Windows Attacks Defender

Windows Attacks Defender is another variant of Windows PRO Scanner and other fake anti-virus scanners from theWinPC Defender subgroup of scamware, and like its relatives, substitutes fake threat detection for the real thing. Unfortunately, although Windows Attacks Defender does create a convincing facsimile of security software with fake system scans, fake firewall settings and even a replacement for the Task Manager, the only thing that Windows Attacks Defender is capable of defending is itself – with attacks that shut down your computer's security software and hijack your web browser. SpywareRemove.com malware research team recommends that you treat Windows Attacks Defender as no better than other members of its family, and delete Windows Attacks Defender with reputable anti-malware software that can match the boasts that Windows Attacks Defender makes of its own security features.

Windows Attacks Defender: a Newborn to a Poorly-Received Family of Frauds

Windows Attacks Defender is still, as of early March 2012, a very new PC threat, but Windows Attacks Defender is based on rogue anti-virus applications that have been circulating for over a year. SpywareRemove.com malware researchers note that Windows Attacks Defender is identical in all major respects to previous examples of its kin, such as Ultimate Defender, SystemDefender, IE Defender, Advanced XP Defender, XP Defender, WinDefender2008, PCTotalDefender, PC Defender 2008, Personal Defender 2009, WinDefender 2009, Perfect Defender 2009, Total Defender, Malware Defender 2009, WinPC Defender, PC Privacy Defender, Smart Defender Pro, Rogue.UltimateDefender, FraudTool.LastDefender.b and Security Defender Pro 2015. Windows Attacks Defender's features include an automatic start up routine that changes the Registry to allow Windows Attacks Defender to be launched with Windows, although extra security measures, such as booting to Safe Mode, should be able to disable Windows Attacks Defender.

While Windows Attacks Defender's foremost purpose is to make you spend money to register its software, Windows Attacks Defender supports its requests for registration with a well-chosen arsenal of fake security threats and genuine security attacks, such as:

• Fake warning messages that may display in various settings and formats, including toolbar notifications and web browser alerts.
• Imitations of system scans that, of course, always return extremely negative (and unlikely) results.
• Web browser attacks that redirect your browser away from security-oriented sites or towards Windows Attacks Defender's home site.
• However, SpywareRemove.com malware experts consider Windows Attacks Defender's most trouble attacks to be its attempts to block unrelated programs, especially Task Manager (which Windows Attacks Defender may replace with its own worthless utility). This may make it difficult to delete Windows Attacks Defender appropriately without disabling Windows Attacks Defender first.

Since fake messages from Windows Attacks Defender can use many formats, the following examples have been provided for referential purposes:

Security Center Alert
To help protect your computer, Security Center has blocked some features of this program.
Name: Win64.BIT.Looker.exe
Risk: High

ERROR MESSAGE:
Warning
Warning! Virus detected
Threat Detected: Trojan-Spy.HTML.Sunfraud.a

Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Error
Attempt to run a potentially dangerous script detected.
Full system is highly recommended.

Warning! Identity theft attempt detected
Hidden connection IP: 128.154.26.11
Target: Microsoft Corporation keys

System warning
No real-time malware, spyware and virus protection was found. Click here to activate.

Warning! Virus Detected
Threat detected: FTP Server
Infected file: C:\Windows\System32\dllcache\wmpshell.dll

Putting Up a Defense That Windows Attacks Defender Can't Shatter

If you do see the obvious symptoms of a Windows Attacks Defender infection on your PC, SpywareRemove.com malware analysts have recommended the following steps to prevent Windows Attacks Defender from attacking your PC further and removing Windows Attacks Defender as fast and carefully as possible. They also stress that purchasing Windows Attacks Defender is never necessary or even wise, since Windows Attacks Defender lacks any sort of legitimate security-related features and isn't significantly easier to remove in its purchased format as opposed to its faux trial version.

• Boot Windows via Safe Mode or a USB device, either of which should disable Windows Attacks Defender's start up entries. Alternately, if available, you may use a separate operating system on the same computer.
• If necessary, download or update your anti-malware software, since Windows Attacks Defender may include alterations that make it more difficult to detect than other members of the Rogue.VirusDoctor family.
• Scan your PC as thoroughly as possible to delete Windows Attacks Defender and related PC threats that may also have come aboard with Windows Attacks Defender's installation. Even though Windows Attacks Defender may provide its own removal utility, SpywareRemove.com malware experts stress that you should never trust a removal tool that's provided by a PC threat like Windows Attacks Defender.

Technical Details