Unlimited Defender

Unlimited Defender Description

ScreenshotUnlimited Defender is a fake anti-virus program. Malicious programs like Unlimited Defender are called rogue applications. Rogueware are fake security applications that criminals try to sell to unwary victims. Rogue anti-virus programs like Unlimited Defender create a sense of panic in their victims by deliberately creating a series of problems on an infected computer. Then, with constant fake security alerts and error messages, Unlimited Defender aggressively pushes the computer user to buy it to fix those very same problems. Our ESG team of malware researchers recommends immediate removal of Unlimited Defender with a trustworthy anti-malware utility.

Unlimited Defender's Partners in Crime

Our ESG team of PC security researchers has identified a large number of rogue security programs that are closely related to Unlimited Defender. Criminals use these kinds of copies, known as clones, to stay ahead of advancements in anti-malware technology. Some clones of Unlimited Defender include Unlimited Defender, Ultimate Scan, Personal Shield Pro Version 2.20, Windows 7 Recovery, System Smart Security, Clean Security, and Ultimate Guard. All of these rogue security programs have the same characteristics as Unlimited Defender, including an extremely similar interface. This interface is designed to mimic Window Security Center's interface, with the rogue's name on the top left corner being the only difference from clone to clone. Unlimited Defender is also closely related with several Trojans used to deliver it into the victim's computer. Some Trojans associated with Unlimited Defender are the Zlob Trojan and the Fake Microsoft Security Essentials Alert Trojan.

Unlimited Defender's Misleading Marketing Campaign

While Unlimited Defender can be delivered with Trojans, it is more common for unwary computer users to download it directly from their official website. This is because Unlimited Defender and its clones have an impressive marketing campaign behind them. While ESG security researchers catch up, Unlimited Defender has lured thousands of victims into downloading it, thanks to its misleading marketing campaign. This Internet marketing campaign includes a large number of blogs, a Wiki page, fake reviews and comments on reputable software download websites, and a strong search engine presence.

Don't Become a Victim of Unlimited Defender

Our ESG team of malware researchers advises against falling for Unlimited Defender's illusion. Remember, this is not a real anti-virus utility. Computer users should ignore Unlimited Defender's fake scan and false security alerts. In fact, trying to delete files identified as infected by Unlimited Defender could result in irreparable damage to the stability of your computer system. Instead, make sure to remove Unlimited Defender with a real anti-malware program.

Technical Information

File System Details

Unlimited Defender creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe N/A
2 %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS] N/A
3 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS] N/A
4 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS] N/A

Registry Details

Unlimited Defender creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exee" -a "%Program Files%\Internet Explorer\iexplore.exe"'

Related Posts