Internet Defender
Internet Defender
Win32.FraudTool.InternetDefender is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.
Files
c:\Documents and Settings\All Users\Application Data\3f349f15-b32a-4798-afc7-56dc972584d3_.mkv
c:\Documents and Settings\All Users\Application Data\3f349f15-b32a-4798-afc7-56dc972584d3_35.avi
c:\Documents and Settings\All Users\Application Data\3f349f15-b32a-4798-afc7-56dc972584d3_35.ico
c:\Documents and Settings\<USER ACCOUNT>\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Defender.lnk
c:\Program Files\Internet Defender\Internet Defender.dll
c:\Temp\DmQPH2nB.dll
c:\Temp\wrk28.tmp
Folders
c:\Program Files\Internet Defender
Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "3f349f15-b32a-4798-afc7-56dc972584d3_35"
Data: "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\All Users\Application Data\3f349f15-b32a-4798-afc7-56dc972584d3_35.avi", DllUnregisterServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\system32\rundll32.exe"
Data: C:\WINDOWS\system32\rundll32.exe:*:Enabled:Internet Defender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\system32\rundll32.exe"
Data: C:\WINDOWS\system32\rundll32.exe:*:Enabled:Internet Defender