Fake Anti Spyware.System Defender - Spyware Detector

Home / Spyware Encyclopedia / Fake Anti Spyware.System Defender

Fake Anti Spyware.System Defender Technical Details

Category		Fake Anti Spyware
Discovered		4/23/2009 2:40:27 PM
Modified		11/19/2009 11:03:55 AM
Threat Level		High

Category Description

These are programs which look like any legitimate program but usually download without users permission, entice users into buying them by showing fake results to improve users PC performance. They may also download spyware and other unwanted programs.

Description

System Defender is Rogue Security Program. System Defender usually installed itself onto your PC without your permission, through Vundo Trojan, Virus or fake software. It uses aggressive and deceptive techniques to frighten the user into purchasing the program. It gives exaggerated report and claims of spyware found or false positives but will not remove spyware unless the user purchases the program.

Notice

Please note that the following information is not controlled or endorsed by Max Secure Software. They are captured automatically in our Research Lab as a result of executing Spyware Files or browsing Internet. Please contact us if you find any information inappropriate for removal. All the work contained in this report is copyrighted and should not be copied without permission from Max Secure Software.

We do not recommend browsing or removing these entries on your own manually. We do not take any warranty against the use or result of the use of this information.

Summary

The following http urls were started: NA

The hosts file was updated with the following url-to-ip mappings:

74.125.45.100	4-open-davinci.com
74.125.45.100	getantivirusplusnow.com
74.125.45.100	privatesecuredpayments.com

The following internet connection was established:

94.102.63.61 : 80
210.56.53.100 : 80
64.213.140.69 : 80

Process		setup_build7_195.exe
Drivers		N/A
Folder Created		%DAS.AU.APP DATA%\System Defender

The following Files were created:

Name	Version	Publisher	Signature (MD5)	File Size (in KB)
..\0d25d23\ws0d25.exe	1.0.1.2982	AVP Inc	cf13f2739cdda55199fe720a06b29988	1909760
..\setup_build7_195.exe			f504b2660d5816500604246364d0bca2	188416

The following Registry Entries were created:

•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe
•	..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe

The following images were captured:

Recommendation to remove Fake Anti Spyware.System Defender

Spyware Detector can remove Fake Anti Spyware.System Defender, and thousands of other Spyware automatically and instantly. Click here to download Spyware Detector and scan for free.

Download Spyware Detector and Scan for FREE

	Personalized E-mail support by our Research Team. You send an "Export Log" report to us, we then add new definition and you eliminate spyware found on YOUR PC in the next Live Update. So, not only do you benefit but the whole community enjoys the feedback.
	Speed up your computer and increase browsing performance by deleting Spyware & Adware
	Enjoy continuous protection and security with frequent spyware definition updates so you never have to worry about new threats and outdated software.
	Surf the web with confidence knowing your online activities aren't being tracked, and your confidential data is secure from prying eyes.

	Spyware & Adware Categories we scan
	Spyware Removal Tools
	Submit a False Positive
	Submit a Threat

“I just purchased Spyware Detector and ran it. I am very impressed with how good it was. On the first scan it picked up a lot of very bad Trojans, worms, backdoor poisons that other companies had missed. Thank you!!”