The Emsisoft malware research team has discoverd a new outbreak of the AVDefender 2011 adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.AVDefender2011.

AVDefender 2011 is a rogue security program. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

• %UserProfile%\Application Data\AVDefender2011\vlc.dat
• %UserProfile%\Application Data\AVDefender2011\AVDefender2011.ini
• %UserProfile%\Application Data\AVDefender2011\history.dat
• %UserProfile%\Application Data\AVDefender2011\result.dat
• %UserProfile%\Application Data\omon\zjrhrxgbtg.exe
• %UserProfile%\Application Data\omon\sk.lst
• %UserProfile%\Start Menu\AVDefender2011\AVDefender2011.lnk

Create/modify registry entries:

• HKEY_CURRENT_USER\software\AVDefender 2011
  (SZ) Path = %UserProfile%\Application Data\omon\zjrhrxgbtg.exe

• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
  (SZ) Shell = %UserProfile%\Application Data\omon\zjrhrxgbtg.exe

Screenshots:

How to remove the infection of AVDefender 2011 (Adware.Win32.AVDefender2011)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: AVDefender2011, Rogue

This entry was posted on Wednesday, September 1st, 2010 at 16:22 and is filed under Malware Alerts, Removal Help. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.