The Emsi Software malware research team has discoverd a new outbreak of the Desktop Defender 2010 adware. a-squared Anti-Malware detects this malware as Adware.Win32.DesktopDefender2010.

Desktop Defender 2010 is a rogue scanner program, it shows misleading scan results and fake security alerts. If you download and install Windows PC Defender 2010, it will be automatically configured to start each time you log on into Windows. Once the program is running it will scan your computer and then displays fake infections, but will not allow you to remove them until you purchase it.

This rogue has some protection, one of them is the protection against virtual machine. When user try to run the Installer of this rogue on the virtual machine environment, the application will crash.

And also protects himself from the unwanted applications, e.g. File Monitor and Registry Monitor from SysInternals.

Create new files:

• %ProgramFiles%\Desktop Defender 2010\msvcr71.dll
• %ProgramFiles%\Desktop Defender 2010\pthreadVC2.dll
• %ProgramFiles%\Desktop Defender 2010\shellext.dll
• %ProgramFiles%\Desktop Defender 2010\siglsp.dll
• %ProgramFiles%\Desktop Defender 2010\tdifw_drv_WLH.sys
• %ProgramFiles%\Desktop Defender 2010\tdifw_drv_WXP.sys
• %ProgramFiles%\Desktop Defender 2010\uninstall.exe
• %ProgramFiles%\Desktop Defender 2010\AF.dll
• %ProgramFiles%\Desktop Defender 2010\daily.cvd
• %ProgramFiles%\Desktop Defender 2010\Desktop Defender 2010.exe
• %ProgramFiles%\Desktop Defender 2010\guide.chm
• %ProgramFiles%\Desktop Defender 2010\hjengine.dll
• %ProgramFiles%\Desktop Defender 2010\IEAddon.dll
• %ProgramFiles%\Desktop Defender 2010\MFC71.dll
• %ProgramFiles%\Desktop Defender 2010\MFC71ENU.DLL
• %ProgramFiles%\Desktop Defender 2010\msvcp71.dll
• %SystemRoot%\system32\drivers\tdifw_drv.sys
• %AllUsersProfile%\Desktop\Desktop Defender 2010.lnk
• %AllUsersProfile%\Start Menu\Programs\Desktop Defender 2010.lnk
• %AllUsersProfile%\Start Menu\Programs\Desktop Defender 2010\How to Activate Desktop Defender 2010.lnk
• %AllUsersProfile%\Start Menu\Programs\Desktop Defender 2010\Activate Desktop Defender 2010.lnk
• %AllUsersProfile%\Start Menu\Programs\Desktop Defender 2010\Desktop Defender 2010.lnk
• %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Defender 2010.lnk
• %UserProfile%\Local Settings\Temp\kgn.exe
• %UserProfile%\Local Settings\Temp\kilslmd.exex
• %UserProfile%\Local Settings\Temp\kn.a.exe
• %UserProfile%\Local Settings\Temp\.tt1.tmp
• %UserProfile%\Local Settings\Temp\.tt1.tmp.exe
• %UserProfile%\Local Settings\Temp\gedx_ae09.exe
• %UserProfile%\Local Settings\Temp\nsq18.tmp\ext.dll
• %UserProfile%\Local Settings\Temp\nsq18.tmp\System.dll

