Read the same in:    English  Deutsch  Polski  Русский  Español  
You are welcome to subscribe to "New articles in Knowledge Base" mailing list.




Virus Activity

Virus Activity

virus activity is normal




 
Search :  
Search tips Article ID # :     
 

ProtectDefender: Rogue security software

Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing. For your convenience in this section we gathered all known rogue security software in one list by alphabet.


ProtectDefender: Rogue security software

 ID Article: 3560    Other languages:  Deutsch  Polski  Русский  Español      Views for 7 days 8    Last modified on 2010 Mar 18 18:16 Printable version

1. Program description

ProtectDefender - Rogue Security Software - is a type of misleading application that pretends to be legitimate security software, such as an antivirus scanner or registry cleaner, but which actually provides the user with little or no protection whatsoever. The program is distributed via a web-site www.protectdefender.com (the site is not available any more). ProtectDefender is a new variant of the family Winiguard/Winisoft. The author of ProtectDefender also created the following software:

    APcSafe, APcSecure, ProtectSoldier, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran.

Warning Kaspersky Lab’s experts do not recommend visiting the websites of the rogue security applications mentioned in this article because these sites may be unsafe and could potentially harm your computer.

2. Actions

After the installation ProtectDefender creates a definite number of empty files with different names in the directoriesC:\Windows and C:\Windows\System32. Once the computer scan is started ProtectDefender detects these files as malicious and offers to delete these files once you purchase the license for this program.

3. Files

During the installation ProtectDefender copies the following files to the hard drive:

%UserProfile%\Desktop\ProtectDefender.lnk
%UserProfile%\Start Menu\Programs\ProtectDefender.lnk
c:\Program Files\ProtectDefender Software
c:\Program Files\ProtectDefender Software\ProtectDefender
c:\Program Files\ProtectDefender Software\ProtectDefender\ProtectDefender.exe
c:\Program Files\ProtectDefender Software\ProtectDefender\Uninstall.exe
c:\WINDOWS59zwo5m236.ocx
c:\WINDOWS980haczt9ol3e5.bin
c:\WINDOWS\system3228downlo5dez11979.bin
c:\WINDOWS\system329zbackdoor1975.bin
c:\WINDOWS\system3299zir5s6ef.ocx

4. System registry

In order to function normally ProtectDefender creates the following branches in the system registry:

HKEY_CURRENT_USER\Software\ProtectDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProtectDefender
HKEY_LOCAL_MACHINE\SOFTWARE\ProtectDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ProtectDefender"

5. Screenshot of the program


 Did the provided info help you?

                       

 Give your detailed feedback.

 

Kaspersky Lab

Copyright © 1997-2014 Kaspersky Lab
Site map  |   International Support Service  |  Send us a suspected file
Login CompanyAccount  |   Register  |   FAQ for CompanyAccount  |   Login Your Personal Cabinet

Stay connected