Home Rogue Websites Gudefender.com

Gudefender.com

Posted: February 1, 2011

Gudefender.com is a malicious website that promotes a fake anti-virus kit called Antivirus .NET. Gudefender.com basically advertises the rogue program as a genuine product, but if computer users click on anything on webpage the site will immediately be redirected to a fake scan page which pretends to scan the targeted PC. The bogus scan will produce a list parasites, warning the hapless user that the computer has been infected with malware.

Computer experts have determined Antivirus .NET as a rogue that uses designed false positives to convince users that their systems have been compromised. Gudefender.com will misguide gullible users to buy a so-called full version of Antivirus .NET which really does not even exist. Gudefender.com will not remove any malware from the PC. All the hackers behind this scam want is to rip off the unwary computer user and steal money. Use a reliable malware remover to make sure gudefender.com and Antivirus .NET are both removed from the compromised computer immediately.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Temp%\[random]\
    2 %Temp%\[random]\[random].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:33921"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"HKEY_CURRENT_USER\Software\[random]
Loading...