System-defender.net
System-defender.net also known as System-defender.microsoft.com is a malicious website that uses browser hijacking Trojans to spread. These Trojans cause a victim's browser to be frequently redirected to System-defender.net by modifying the Hosts file. Users that have been infected with the rogueware called Antivirus Soft will also encounter System-defender.net when they click on any of its security notifications. System-defender.net is the payment page for Antivirus Soft and it is not to be trusted.
File System Details
System-defender.net may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sysguard.exe | |
| 2. | %Documents and Settings%\[UserName]\Local Settings\Application Data\[random string]\[random string]sftav.exe |
Registry Details
System-defender.net may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random string]"
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
