Security Defender
Security Defender is a rogue security application that is loaded on the computer without users knowledge through the use of Trojan that will disguise as an updated for Windows systems. If the Trojan is executed, it will pop-up a windows that will look very similar to Windows update that can easily deceive its victims and may convince them to install Security Defender with the following messages:
Antimalware security update for Windows XP (KB931215)
Size: 433KB
This critical update will install System Security Update 2010.01.023 (Security Defender Upgrade; KKB931215)
Once this malicious application is installed, an automatic virus scan is performed by Security Defender. After the fake scan, it will pronounce that several infections were detected on the computer and prompts to remove these infections by means of Security Defender. Though it will not allow a removal of threat until a Security Defender registration key is purchased.
If this fake AV program is detected on the computer, immediately scan with installed anti-virus application. Make sure that database is fully updated. On some instances, anti-virus programs will be disabled by Security Defender, the best remedy for this is to download a recommended anti-malware program as stated below and remove Security Defender immediately.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of Security Defender Infection?
It will modify Windows Registry and add the following entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca84c702-c758-4421-974e-b02662e76d7c}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ca84c702-c758-4421-974e-b02662e76d7c_6″
HKEY_CLASSES_ROOT\CLSID\{ca84c702-c758-4421-974e-b02662e76d7c}
The threat will drop the following malicious files:
c:\Documents and Settings\All Users\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.avi
c:\Documents and Settings\All Users\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.ico
c:\Documents and Settings\All Users\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.mkv
c:\Documents and Settings\All Users\Start Menu\Programs\Security Defender
c:\Documents and Settings\All Users\Start Menu\Programs\Security Defender\Security Defender.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Startup\ca84c702-c758-4421-974e-b02662e76d7c_6.lnk
c:\Program Files\Security Defender
c:\Program Files\Security Defender\Security Defender.dll
c:\WINDOWS\system32\ca84c702-c758-4421-974e-b02662e76d7c_6.avi
c:\WINDOWS\system32\ca84c702-c758-4421-974e-b02662e76d7c_6.ico
%UserProfile%\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.avi
%UserProfile%\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.ico
%UserProfile%\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.mkv
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Defender.lnk
%UserProfile%\Desktop\Security Defender.lnk
%UserProfile%\Local Settings\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.avi
%UserProfile%\Local Settings\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.ico
%UserProfile%\Local Settings\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.mkv
%UserProfile%\Start Menu\Programs\Security Defender
%UserProfile%\Start Menu\Programs\Security Defender\Security Defender.lnk
How to Remove Security Defender Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.
How to Easily Remove Security Defender
1. Download and run Removal Tool to remove this computer threat.
Windows Care Tool Smart Internet 2011