Defenderunlimited.com

Posted: July 26, 2011

Defenderunlimited.com is one of many websites that markets rogue security applications like Defender Unlimited. Defender Unlimited and similar rogue security applications create fake warnings to convince you that your PC is infected, and then request that you spend money on a full version of the relevant threat-removal product. Rogue anti-spyware software from Defenderunlimited.com has no real power to remove spyware, viruses or other infections, however, and may even hinder your ability to use your web browser or security programs. Our SpywareRemove.com research team strongly suggests that you keep your browser as far from Defenderunlimited.com as possible, for the safety of your computer and your finances.

The Treacherous 'Defense in Defenderunlimited.com Rogue Software

Defenderunlimited.com is cloned from the same template as many other websites that are run by the same criminals, including Clean-security.com, Unlimdefender.com, Ultimate-guard.com, Unlimguard.com and Ultimate-scan.com. These websites pretend to be maintained by a variety of unrelated software companies, but in reality, they all offer an identical rogue security product: Defender Unlimited or a clone of it.

Clones of Defender Unlimited can be recognized by names that match their websites, such as Clean Security and Limited Defender, and our SpywareRemove.com malware researchers have noted that Defender Unlimited and its copies are also sometimes marketed as '2011' variants, such as Defender Unlimited 2011. The security software that these websites provide pretends to have useful anti-virus and anti-spyware functions, as exhibited in warning messages like the following 'Unlimited Defender Firewall' Alert:

"[Rogue program name] Firewall Alert! – Scanning of your system is currently on, please waiting until the end. Your system affected by numerous virus attacks, [rogue program name] Firewall Alert recommends you to install proper software to protect your computer?"

These fake errors can't find real viruses, Trojans or any other infections, and, in fact, have no purpose beyond making you spend money on the dummy products at defenderunlimited.com and affiliated websites. Our SpywareRemove.com research team has found that rogue security programs such as the ones sold by defenderunlimited.com are also a prominent cause of browser hijacks, malfunctioning security software and negatively-altered file-viewing preferences.

How You Can Keep Your PC Safe from Defenderunlimited.com

The majority of rogue anti-spyware software such as defenderunlimited.com's fraudulent programs will infect your computer after you've downloaded a fake codec that really is a Zlob or Fake Microsoft Security Essentials Alert Trojan. In other cases, visiting a malicious website like defenderunlimited.com or even just a website that displays a malicious advertisement can subject you to Flash or Java exploits that install rogue anti-spyware software.

Disabling JavaScript and Flash for websites that you don't trust is an easy way to prevent defenderunlimited.com's rogue security programs from infecting your PC. Since our SpywareRemove.com researchers have found that defenderunlimited.com products and clones of defenderunlimited.com's products are still very new as of July 2011, you may also want to update the threat definition databases of your anti-virus products.

You can remove defenderunlimited.com infections with any appropriately in-depth anti-malware product, although using Safe Mode or another form of alternate system boot may be required to stop Defender Unlimited from loading.

File System Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Internet Explorer\iexplore.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'

Technical Details

Additional Information

The following messages's were detected:
# Message
1[Rogue program name] Firewall Alert! – Scanning of your system is currently on, please waiting until the end. Your system affected by numerous virus attacks, [rogue program name] Firewall Alert recommends you to install proper software to protect your computer?

Home Rogue Websites Defenderunlimited.com

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.