Christian Mairoll 237 Posted February 24, 2010 Report Share Posted February 24, 2010 The Emsi Software malware research team has discoverd a new outbreak of the PC Defender adware. a-squared Anti-Malware detects this malware as Adware.Win32.PCDefender. PC Defender is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase. This program has a funny thing. It will displays fake blue screen on the victim machine. The blue screen will look like this: Create new files: %ProgramFiles%Def GroupPC DefenderAntispyware.exe %ProgramFiles%Def GroupPC Defenderhook.dll %ProgramFiles%Def GroupPC Defenderproccheck.exe %AllUsersProfile%DesktopPC Defender.lnk %AllUsersProfile%Start MenuProgramsPC DefenderPC Defender.lnk Create new registry entries: HKEY_CURRENT_USERsoftwareDef Group HKEY_CURRENT_USERsoftwareDef GroupAntispyware HKEY_CURRENT_USERsoftwareDef GroupAntispywareFound Modify registry entry: HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonOld: Userinit = C:WINDOWSsystem32userinit.exe,New: Userinit = C:WINDOWSsystem32userinit.exe,”C:Program FilesDef GroupPC DefenderAntispyware.exe” Screenshots: How to remove the infection of PC Defender (Adware.Win32.PCDefender)? To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. View the full article Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.