Winpcdefender09.com
Winpcdefender09.com is a browser hijacker sponsoring the spread of the dangerous rogue anti-spyware program WinPC Defender. Due to affiliated trojans penetrating the holes in your computer’s security and altering the browser configuration, you will find your web-surfing activities being diverted to the Winpcdefender09.com web page over and over again. Once here, misleading information and fake online scans reporting fabricated infection results are all used in order to persuade you to purchase WinPC Defender.
File System Modifications
- The following files were created in the system:
# File Name 1 %Program Files%\WinPC Defender\data.dat 2 %Program Files%\WinPC Defender\FwHookDrv.sys 3 %Program Files%\WinPC Defender\HOSTS.hst 4 %Program Files%\WinPC Defender\Manual.url 5 %Program Files%\WinPC Defender\options.xml 6 %Program Files%\WinPC Defender\reserve.dat 7 %Program Files%\WinPC Defender\rules 8 %Program Files%\WinPC Defender\Rules.txt 9 %Program Files%\WinPC Defender\siren.wav 10 %Program Files%\WinPC Defender\Support.url 11 %Program Files%\WinPC Defender\svo.scf 12 %Program Files%\WinPC Defender\temp 13 %Program Files%\WinPC Defender\Uninstall.exe 14 %Program Files%\WinPC Defender\Uninstall_st_st_.exe 15 %Program Files%\WinPC Defender\vfile 16 %Program Files%\WinPC Defender\WDefDemo.exe 17 %Program Files%\WinPC Defender\Web.url 18 %UserProfile%\Desktop\Launch WinPC Defender.lnk 19 %UserProfile%\Local Settings\Temp\[Random Name].tmp 20 %UserProfile%\Local Settings\Temp\delwdef2008.bat 21 %WINDOWS%\ieocx.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "sysav"HKEY_CURRENT_USER\Software\WinPC DefenderHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}HKEY_CLASSES_ROOT\IEocxApp.IEocxHKEY_CLASSES_ROOT\IEocxApp.IEocx.1HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}HKEY_CLASSES_ROOT\TypeLib\{A54DC52D-7AAD-4D40-A126-337211631EDC}HKEY_CURRENT_USER\Control Panel\don’t load "scui.cpl"HKEY_CURRENT_USER\Control Panel\don’t load "wscui.cpl"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Content"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.