Security Defender

Posted: February 4, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	4,907

First Seen:	February 11, 2011
Last Seen:	May 20, 2023
OS(es) Affected:	Windows

Just the latest spawn in a large brood of fake antivirus scanners, Security Defender has numerous connections to earlier forms of rogue malware and should be removed at the earliest opportunity. Like other rogues, it operates by way of a simple graphical shell that pretends to alert the user to serious computer errors. However, these are all false, specifically created to be a scam.

A Biography of the Newest Member of the Nasty Rogue Family

Security Defender, despite being the 2011 model of the same old scam, shares the limitations of these rogues. Most importantly, it's completely unable of detecting or removing true threats to your computer's stability or security. Like many kinds of malware, it has its origins in the Russian Federation. Although it may look a little different from others, more polished and modern, its methodology is identical. This is good for the user, because it means that removing Security Defender is an already solved puzzle!

Identifying the Traitor in Your Ranks

Sometimes it can be difficult to tell whether you have a malware infection on your computer. Security Defender is happily a standout rogue that makes identification very easy. In fact, it can't wait to advertise its presence! It will run itself automatically rather than requiring a prompt, and will immediately detect many nonexistent threats. Despite these messages, Security Defender is physically incapable of actually scanning your computer, let alone removing serious threats, even in its supposed 'full' version.

Another ironic trait that makes Security Defender a snap to identify is its rather morbidly enthusiastic marketing. This is a rogue that truly relies on you not knowing what it is to get the sale! It will engage in tactics such as creating popups or modifying your browser settings with a proxy server for redirection. Whatever foul tactics Security Defender takes always ends at the same goal, towards a purchase form for itself.

The Worst Security Defender Has to Offer to Your System

Security Defender's aggressive attempts to protect itself from being deleted are both its most blatant and its most dangerous behavior. To this end, it may automatically shut down any process it considers a threat to its own predatory well-being, including various genuine anti-malware scanner programs.

The Achilles Heels in Security Defender

Even in the face of such aggression, there's no reason to give in to this rogue invader. Security Defender has several weak points that make it easy to remove. Because it requires a web browser to scam you out of your money in the first place, Security Defender won't block the processes for Internet Explorer or Firefox.

However, it's usually more efficient to boot into Safe Mode. To access the menu for Safe Mode, simply hit F8 while starting your computer and this will prevent Security Defender from starting up in the first place. If your Internet connection is for some reason cut off or crippled by this rogue, there are two ways to regain it. The first is to use 'Safe Mode with Networking.' The second works in any mode - just disable proxy servers in your LAN Settings under the Connections tab of Internet Options (found in the Control Panel).

While in Safe Mode, removing Security Defender and any other infections should be your top concern, since this nasty little guy will hinder all other operations as long as it's on your hard drive. Some professional anti-malware scanners may have difficulty recognizing and cleansing the PC from Security Defender. It can also be removed in a hands-on fashion - searching for all its files and folders as well as registry entries, and deleting them one at a time. With this last method, you should take care that all components of Security Defender are truly deleted. Make sure that there aren't any malware-based processes running during your deletion sweep! If done properly, your system should be free of this highly disruptive pest, allowing you to go about your life with renewed freedom.

Aliases

TR/Workir.agk [AntiVir]Trojan.Win32.Workir [Ikarus]Trojan.Win32.Scar.g.1 (v) [Sunbelt]BackDoor.Lat [DrWeb]

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%APPDATA%\03e5c2ca-9a05-418d-b277-d7db924dcb95_46.avi

File name: 03e5c2ca-9a05-418d-b277-d7db924dcb95_46.avi
Size: 43.74 KB (43741 bytes)
MD5: 50451521c2528c39278d3a85250c1200
Detection count: 440
Mime Type: unknown/avi
Path: %APPDATA%
Group: Malware file
Last Updated: December 15, 2011

%ALLUSERSPROFILE%\13cbb1a7-243b-4c2d-a4f0-957e7ace64dd_34.avi

File name: 13cbb1a7-243b-4c2d-a4f0-957e7ace64dd_34.avi
Size: 1.83 MB (1830400 bytes)
MD5: 601ddf36f1f78f6835c5179101d0b778
Detection count: 356
Mime Type: unknown/avi
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: December 15, 2011

