Softwaredefense.net
Softwaredefense.net is a Browser Hijacker which redirects victims to Adware, Spyware and Phishing sites. Softwaredefense.net may use the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site such as your Bank. Softwaredefense.net also contains spyware which monitors all user activities online. Softwaredefense.net poses a severe threat to PC security and should be removed immediately once detected.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\All Users\Desktop\Ghost Antivirus.lnk 2 %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\ 3 %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus Home Page.lnk 4 %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Ghost Antivirus.lnk 5 %Documents and Settings%\All Users\Start Menu\Programs\Ghost Antivirus\Purchase License.lnk 6 %Program Files%\Ghost Antivirus\ 7 %Program Files%\Ghost Antivirus\GhostAV.exe 8 %Program Files%\Ghost Antivirus\Languages\ 9 %Program Files%\Ghost Antivirus\lib\ 10 %Program Files%\Ghost Antivirus\lib\ghost.sql 11 %Program Files%\Ghost Antivirus\lib\Infected.wav 12 %Program Files%\Ghost Antivirus\lib\listing.cfg 13 %Program Files%\Ghost Antivirus\lib\version.db 14 %Program Files%\Ghost Antivirus\lib\WMILib.dll 15 %Program Files%\Ghost Antivirus\register.ico 16 %Program Files%\Ghost Antivirus\unins000.dat 17 %Program Files%\Ghost Antivirus\uninst.ico 18 %Program Files%\Ghost Antivirus\web.ico 19 %Program Files%\Ghost Antivirus\working.log 20 %UserProfile%\Application Data\Ghost Antivirus\ 21 %UserProfile%\Application Data\Ghost Antivirus\lib\ 22 %UserProfile%\Application Data\Ghost Antivirus\lib\links.txt 23 %UserProfile%\Application Data\Ghost Antivirus\lib\properties 24 %UserProfile%\Application Data\Ghost Antivirus\lib\times.conf 25 %UserProfile%\Application Data\Ghost Antivirus\settings.ini 26 %UserProfile%\Application Data\Ghost Antivirus\uill.ini 27 %UserProfile%\Application Data\Ghost Antivirus\unins000.exe 28 %UserProfile%\Application Data\Ghost Antivirus\Uninstall Ghost Antivirus.lnk 29 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Ghost Antivirus.lnk 30 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png 31 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png 32 %UserProfile%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png 33 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\pguard.ini 34 %UserProfile%\Local Settings\Application Data\Microsoft\Windows\services.exe 35 %WINDOWS%\system32\[random].dll 36 [random path]\[random]onin.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\FTPHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User AgentHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Ghost Antivirus_is1
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.