Tuesday, August 31, 2010

AV Defender 2011

AV Defender 2011 is a rogue security product that pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing this useless application. It presents an alarming graphic user interface:

(Click on graphic to enlarge)

It fakes a “scan” of the potential victim’s machine in order to frighten him or her into making an unwise purchase:

(Click on graphic to enlarge)

The “payment” screen, of course, looks very professional. However the rogue vendors have used graphics of “Antivirus Soft” – evidence that they probably are the same distributors of that rogue as well. Here’s our description of Antivirus Soft from last February.

(Click on graphic to enlarge)

The downloader we found was detected as BehavesLike.Win32.Malware (v) and its executable module was detected as Trojan.Win32.FakeAlert.

This rogue is somewhat similar to those in of the FakeSpyPro family, although the downloader actually creates the module.

AV Defender 2011 creates the following registry key:
HKEY_CURRENT_USERSOFTWARE\AVDEFENDER 2011

It also creates the following files on a victim’s machine:
%APPDATA%\AVDEFENDER2011
%STARTMENU%\AVDEFENDER2011

VIPRE detects it as AVDefender2011.FakeSpyPro

How to remove AV Defender 2011:

If AV Defender 2011 has infected your pc, you should remove it immediately. Click here to use VIPRE to remove AV Defender 2011 from your computer now.

No comments:

Post a Comment