Iron Defender
Iron Defender also known as the IronDefender virus will be spread over the Internet by a Trojan Downloader. It may also arrive on the computer disguising as an antivirus program from fake online virus scanner web pages. Once inside the computer, it will begin a display a barrage of fake warning messages to scare users and force them to get the registered version of Iron Defender. This program will have no positive advantage when installed on computer, so don’t hesitate to remove it as soon as possible and never obtain the licensed version.
In removing Iron Defender all you have to do is download efficient anti-malware program. This can be use for free and is enough to scan computer and remove detected threats. However, if you want one that will protect your computer against future attack. Only full version can give you that functionality.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of Iron Defender Infection?
It will modify Windows Registry and add the following entries:
HKEY_CURRENT_USER\Software\IronDefender
HKEY_LOCAL_MACHINE\SOFTWARE\IronDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IronDefender
HKEY_CURRENT_USER\Software “Install_Dir” = “C:\Program Files\FDFCA”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “vur4.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “F0E84.exe”
The threat will drop the following malicious files:
%Program Files%\FDFCA\F0E84.exe
%Program Files%\FDFCA\Uninstall.exe
%WINDOWS%\{random}.exe
%WINDOWS%\{random}.bin
%WINDOWS%\{random}.dll
%WINDOWS%\{random}.cpl
%WINDOWS%\system32\[random].exe
%WINDOWS%\system32\[random].bin
%WINDOWS%\system32\[random].dll
%WINDOWS%\system32\[random].cpl
%UserProfile%\Desktop\hash
%UserProfile%\Desktop\IronDefender.lnk
%UserProfile%\Local Settings\Temp\[random].exe
How to Remove Iron Defender Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.
How to Easily Remove Iron Defender
1. Download and run Removal Tool to remove this computer threat.
Microsoft Security Antivirus Windows Security has found critical process activity on your system