Windows Premium Defender

By | July 15, 2012 | 0 Comment

Windows Premium Defender is a fake antivirus program that is spread using a Trojan. It can be loaded into your computer without asking for your permission. That is the goal of the Trojan – to install the fake program by exploiting security fault on your system.

Once it is installed, it will exhibit a number of warnings and alerts. These messages, together with fake scanner will look like a genuine virus removal tool; however, it is just fake. Scan provided by Windows Premium Defender are just simulated. It never scans the system and detected threats are fabricated in order to scare computer users. The trick here is to persuade you into purchasing the full version of the rogue product. However, you must remember that fake antivirus software is made to gain profit for its authors. It will steal money from your credit card since the mode of payment for this product is through online.

Perhaps, you now understand how harmful Windows Premium Defender was. It will never help you remove any viruses. In fact, it is the only threat that you must delete from the computer. To get rid of fake program, you must utilize a genuine anti-malware solution. See the suggested program on this page. Download it and start scanning your computer to uninstall Windows Premium Defender and the Trojan that is linked with it.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of Windows Premium Defender Infection?

There are many obvious symptoms if computer is infected with this malware. It will launch a scan once you log-in to Windows. See image below.

Windows Premium Defender Scanner

It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “net” = “u_2012-5-24_6”
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings “UID” = “wtycmiurps”
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe

The threat will drop the following malicious files:
%AppData%\NPSWF32.dll
%AppData%\Protector-[random 3 characters].exe
%AppData%\Protector-[random 4 characters].exe
%AppData%\result.db
%CommonStartMenu%\Programs\Windows Premium Defender.lnk
%Desktop%\Windows Privacy

Leave a Reply

Your email address will not be published. Required fields are marked *