Description is a rogue website that promotes the fake anti-spyware application Personal Defender 2009. Once the PC is infected the user’s homepage will be redirected to the rogue site. False pop-ups and alerts will appear stating that Trojan-Spy.Win32.Banker.aiw has infected the user’s computer. It is important to remember that these fabricated infections and alerts appear for the sole purpose of misleading the user into purchasing the full version Personal Defender 2009 application. It is advisable that the user remove the infection without hesitation.

Technical Information

File System Details creates the following file(s):
# File Name Detection Count
1 ictun.exe N/A
2 isfun.exe N/A
3 pmmon.exe N/A
4 VideoAccessCodecInstall.exe N/A
5 zafhemm.dll N/A
6 isfmntr.exe N/A
7 isfmm.exe N/A
8 msmsgs.exe N/A
9 xbaqktfv.exe N/A
10 gtawclv.dll N/A
11 icmntr.exe N/A
12 icun.exe N/A
13 nvctrl.exe N/A
14 spwoqbmv.exe N/A
15 duzakwq.dll N/A
16 Security Troubleshooting.url N/A
17 Online Security Guide.url N/A

Registry Details creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar

More Details on

The following URL's were found:
Tip: We recommend blocking the domain names as well as the IP addresses associated with them.