Gudefender.com Description
Gudefender.com is a malicious domain created to promote and distribute the rogue software called Antivirus. NET. Users that encounter Gudefender.com could already be infected with Antivirus. NET which modifies its victims' browser settings in order to redirect them to malicious websites. The rogue antivirus will also display fake security alerts that will redirect a victim to Gudefender.com if clicked on. Gudefender.com can simulate a fake online system scan in order to convince a victim that the system is infected and then coerce him/her into purchasing rogue software. Gudefender.com is a misleading website that should not be trusted. Use a good security application to remove Gudefender.com and any other rogueware from your system.
Technical Information
File System Details
Gudefender.com creates the following file(s):
| # | File Name | Detection Count |
|---|---|---|
| 1 | %Temp%\[random]\[random].exe | N/A |
| 2 | %Temp%\[random]\ | N/A |
Registry Details
Gudefender.com creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:33921"
HKEY_CURRENT_USER\Software\[random]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""