Internet Defender

Internet Defender Description

Internet Defender ScreenshotDo not confuse Internet Defender with Windows Defender. While Windows Defender is legitimate Microsoft software, Internet Defender is nothing more than a fake anti-virus software, and Internet Defender is out to steal your money.

What Internet Defender Really is and its Symptoms

Internet Defender is a rogue security application. In other words, Internet Defender pretends to be a program that can help to make your PC more secure, when in actuality, Internet Defender is malware. One of the most problematic things about Internet Defender is that it tries very hard to imitate Windows Defender. You will first notice this attempt at imitation when Internet Defender loads for the first time, whenever you re-start your computer after Internet Defender installs itself. As Windows loads, before you see the desktop, you will see the phony Internet Defender user interface. Internet Defender uses the Windows logo (without permission) as well as Windows fonts, icons, and styling in order to mimic the appearance of Windows Defender. The window will always say “not activated” across the top. Then, from this phony interface, Internet Defender runs its fake scans.

Internet Defender's phony scans will always return long lists of results, and the list of results may even include the names of actual viruses. However, the files that Internet Defender refers to as malware are either nonexistent, or they are perfectly harmless Windows files. After each scan completes, Internet Defender will prompt you to “activate” its software in order to remove the threats Internet Defender says it detected. If you click through the prompts that Internet Defender gives you, you will wind up at the payment site for the scam, where you can pay for Internet Defender by credit card. Of course, because Internet Defender is part of a scam, you will not get anything for your money. This fake anti-virus software can't gain any functionality.

After you wait through the fake scan process and clear the Internet Defender home screen, Internet Defender will continue to try to scare you by generating pop-up alerts. These alerts are elaborate, and they include the Windows logo and other graphics, and the windows they appear in will usually be titled “Internet Defender Firewall Alert.” Some of the alerts will claim that a keylogger is being used to infiltrate a social networking account that you hold, and others will claim that several serious threats have been detected on the system. You will get buttons with options to perform the “recommended” action and activate Internet Defender to remove the threats or to continue unprotected, and the “continue unprotected” options are always accompanied by some scary-sounding warnings about the high risk inherent in doing so. Ultimately, if you agree to perform the “recommended” action in response to these alerts, you wind up at the payment page for the scam.

In addition to these scare tactics, Internet Defender will almost completely prevent you from using your computer. Internet Defender will prevent you from running other programs, and when you try to run a program, Internet Defender will show an alert that says that the program is infected or malicious. When you try to go online, Internet Defender can redirect you to its own malicious sites, and prevent you from viewing security-related websites. Internet Defender even prevents the use of Task Manager, and in order to prevent you from getting rid of it, Internet Defender cannot be uninstalled through the Control Panel. If you aren't scared into paying money for this fake software, the crooks behind Internet Defender hope to convince you by taking your computer hostage. The catch is that if you pay the ransom (the activation fee), nothing changes and Internet Defender doesn't relinquish its control.

How Internet Defender Infects PCs

When it comes to infecting a computer, Internet Defender tries to find ways to sneak in unnoticed, so that when Internet Defender finally shows up, you are more likely to believe Internet Defender is just an ordinary Windows component. So, Internet Defender uses a Trojan, which is hidden in a phony online virus scanner or bundled along with a download for something else. Most of the time, the Trojan is bundled with downloads from malicious or sketchy websites, but there are reports that its creators have found ways to sneak Internet Defender onto legitimate websites, as well. Once the Trojan is downloaded, Internet Defender generates alerts that say that a Windows download is necessary, which Internet Defender will refer to as “Anti-malware security update for Windows XP (KB961118).” If you agree to download this fake update, you download Internet Defender; but even if you don't agree to the update, the Trojan may find other ways of downloading the fake security software.

Background Information on Internet Defender

Internet Defender is not unique. Internet Defender comes from an existing family of rogue anti-virus programs, the WinPC Defender family, which also includes WinPC Defender, SystemDefender, IE Defender, IE Defender, XPdefender, WinDefender2008, PC Privacy Defender, Malware Defender 2009, Smart Defender Pro, Ultimate Defender, Advanced XP Defender, Security Defender Pro 2015. Internet Defender is only superficially different from these other threats, and all of them are part of a single Russian scam. Internet Defender is the version of the malware for this scam that showed up in late February 2011.

Technical Information

File System Details

Internet Defender creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%bc6ecdd7-c682-4100-b41d-856ce72e81af_44.avi 44,246 cf48061409bcebef01b486b4c5186312 195
2 %APPDATA%2283880F-EF87-4aac-8EBD-C9BCC8494AF5_46.avi 79,082 6dd8358aa173a7fcc7e6a8e3ea446bff 163
3 %ALLUSERSPROFILE%da2d514b-a99c-4053-9665-263275e5cb51_34.avi 1,805,824 dae4fcaa9092eab9dd1e08b2c4bc808d 9

Registry Details

Internet Defender creates the following registry entry or registry entries:
Regexp file mask
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS].lnk
Directory
%ProgramFiles%\Internet Defender

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.