%ALLUSERSPROFILE%\b31a8294-09b7-4487-974a-deb2578a502e_34.avi

File name: b31a8294-09b7-4487-974a-deb2578a502e_34.avi
Size: 1.78 MB (1784832 bytes)
MD5: 558cdbe9ac8039dfbc29ec2181b99e2d
Detection count: 262
Mime Type: unknown/avi
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: December 15, 2011

%APPDATA%\2283880F-EF87-4aac-8EBD-C9BCC8494AF5_47.avi

File name: 2283880F-EF87-4aac-8EBD-C9BCC8494AF5_47.avi
Size: 80.61 KB (80610 bytes)
MD5: 370aa0648b6deff8a7a499843d6f0307
Detection count: 166
Mime Type: unknown/avi
Path: %APPDATA%
Group: Malware file
Last Updated: December 15, 2011

%APPDATA%\2283880F-EF87-4aac-8EBD-C9BCC8494AF5_47.avi

File name: 2283880F-EF87-4aac-8EBD-C9BCC8494AF5_47.avi
Size: 80.61 KB (80613 bytes)
MD5: feef20400b0fa5cc8493961acf7809eb
Detection count: 166
Mime Type: unknown/avi
Path: %APPDATA%
Group: Malware file
Last Updated: December 15, 2011

%ProgramFiles%\Security Defender\Security Defender.dll

File name: Security Defender.dll
Size: 1.09 MB (1090048 bytes)
MD5: 1c75d2463adfdd2d1a462a096dec92fe
Detection count: 83
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ProgramFiles%\Security Defender
Group: Malware file
Last Updated: February 11, 2011

%ALLUSERSPROFILE%\Application Data\d09cfb1c-9bb8-4ad1-a467-d105a674c81a_.mkv

File name: d09cfb1c-9bb8-4ad1-a467-d105a674c81a_.mkv
Size: 868B (868 bytes)
MD5: 92c4bc9e861f77ac4d5975a6dbb332aa
Detection count: 81
Mime Type: unknown/mkv
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: February 11, 2011

Registry Modifications

The following newly produced Registry Values are:

File name without pathSecurity Defender.lnkRegexp file mask%APPDATA%\[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS].avi%LOCALAPPDATA%\App\[RANDOM CHARACTERS].dll%WINDIR%\system32\[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS].avi

Additional Information

The following directories were created:

%ALLUSERSPROFILE%\pcdfdata%ProgramFiles%\Security Defender

The following messages's were detected:

#	Message
1	Security Defender Firewall Alert Iexplore.exe is infected with Trojan.JS.Fraud.ba. Private data can be stolen by third parties, including credit card details and passwords. Windows recommends activate Security Defender
2	System Security Alert! Unknown program is scanning your system registry right now! Identify the theft detected!
3	System Security Alert! Vulnerabilities found Background scan for security breaches has been finished. Serious problems have been detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defence.

Security Defender Pro 2015

29 Comments

Glory Ncube says:

February 5, 2011 at 2:49 pm

I downloaded security defender onto my computer and paid for it and I was wondering if anyone knows how I can contact them for the refund as I have just found out that it is not good

Thanks
stephanie says:

February 17, 2011 at 11:17 am

somehow this security defender got into my computer and now i cant ge it removed help!!!!plzzzz its driving me nuts
alexander canon says:

February 17, 2011 at 7:12 pm

THANK YOU FOR YOUR SUPPORT
Karen Tindell says:

February 18, 2011 at 2:51 pm

Will someone PLEASE HELP ME WITH removing this disasterious and annoying Security Defender from my computer? It is driving me insane.

Thank you
Sincerely Karen
Rhonda625 says:

February 18, 2011 at 4:34 pm

Thank you for the info on removing this - I couldn't find all the processes you mentioned, but I'll keep working on it.

