Home Malware Programs Rogue Anti-Spyware Programs Windows Attacks Defender

Windows Attacks Defender

Posted: March 2, 2012

Threat Metric

Threat Level: 10/10
Infected PCs: 7
First Seen: March 2, 2012
OS(es) Affected: Windows

Windows Attacks Defender Screenshot 1Windows Attacks Defender is another variant of Windows PRO Scanner and other fake anti-virus scanners from theWinPC Defender subgroup of scamware, and like its relatives, substitutes fake threat detection for the real thing. Unfortunately, although Windows Attacks Defender does create a convincing facsimile of security software with fake system scans, fake firewall settings and even a replacement for the Task Manager, the only thing that Windows Attacks Defender is capable of defending is itself – with attacks that shut down your computer's security software and hijack your web browser. SpywareRemove.com malware research team recommends that you treat Windows Attacks Defender as no better than other members of its family, and delete Windows Attacks Defender with reputable anti-malware software that can match the boasts that Windows Attacks Defender makes of its own security features.

Windows Attacks Defender: a Newborn to a Poorly-Received Family of Frauds

Windows Attacks Defender is still, as of early March 2012, a very new PC threat, but Windows Attacks Defender is based on rogue anti-virus applications that have been circulating for over a year. SpywareRemove.com malware researchers note that Windows Attacks Defender is identical in all major respects to previous examples of its kin, such as Ultimate Defender, SystemDefender, IE Defender, Advanced XP Defender, XP Defender, WinDefender2008, PCTotalDefender, PC Defender 2008, Personal Defender 2009, WinDefender 2009, Perfect Defender 2009, Total Defender, Malware Defender 2009, WinPC Defender, PC Privacy Defender, Smart Defender Pro, Rogue.UltimateDefender, FraudTool.LastDefender.b and Security Defender Pro 2015. Windows Attacks Defender's features include an automatic start up routine that changes the Registry to allow Windows Attacks Defender to be launched with Windows, although extra security measures, such as booting to Safe Mode, should be able to disable Windows Attacks Defender.

While Windows Attacks Defender's foremost purpose is to make you spend money to register its software, Windows Attacks Defender supports its requests for registration with a well-chosen arsenal of fake security threats and genuine security attacks, such as:

  • Fake warning messages that may display in various settings and formats, including toolbar notifications and web browser alerts.
  • Imitations of system scans that, of course, always return extremely negative (and unlikely) results.
  • Web browser attacks that redirect your browser away from security-oriented sites or towards Windows Attacks Defender's home site.
  • However, SpywareRemove.com malware experts consider Windows Attacks Defender's most trouble attacks to be its attempts to block unrelated programs, especially Task Manager (which Windows Attacks Defender may replace with its own worthless utility). This may make it difficult to delete Windows Attacks Defender appropriately without disabling Windows Attacks Defender first.

Since fake messages from Windows Attacks Defender can use many formats, the following examples have been provided for referential purposes:

Security Center Alert
To help protect your computer, Security Center has blocked some features of this program.
Name: Win64.BIT.Looker.exe
Risk: High

Warning! Virus detected
Threat Detected: Trojan-Spy.HTML.Sunfraud.a

Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Attempt to run a potentially dangerous script detected.
Full system is highly recommended.

Warning! Identity theft attempt detected
Hidden connection IP:
Target: Microsoft Corporation keys

System warning
No real-time malware, spyware and virus protection was found. Click here to activate.

Warning! Virus Detected
Threat detected: FTP Server
Infected file: C:\Windows\System32\dllcache\wmpshell.dll

Putting Up a Defense That Windows Attacks Defender Can't Shatter

If you do see the obvious symptoms of a Windows Attacks Defender infection on your PC, SpywareRemove.com malware analysts have recommended the following steps to prevent Windows Attacks Defender from attacking your PC further and removing Windows Attacks Defender as fast and carefully as possible. They also stress that purchasing Windows Attacks Defender is never necessary or even wise, since Windows Attacks Defender lacks any sort of legitimate security-related features and isn't significantly easier to remove in its purchased format as opposed to its faux trial version.

  • Boot Windows via Safe Mode or a USB device, either of which should disable Windows Attacks Defender's start up entries. Alternately, if available, you may use a separate operating system on the same computer.
  • If necessary, download or update your anti-malware software, since Windows Attacks Defender may include alterations that make it more difficult to detect than other members of the Rogue.VirusDoctor family.
  • Scan your PC as thoroughly as possible to delete Windows Attacks Defender and related PC threats that may also have come aboard with Windows Attacks Defender's installation. Even though Windows Attacks Defender may provide its own removal utility, SpywareRemove.com malware experts stress that you should never trust a removal tool that's provided by a PC threat like Windows Attacks Defender.

Windows Attacks Defender Screenshot 2Windows Attacks Defender Screenshot 3Windows Attacks Defender Screenshot 4Windows Attacks Defender Screenshot 5Windows Attacks Defender Screenshot 6Windows Attacks Defender Screenshot 7Windows Attacks Defender Screenshot 8Windows Attacks Defender Screenshot 9Windows Attacks Defender Screenshot 10

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%APPDATA%\Protector-myq.exe File name: Protector-myq.exe
Size: 1.89 MB (1896448 bytes)
MD5: c6ff701b1d8ca8766ff5682a5ecd34ba
Detection count: 81
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 2, 2012
%AppData%\Protector-oak.exe File name: %AppData%\Protector-oak.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\NPSWF32.dll File name: %AppData%\NPSWF32.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%CommonPrograms%\Windows Attacks Defender.lnk File name: %CommonPrograms%\Windows Attacks Defender.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%DesktopDir%\Windows Attacks Defender.lnk File name: %DesktopDir%\Windows Attacks Defender.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

Registry Modifications

The following newly produced Registry Values are: