The Emsi Software malware research team has discoverd a new outbreak of the Advanced Defender adware. a-squared Anti-Malware detects this malware as Adware.Win32.AdvancedDefender.

Advanced Defender is a rogue application. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

• %ProgramFiles%\Advanced Defender\baseadd.wdb
• %ProgramFiles%\Advanced Defender\conf.wcf
• %ProgramFiles%\Advanced Defender\quarant.wdb
• %ProgramFiles%\Advanced Defender\queue.wdb
• %ProgramFiles%\Advanced Defender\advanceddefender.exe
• %ProgramFiles%\Advanced Defender\base.wdb
• %AllUsersProfile%\Microsoft PData\track.wid
• %UserProfile%\Desktop\Advanced Defender.lnk
• %UserProfile%\Start Menu\Programs\Advanced Defender\Advanced Defender.lnk

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\Advanced Defender
• HKEY_LOCAL_MACHINE\software\Advanced Defender\Soft
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Advanced Defender
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “advanceddefender”

Screenshots:

How to remove the infection of Advanced Defender (Adware.Win32.AdvancedDefender)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: AdvancedDefender, Rogue

This entry was posted on Tuesday, February 9th, 2010 at 16:58 and is filed under Malware Alerts, Removal Help. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.