Don't ever get Security Defender on your computer!
Pat says:

February 19, 2011 at 12:47 pm

I got as far as -- Run - entered regedit, found the HKEY_LOCAL_Machine, but not the softwarre/securirtyDefender, as a result when I right clicked could not highlight delete. So frustruated with this security Defender!!!! can anyone help
Cate Huggiins says:

February 19, 2011 at 3:06 pm

Security Defender Should be shut down!!!! It is a nuisance. My husband will spend days getting rid of this boil on the web. Does anyone have any suggestions?
sharontracy says:

February 19, 2011 at 8:42 pm

please tell me how i can get security defender out of this comperter i down load it until i knew i had to pay then i stop and now want it gone how do i do that helpppppp please
Sydney D. says:

February 20, 2011 at 8:33 pm

ITS DRIVING ME CRAZY PLEASE HELP ME?
Jerelle says:

February 20, 2011 at 10:11 pm

I cannot get this Security defender off my computer.
Joanne says:

February 21, 2011 at 7:41 pm

Can any one please tell me exactly which files or folders you need to delete from the registry? Thanks Joanne
Joe says:

February 22, 2011 at 1:54 pm

I followed the instructions and everything worked until i went to actually delete the file in the last step and it said i "needed permission" to delete it. I quarantined the file in Kaspersky anti virus. will this work or should i find out how to go about actually deleting it??
Jerry Sullivan says:

February 22, 2011 at 1:59 pm

I havebeen fight this security defender invasion for two days. I finally relented and am going to cancel my credit card payment.
Clara says:

February 25, 2011 at 11:17 am

security defebder us insane I can't remove it PLEASE help!
kelsey says:

March 2, 2011 at 6:41 am

PLEASE HELP ME GET THIS STUPID THING OFF MY COMPUTER PLEASE!!!!!
Betty Russell says:

March 2, 2011 at 8:38 pm

Security Defender appeared in my computer and took over every screen. I downloaded the latest Malwarebytes (free from the internet). I then ran the malwarebytes system and there was no more Security Defender. I had technicicans tell me, take it in to a computer repair. NOT! My register was scanned along with my C and D Drives and it was gone. Good luck All!!
danielle says:

March 9, 2011 at 12:29 am

These directions plus the ones on Microsoft\'s website are very helpful with removing this stupid thing. I also purchased Prevx, an official Microsoft malware scanner/removal software to keep this from happening again. It took me 3 hours to fix my mistake, but I can rest peacefully knowing my laptop is much safer.
KESSEM GRIMES says:

June 6, 2011 at 5:29 am

TAKE THIS SECURITY OFF MY COMPUTER
ian parkin says:

October 28, 2011 at 9:55 am

Would you please remove security Defender it keeps getting in my way.
Debra says:

November 1, 2011 at 10:51 pm

I thought I got rid of this stupid security defender but after running a stopzilla and malware bytes, every time i long on, it keeps popping back. any suggestions? I want this stupid thing gone like yesterday
king says:

December 2, 2011 at 11:51 am

We should start a class action law suit ! on Rogues the maker !
Allen Stark says:

December 2, 2011 at 5:32 pm

One of the worst yet to try and get off. I had to have my computer cleaned by a reputable tech. It came through a trusted friend's email.
Austin says:

December 11, 2011 at 7:44 pm

i hate the stupid security defender pop ups i have done the steps and they still pop up how do i get rid of these stupid things
shannon says:

December 12, 2011 at 11:31 am

I already have security defender , its working this mess keeps popping up please help me
Nikki Cabrera says:

December 16, 2011 at 7:17 pm

can you please help me get this security defender off my laptop its getting in my way!
Jim McKay says:

December 30, 2011 at 12:28 pm

I'm trying to get this annoying program and no matter what I do it interupts my work every 5 mins. I didn't ask for this garbage and I want my name and computer off your list PRONTO
rohied says:

December 30, 2011 at 10:20 pm

can please help me take this piece of shit security defender out of my laptop.its driving me crazy
Angel says:

January 3, 2012 at 12:24 pm

THIS CRAP "SECURITY DEFENDER" GOT IN MY CUMPUTER!!!!!!!!! WHAT THE HELL!!!!!!!!!! GET IT OOOOOOOOOOOOOFF!!!!!!!
marilyn says:

January 5, 2012 at 4:46 am

have run malwarebytes (free version) several times, but Security Defender seems to keep coming back - any suggestions?