Friday, March 2, 2012

Get rid of Windows Attacks Defender as an instant detector of intentional false positives

Windows Attacks Defender easily finds dozens of threats in the blink of an eye. The speed remains impressive even in online mode as there is a page dressed up as online scanner. It remotely inspects computer system on the behalf of the above program. It does inspect it, but the viruses it scares users with are mere dummy names which the remote scanner never actually detects. It pursues other goal, namely to detect a vulnerability through which to covertly introduce fake antispyware. In the meantime, a user is prompted to perform the job manually as the fake online scanner insists on installing its permanent inner version.
Other drive-by downloads are in use to spread copies of the fake antispyware. Those include such schemes as introduction of the rogue by trojan-dropper, spamming, undeclared attaching of the rogue to free content that user finds attractive etc.
Remove Windows Attacks Defender as one of the most aggressive fakes ever observed. All the threats it reports are intentional false positives. The rogue, apart from bombarding its unhappy victims with endless flow of alerts, terminates a number of processes thus blocking legit software products and causing system freezes.
Clicking here will trigger free scanner and ensure removal of Windows Attacks Defender in the course of memory disinfection by cleaning the parasites unveiled. 






Windows Attacks Defender screenshot:

Manual removal guide:
Delete infected files:
%AppData%\Protector-lcl.exe
    %AppData%\result.db
    %UserProfile%\Desktop\Windows Attacks Defender.lnk
    %AllUsersProfile%\Start Menu\Programs\Windows Attacks Defender.lnk
Delete infected registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Inspector = %AppData%\Protector-lcl.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe


No comments: