TrustDefender
TrustDefender is a rogue malware remover designed to pilfer money from unwary computer users. TrustDefender uses a trojan to enter the system before taking control of the browser and spamming the user with annoying pop-ups urging the purchase of a fake product. Do not fall for the lies claiming your system is infected with malware. TrustDefender is a malicious program and should be removed from the compromised system immediately.
File System Modifications
- The following files were created in the system:
# File Name 1 %UserProfile%\Desktop\TrustDefender.lnk 2 %UserProfile%\Local Settings\Temp\[random].exe 3 c:\Documents and Settings\All Users\Desktop\RegistryClever.lnk 4 c:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever\Homepage.lnk 5 c:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever\RegistryClever.lnk 6 c:\Documents and Settings\All Users\Start Menu\Programs\RegistryClever\Uninstall.lnk 7 c:\Documents and Settings\All Users\Start Menu\Programs\TrustDefender.lnk 8 c:\Program Files\FDFCA\F0E84.exe 9 c:\Program Files\FDFCA\Uninstall.exe 10 c:\Program Files\RegistryClever Software\RegistryClever\license.txt 11 c:\Program Files\RegistryClever Software\RegistryClever\RegistryClever.exe 12 c:\Program Files\RegistryClever Software\RegistryClever\RegistryCleverTray.exe 13 c:\Program Files\RegistryClever Software\RegistryClever\Styles\Vista.cjstyles 14 c:\Program Files\RegistryClever Software\RegistryClever\uninstall.exe 15 c:\WINDOWS\[random].bin 16 c:\WINDOWS\[random].cpl 17 c:\WINDOWS\[random].dll 18 c:\WINDOWS\system32\[random].bin 19 c:\WINDOWS\system32\[random].cpl 20 c:\WINDOWS\system32\[random].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "TrayScan"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"HKEY_LOCAL_MACHINE\SOFTWARE\TrustDefenderHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "F0E84.exe"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.