Antimalware Defender
February 1, 2010 Threat level:
(7 / 10)
Antimalware Defender description
Antimalware Defender is a malware trying to sell itself as a real system security tool. Antimalware Defender is made to look like a part of Windows security center which should make the users believe that it is actually a legitimate part of Windows OS. Unfortunately, it is not. Antimalware Defender is a fake computer protection program which only pretends to scan your computer and detect numerous security threats. Antimalware Defender also displays pop-up warning messages which interrupt the regular PC usage.
Antimalware Defender is installed by trojans pretending to be Windows update files. As Antimalware Defender enters the system it configures to launch on startup and to violate your security system. It makes your computer vulnerable and allows other similar parasites to enter easily. The best thing to do when having Antimalware Defender is to remove it ASAP.
Here's how a fake security warning generated by Antimalware Defender looks like:
Antimalware security update for Windows XP (KB961118)
Size: 433KB
This critical update will install System Security Update 2010.01.023 (Antimalware Defender Upgrade; KB648759)
Beware!
Antimalware Defender websites
antimalwaredefender.comantimalware-defender.com Learn how to block rogue websites
New processes created
HKEY_CLASSES_ROOT\CLSID\{ca84c702-c758-4421-974e-b02662e76d7c}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca84c702-c758-4421-974e-b02662e76d7c}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ca84c702-c758-4421-974e-b02662e76d7c_6" Learn how to remove malicious processes
New files and directories created
c:\Documents and Settings\All Users\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.avic:\Documents and Settings\All Users\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.ico
c:\Documents and Settings\All Users\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.mkv
c:\Documents and Settings\All Users\Start Menu\Programs\Antimalware Defender
c:\Documents and Settings\All Users\Start Menu\Programs\Antimalware Defender\Antimalware Defender.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Startup\ca84c702-c758-4421-974e-b02662e76d7c_6.lnk
c:\Program Files\Antimalware Defender
c:\Program Files\Antimalware Defender\Antimalware Defender.dll
c:\WINDOWS\system32\ca84c702-c758-4421-974e-b02662e76d7c_6.avi
c:\WINDOWS\system32\ca84c702-c758-4421-974e-b02662e76d7c_6.ico
%UserProfile%\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.avi
%UserProfile%\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.ico
%UserProfile%\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.mkv
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Defender.lnk
%UserProfile%\Desktop\Antimalware Defender.lnk
%UserProfile%\Local Settings\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.avi
%UserProfile%\Local Settings\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.ico
%UserProfile%\Local Settings\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.mkv
%UserProfile%\Start Menu\Programs\Antimalware Defender
%UserProfile%\Start Menu\Programs\Antimalware Defender\Antimalware Defender.lnk
%UserProfile%\Start Menu\Programs\Startup\ca84c702-c758-4421-974e-b02662e76d7c_6.lnk Learn how to unregister malicious DLL files
How to remove Antimalware Defender
To remove Antimalware Defender manually you must block rogue Antimalware Defender related websites, remove malicious processes and registry entries, unregister dlls and delete all malicious Antimalware Defender files from your computer.
Please note: cleaning your computer is a difficult and dangerous task, manually editing registry entries and removing processes and files may cause serious damage to your system. We strongly recommend scanning your computer with one of the legitimate antispyware scanners.