Read the same in:

Home / Fighting malicious programs / Rogue security software

Home products
1-5 computers

Small Office Security
5-10 computers

Business products
Workstations & Servers protection

Fighting malicious programs
How to disinfect...

Kaspersky Virus Scanner for Mac

Kaspersky Security Scan 2.0

Kaspersky Virus Removal Tool 2011

Virus-fighting utilities

Viruses and solutions

PC and online safety

Rogue security software

Kaspersky Rescue Disk 10

Remove banner from Desktop, unlock Windows

Training and Certification
Take an educational course and become a certified security specialist

Self Service
More help online

Support Services and Contacts
Information about support services and rules

Virus Activity

virus activity is normal

ProtectDefender: Rogue security software

Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing. For your convenience in this section we gathered all known rogue security software in one list by alphabet.

ProtectDefender: Rogue security software
ID Article: 3560	Other languages:	5	2010 Mar 18 18:16	Printable version

1. Program description

ProtectDefender - Rogue Security Software - is a type of misleading application that pretends to be legitimate security software, such as an antivirus scanner or registry cleaner, but which actually provides the user with little or no protection whatsoever. The program is distributed via a web-site www.protectdefender.com (the site is not available any more). ProtectDefender is a new variant of the family Winiguard/Winisoft. The author of ProtectDefender also created the following software:

APcSafe, APcSecure, ProtectSoldier, ArmorDefender, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcProtectar, PcsProtector, GreatDefender, APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran.

Kaspersky Lab’s experts do not recommend visiting the websites of the rogue security applications mentioned in this article because these sites may be unsafe and could potentially harm your computer.

2. Actions

After the installation ProtectDefender creates a definite number of empty files with different names in the directoriesC:\Windows and C:\Windows\System32. Once the computer scan is started ProtectDefender detects these files as malicious and offers to delete these files once you purchase the license for this program.

3. Files

During the installation ProtectDefender copies the following files to the hard drive:

%UserProfile%\Desktop\ProtectDefender.lnk
%UserProfile%\Start Menu\Programs\ProtectDefender.lnk
c:\Program Files\ProtectDefender Software
c:\Program Files\ProtectDefender Software\ProtectDefender
c:\Program Files\ProtectDefender Software\ProtectDefender\ProtectDefender.exe
c:\Program Files\ProtectDefender Software\ProtectDefender\Uninstall.exe
c:\WINDOWS59zwo5m236.ocx
c:\WINDOWS980haczt9ol3e5.bin
c:\WINDOWS\system3228downlo5dez11979.bin
c:\WINDOWS\system329zbackdoor1975.bin
c:\WINDOWS\system3299zir5s6ef.ocx

4. System registry

In order to function normally ProtectDefender creates the following branches in the system registry:

HKEY_CURRENT_USER\Software\ProtectDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProtectDefender
HKEY_LOCAL_MACHINE\SOFTWARE\ProtectDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ProtectDefender"

5. Screenshot of the program

Stay connected