April 28, 2011

Internet Defender.

Internet Defender is another clone of fake security applications mimicking Windows Defender, a legitimate anti-malware program by Microsoft.
It belongs to the same family as Security Defender and AntiMalware Defender, and is a resurrection of a less active branch of malware. Like other parasites of this family, Internet Defender is distributed by malware infecting legitimate pages, windows vulnerabilities and various downloads bundled with trojans. Sometimes, it is hard to pinpoint exact way how this malware infected your PC, but the symptoms are more or less the same:
First, Internet defender closes majority of open windows to draw attention to itself. Second, it will start showing various alerts to convince you that your PC is heavily infected with spyware, malware, trojans and other parasites.

Despite these warnings, your system is not attacked by hackers directly, although the claims about infections is true: You are infected with fake antivirus Internet Defender itself. If you wonder why it is done so, it becomes crystal clear after you try running system scan with it: You are asked to provide credit card details to remove all the threats like Win32/GameVance, Win32/Yektel.A, Win32/FakeXPA or Win32/Renos.JI. You will not be able to remove these threats manually, as paths to these files are nonexistent, or it will show infections in legitimate files. Thus, this separates Internet Defender 2011 from real commercial removers that never install without user consent, uninstall normally when asked and provides full information about detected malicious files. You should never pay for such software, and it is better to remove Internet Defender as soon as noticed on PC.

Kill malicious Processes from Task Manager:
  • [random].exe
Location of the infection:
  1. %UserProfile%\Application Data\[random]\
  2. %UserProfile%\Application Data\[random]\.[random].exe
  3. %UserProfile%\Application Data\[random]\.[random].avi
  4. %UserProfile%\Application Data\[random]\.[random].ico
  5. %Temp%\[random].dll
  •  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random]" 
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger" = 'svchost.exe'
Although it is possible to manually remove Internet Defender, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend  malware and spyware removal applications.

After removing all these files, restart your computer and the issue will be fixed. And don’t forget to do update your Security Software, check the Firewall Settings and the Operating System and finally do a full system scan with the Security Software.


Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog



There was an error in this gadget
Twitter Delicious Facebook Digg Stumbleupon Favorites More