Defenderunlimited.com

Defenderunlimited.com Description

Defenderunlimited.com is a dangerous browser hijacker designed by hackers to promote a fake security program Unlimited Defender. If your PC system is affected by rogue anti-virus software Unlimited Defender 2011, you will be constantly rerouted to Defenderunlimited.com deceptive website no matter what you type in the address bar. Defenderunlimited.com will display lots of annoying advertisements associated with Unlimited Defender 2011. Defenderunlimited.com can make changes to your web browser settings, proxy settings and even the HOSTS file configuration. Defenderunlimited.com can hijack some essential processes you are using for stealthy purpose. ESG's research team recommends you to remove Defenderunlimited.com together with the malicious Unlimited Defender 2011 immediately to protect your computer from damage.

Technical Information

File System Details

Defenderunlimited.com creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe N/A
2 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS] N/A
3 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS] N/A
4 %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS] N/A

Registry Details

Defenderunlimited.com creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Internet Explorer\iexplore.exe"'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mo
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe"'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'