulate a fake system scan that will produce a fake report of numerous malware detections. AV Defender will also display fake pop-up warnings and security alerts to further alarm the targeted victim and then advise him/her to purchase its non-existent full version. AV Defender is a useless application that can neither detect nor remove computer malware.
File System Details
AV Defender may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | c:\WINDOWS\microsoftdefend.dll | |
| 2. | c:\WINDOWS\spoos.exe | |
| 3. | c:\WINDOWS\explorers.exe | |
| 4. | c:\WINDOWS\secureit.com | |
| 5. | c:\Program Files\AV Defender\advanceddefender.exe | |
| 6. | c:\WINDOWS\certofsystem.exe | |
| 7. | c:\WINDOWS\regp.exe | |
| 8. | c:\WINDOWS\system32\winscent.exe | |
| 9. | %UserProfile%\Desktop\AV Defender.lnk | |
| 10. | c:\Program Files\AV Defender | |
| 11. | c:\Program Files\AV Defender\conf.wcf | |
| 12. |
C:\Documents and Settings\ |
|
| 13. | %UserProfile%\Start Menu\Programs\AV Defender\AV Defender.lnk | |
| 14. | c:\Program Files\AV Defender\baseadd.wdb | |
| 15. | c:\Program Files\AV Defender\q | |
| 16. |
C:\Documents and Settings\ |
|
| 17. | %UserProfile%\Start Menu\Programs\AV Defender | |
| 18. | c:\Program Files\AV Defender\base.wdb | |
| 19. | c:\Program Files\AV Defender\quarant.wdb |
Registry Details
AV Defender may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AV Defender
HKEY_LOCAL_MACHINE\SOFTWARE\AV Defender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "avdefender"
