Christian Mairoll 232 Report post Posted February 24, 2010 The Emsi Software malware research team has discoverd a new outbreak of the PC Defender adware. a-squared Anti-Malware detects this malware as Adware.Win32.PCDefender. PC Defender is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase. This program has a funny thing. It will displays fake blue screen on the victim machine. The blue screen will look like this: Create new files: %ProgramFiles%Def GroupPC DefenderAntispyware.exe %ProgramFiles%Def GroupPC Defenderhook.dll %ProgramFiles%Def GroupPC Defenderproccheck.exe %AllUsersProfile%DesktopPC Defender.lnk %AllUsersProfile%Start MenuProgramsPC DefenderPC Defender.lnk Create new registry entries: HKEY_CURRENT_USERsoftwareDef Group HKEY_CURRENT_USERsoftwareDef GroupAntispyware HKEY_CURRENT_USERsoftwareDef GroupAntispywareFound Modify registry entry: HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonOld: Userinit = C:WINDOWSsystem32userinit.exe,New: Userinit = C:WINDOWSsystem32userinit.exe,”C:Program FilesDef GroupPC DefenderAntispyware.exe”Screenshots: How to remove the infection of PC Defender (Adware.Win32.PCDefender)? To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. View the full article Quote Share this post Link to post Share on other sites
