AVDefender 2011
AVDefender 2011 (aka AV Defender 2011) is a rogue anti-spyware application. AV Defender 2011 spreads via Trojans that can infiltrate a system by exploiting its vulnerabilities. AVDefender 2011 can be downloaded and installed without a user's Knowledge. Once AVDefender 2011 is active, it will run a system scan and display numerous pop-ups and security alerts stating that the system is infected. The victim will be presented with recommendations to purchase the "full version" of AVDefender 2011 in order to remove all the detected infections. Do not fall for this scam. AV Defender 2011 is fake security application that can neither detect nor remove computer infections.
File System Details
AVDefender 2011 may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %UserProfile%\Local Settings\Application Data\[random]\avdefender 2011.exe | |
| 2. | %UserProfile%\Local Settings\Application Data\[random]\sysguard.exe | |
| 3. | %UserProfile%\Local Settings\Application Data\[random]\ |
Registry Details
AVDefender 2011 may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\avdefender 2011
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