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\Classes\*\shellex\ContextMenuHandlers\antivirus_contextscan
• HKEY_LOCAL_MACHINE\software\Classes\AppID\IEAddon.DLL
• HKEY_LOCAL_MACHINE\software\Classes\AppID\{C0E56AC2-9F72-436E-B6E7-AEC28AF9E4EB}
• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{08EEC6AD-7486-487F-89B7-5A3716DDAE14}
• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{08EEC6AD-7486-487F-89B7-5A3716DDAE14}\InprocServer32
• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}\InprocServer32
• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}\ProgID
• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}\Programmable
• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}\TypeLib
• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}\VersionIndependentProgID
• HKEY_LOCAL_MACHINE\software\Classes\Drive\shellex\ContextMenuHandlers\antivirus_contextscan
• HKEY_LOCAL_MACHINE\software\Classes\Folder\shellex\ContextMenuHandlers\antivirus_contextscan
• HKEY_LOCAL_MACHINE\software\Classes\IEAddon.StatusBarPane
• HKEY_LOCAL_MACHINE\software\Classes\IEAddon.StatusBarPane\CLSID
• HKEY_LOCAL_MACHINE\software\Classes\IEAddon.StatusBarPane\CurVer
• HKEY_LOCAL_MACHINE\software\Classes\IEAddon.StatusBarPane.1
• HKEY_LOCAL_MACHINE\software\Classes\IEAddon.StatusBarPane.1\CLSID
• HKEY_LOCAL_MACHINE\software\Classes\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}
• HKEY_LOCAL_MACHINE\software\Classes\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}\ProxyStubClsid
• HKEY_LOCAL_MACHINE\software\Classes\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}\ProxyStubClsid32
• HKEY_LOCAL_MACHINE\software\Classes\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}\TypeLib
• HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}
• HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}\1.0
• HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}\1.0\0
• HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}\1.0\0\win32
• HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}\1.0\FLAGS
• HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}\1.0\HELPDIR
• HKEY_LOCAL_MACHINE\software\Desktop Defender 2010
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Desktop Defender 2010
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdifw_drv
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “Desktop Defender 2010″

Screenshots:

How to remove the infection of Adware.Win32.DesktopDefender2010?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the BlockWatcher adware. a-squared Anti-Malware detects this malware as Adware.Win32.BlockWatcher.

BlockWatcher is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of BlockWatcher also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier,  SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc, so it has same user interface, same characteristics, just a different name. To further convince victims, BlockWatcher will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

• %ProgramFilesDir%\BlockWatcher Software\BlockWatcher\BlockWatcher.exe
• %ProgramFilesDir%\BlockWatcher Software\BlockWatcher\uninstall.exe
• %AllUsersProfile%\Desktop\BlockWatcher.lnk
• %AllUsersProfile%\Start Menu\Programs\BlockWatcher\1 BlockWatcher.lnk
• %AllUsersProfile%\Start Menu\Programs\BlockWatcher\2 Homepage.lnk
• %AllUsersProfile%\Start Menu\Programs\BlockWatcher\3 Uninstall.lnk
• %UserProfile%\Cookies\user@blockwatcher[1].txt
• %UserProfile%\Local Settings\Temp\nsx2.tmp\nsProcess.dll

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\BlockWatcher
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\BlockWatcher
• HKEY_CURRENT_USER\software\BlockWatcher
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “BlockWatcher”

Screenshots:

How to remove the infection of Adware.Win32.BlockWatcher?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the SoftStronghold adware. a-squared Anti-Malware detects this malware as Adware.Win32.SoftStronghold.

SoftStronghold is a rogue scanner program, it shows a fake security center window, misleading scan results and fake security alerts. The author of SoftStronghold also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, ShieldSafeness, SoftVeteran, SoftSoldier,  SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc, so it has same user interface, same characteristics, just a different name. To further convince victims, SoftStronghold will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

• %ProgramFiles%\SoftStronghold Software\SoftStronghold\SoftStronghold.exe
• %ProgramFiles%\SoftStronghold Software\SoftStronghold\uninstall.exe
• %AllUsersProfile%\Desktop\SoftStronghold.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftStronghold\1 SoftStronghold.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftStronghold\2 Homepage.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftStronghold\3 Uninstall.lnk
• %UserProfile%\Cookies\username@softstronghold[2].txt
• %UserProfile%\Local Settings\Temp\nss84.tmp\nsProcess.dll

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SoftStronghold
• HKEY_LOCAL_MACHINE\software\SoftStronghold
• HKEY_CURRENT_USER\software\SoftStronghold
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SoftStronghold”

Screenshots:

How to remove the infection of Adware.Win32.SoftStronghold?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the ShieldSafeness adware. a-squared Anti-Malware detects this malware as Adware.Win32.ShieldSafeness.

