Thursday, February 23, 2012

Get rid of Strong Malware Defender that looks like a system utility beings a its oppressor and entering rules violator

Strong Malware Defender is an outcome of fake utilities evolution that has been running into three major directions:
- creating interface for users that looks credibly like that of genuine system utility
- introducing the program onto as many machines as possible even without notifying users
- preventing detection and /or removal by enemies of malicious programs (security suites).
As regards the program GUI, graphical user’s interface, hackers applied one-time effort to create a single template that was then used in a multiple adwares. That is, the fake in question is a clone of another fake product in terms of its GUI.
Advanced rootkit and exploit based tricks are used to drop the rogue even without asking for user’s approval of any download and installation.
Part of the rogue is recognized as a rootkit used to aggravate removal of Strong Malware Defender.
In spite of all the efforts of hackers to integrate the adware onto PCs, as well as to keep it within by monitoring extermination attempts, free scanner available here encounters no difficulties to remove Strong Malware Defender. 

Strong Malware Defender fake security alerts:
System Alert
Potentially harmful programs have been detected in your system and need to be dealt with immediately. Click here to remove them using Strong Malware Defender.

Warning! Access conflict detected!
An unidentified program is trying to access system process address space.
Process Name: AllowedForm
Location: C:\Windows\...\taskmgr.exe

Warning! Identity theft attempt detected

Warning! Virus detected
Threat Detected: Trojan-PSW.VBS.Half
Description: This is a VBScript-virus. It steals user's passwords.
 Strong Malware Defender screenshot:



Strong Malware Defender manual removal guide:
Delete infected files;
%StartMenu%\Strong Malware Defender.lnk
%AppData%\Microsoft\Internet Explorer\Quick Launch\Strong Malware Defender.lnk
%CommonAppData%\[random]\ASE.ico
%AppData%\Strong Malware Defender\Instructions.ini
Delete infected registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “Strong Malware Defender” “%CommonAppData%\[random]\[random].exe” /s /d

 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

No comments: