Defendersiteblock.com

Defendersiteblock.com Description

Defendersiteblock.com is a browser hijacker that is involved in the distribution of the rogue security program Cyber Security. Defendersiteblock.com displays a warning page that notifies a user of malignant internet activity. The user will then be directed to purchase Cyber Security in order to continue browsing safely. All warnings and software advertised on Defendersiteblock.com are malicious and not to be trusted.

Technical Information

File System Details

Defendersiteblock.com creates the following file(s):
# File Name Detection Count
1 %WINDOWS%\system32\iehelpmod.dll N/A
2 %Program Files%\CS\tsc.exe N/A
3 %Documents and Settings%\All Users\Start Menu\CS\Cyber Security.lnk N/A
4 %Documents and Settings%\All Users\Start Menu\CS\Security Center.lnk N/A
5 %AppData%\Microsoft\Internet Explorer\Quick Launch\CS.lnk N/A
6 %Program Files%\Common Files\CSUninstall\Uninstall.lnk N/A
7 %Documents and Settings%\All Users\Start Menu\CS\Computer Scan.lnk N/A
8 %Documents and Settings%\All Users\Start Menu\CS\Registration.lnk N/A
9 %Documents and Settings%\All Users\Start Menu\CS\Update.lnk N/A
10 %Program Files%\Common Files\CSUninstall N/A
11 %Documents and Settings%\All Users\Start Menu\CS N/A
12 %Documents and Settings%\All Users\Start Menu\CS\Help.lnk N/A
13 %Documents and Settings%\All Users\Start Menu\CS\Settings.lnk N/A
14 %UserProfile%\Desktop\Cyber Security.lnk N/A
15 %Program Files%\CS N/A

Registry Details

Defendersiteblock.com creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\5FFB10D58FFCF482208906E6A889FD56
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CS"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\CS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Related Posts