The Emsi Software malware research team has discoverd a new outbreak of the PC Defender adware. a-squared Anti-Malware detects this malware as Adware.Win32.PCDefender.

PC Defender is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

This program has a funny thing. It will displays fake blue screen on the victim machine. The blue screen will look like this:

Create new files:

• %ProgramFiles%\Def Group\PC Defender\Antispyware.exe
• %ProgramFiles%\Def Group\PC Defender\hook.dll
• %ProgramFiles%\Def Group\PC Defender\proccheck.exe
• %AllUsersProfile%\Desktop\PC Defender.lnk
• %AllUsersProfile%\Start Menu\Programs\PC Defender\PC Defender.lnk

Create new registry entries:

• HKEY_CURRENT_USER\software\Def Group
• HKEY_CURRENT_USER\software\Def Group\Antispyware
• HKEY_CURRENT_USER\software\Def Group\Antispyware\Found

Modify registry entry:

• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
  Old: Userinit = C:\WINDOWS\system32\userinit.exe,
  New: Userinit = C:\WINDOWS\system32\userinit.exe,”C:\Program Files\Def Group\PC Defender\Antispyware.exe”

Screenshots:

How to remove the infection of PC Defender (Adware.Win32.PCDefender)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: PCDefender, Rogue

This entry was posted on Wednesday, February 24th, 2010 at 23:58 and is filed under Malware Alerts, Removal Help. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.