ShieldSafeness is a rogue scanner program, it shows a fake security center window, misleading scan results and fake security alerts. The author of ShieldSafeness also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, SoftVeteran, SoftSoldier,  SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc, so it has same user interface, same characteristics, just a different name. To further convince victims, ShieldSafeness will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

• %ProgramFiles%\ShieldSafeness Software\ShieldSafeness\always_delete.xml
• %ProgramFiles%\ShieldSafeness Software\ShieldSafeness\always_skip.xml
• %ProgramFiles%\ShieldSafeness Software\ShieldSafeness\main_config.xml
• %ProgramFiles%\ShieldSafeness Software\ShieldSafeness\ShieldSafeness.exe
• %ProgramFiles%\ShieldSafeness Software\ShieldSafeness\uninstall.exe
• %ProgramFiles%\ShieldSafeness Software\ShieldSafeness\quarantine\quarantine.xml
• %SystemRoot%\system32\setup2.exe
• %AllUsersProfile%\Desktop\ShieldSafeness.lnk
• %AllUsersProfile%\Start Menu\Programs\ShieldSafeness\1 ShieldSafeness.lnk
• %AllUsersProfile%\Start Menu\Programs\ShieldSafeness\2 Homepage.lnk
• %AllUsersProfile%\Start Menu\Programs\ShieldSafeness\3 Uninstall.lnk
• %UserProfile%\Cookies\virus demo@shieldsafeness[1].txt
• %UserProfile%\Local Settings\Temp\nss86.tmp\nsProcess.dll

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\ShieldSafeness
• HKEY_LOCAL_MACHINE\software\ShieldSafeness
• HKEY_CURRENT_USER\software\ShieldSafeness
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “ShieldSafeness”

Screenshots:

How to remove the infection of Adware.Win32.ShieldSafeness ?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the Windows System Defender adware. a-squared Anti-Malware detects this malware as Adware.Win32.WindowsSystemDefender.

Windows System Defender is an rogue scanner program, it will act like security program. It show misleading scan results and fake security alerts to convince the user that their computer infected with malware. The author of WindowsSystemDefender is still the same as that made Live PC Care, Additional Guard, Enterprise Suite, System Defender, Windows Enterprise Defender, Windows PC Defender, etc. To more convince users, Windows System Defender will also create numerous files on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

• %AllUsersProfile%\Application Data\b0cf5\WSba6.exe
• %AllUsersProfile%\Application Data\WSDDSys\wsd.cfg
• %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows System Defender.lnk
• %UserProfile%\Application Data\Windows System Defender\Instructions.ini
• %UserProfile%\Desktop\Windows System Defender.lnk
• %UserProfile%\Desktop\WSD.ico
• %UserProfile%\Desktop\378.mof
• %UserProfile%\Desktop\WSDDSys\vd952342.bd
• %UserProfile%\Start Menu\Windows System Defender.lnk
• %UserProfile%\Start Menu\Programs\Windows System Defender.lnk
• %UserProfile%\Recent\ppal.tmp
• %UserProfile%\Recent\runddlkey.exe
• %UserProfile%\Recent\runddlkey.tmp
• %UserProfile%\Recent\SICKBOY.exe
• %UserProfile%\Recent\SICKBOY.tmp
• %UserProfile%\Recent\sld.exe
• %UserProfile%\Recent\SM.exe
• %UserProfile%\Recent\std.drv
• %UserProfile%\Recent\ANTIGEN.exe
• %UserProfile%\Recent\ANTIGEN.sys
• %UserProfile%\Recent\ddv.sys
• %UserProfile%\Recent\ddv.tmp
• %UserProfile%\Recent\eb.dll
• %UserProfile%\Recent\energy.tmp
• %UserProfile%\Recent\PE.exe

Create new registry entry:

• HKEY_LOCAL_MACHINE|\software\microsoft\Windows\CurrentVersion\Run, “Windows System Defender”

Malware screenshots:

How to remove the infection of Adware.Win32.WindowsSystemDefender?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.