Vista Defender
Posted: March 29, 2010
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 25 |
| First Seen: | December 19, 2012 |
|---|---|
| OS(es) Affected: | Windows |
Vista Defender is a rogue anti-malware product that displays poor security information intentionally to make its services seem needed, and then requests a registration fee in exchange for removing the fake threats that Vista Defender detects. Besides its fake security functions, which imitate the appearances of actual anti-malware and security programs, Vista Defender also may hijack your web browser, make negative changes to your system settings and/or block other applications on your computer. SpywareRemove.com malware researchers place an extra emphasis on Vista Defender being identified as fraudulent software that can never enhance your PC's security, and recommend removing Vista Defender with anti-malware programs whenever Vista Defender is installed (either deliberately or via exploits).
Vista Defender: a Devil to Your PC's Security that's Hiding Behind a Halo
Vista Defender claims to be an anti-malware product with a variety of general security features, but each of Vista Defender's 'security features' actually are fake features that are intended to display misleading, inaccurate and fraudulent alerts. Although the most visually-dominant feature of Vista Defender is its fake system scanner, Vista Defender also can display a large range of different pop-up warnings, including taskbar balloons and other pop-ups that imitate Windows notifications. All of Vista Defender's 'security' features warn victims about fake attacks and infections that never should be taken at face value, and SpywareRemove.com malware analysts note that following any security-related advice from Vista Defender is likely to damage your computer.
As a member of WinPC Defender, Vista Defender also may be the launching platform for additional attacks against your web browser, unrelated programs and even the Windows operating system. Functions that SpywareRemove.com malware researchers consider especially harmful include:
- Security settings that are changed without your consent (such as disabled firewall security or Windows Update notifications).
- Programs that may be blocked by Vista Defender, either by terminating their memory processes or by deleting Registry-based program components.
- Browser redirects by Vista Defender that display fake alert pages and block your ability to access various websites.
Outing Vista Defender's Fake Security with the Real Thing
Vista Defender doesn't have any purpose except to force you to buy its registration key, which isn't helpful for your computer and should never be considered an ideal solution to any Vista Defender (or other FakeRean-based) infection. Rogue anti-malware products like Vista Defender often attempt to block real anti-malware programs that could delete them, and SpywareRemove.com malware experts suggest blocking Vista Defender with Safe Mode or any other necessary method before deleting Vista Defender.
Other fake anti-malware programs that are related to Vista Defender include Ultimate Defender, SystemDefender, IE Defender, Advanced XP Defender, XP Defender, WinDefender2008, PCTotalDefender, PC Defender 2008, Personal Defender 2009, WinDefender 2009, Perfect Defender 2009, Total Defender, Malware Defender 2009, WinPC Defender, PC Privacy Defender, Smart Defender Pro, Rogue.UltimateDefender, FraudTool.LastDefender.b and Security Defender Pro 2015. All of these examples and other members of FakeRean should be considered malicious software to be removed on sight.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:ave.exe
File name: ave.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AllUsersProfile%\Desktop\Vista Defender.lnk
File name: %AllUsersProfile%\Desktop\Vista Defender.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonAppData%\pcdfdata\.exe
File name: %CommonAppData%\pcdfdata\.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CommonAppData%\pcdfdata\app.ico
File name: %CommonAppData%\pcdfdata\app.icoMime Type: unknown/ico
Group: Malware file
%CommonAppData%\pcdfdata\config.bin
File name: %CommonAppData%\pcdfdata\config.binFile type: Binary File
Mime Type: unknown/bin
Group: Malware file
%CommonAppData%\pcdfdata\defs.bin
File name: %CommonAppData%\pcdfdata\defs.binFile type: Binary File
Mime Type: unknown/bin
Group: Malware file
%CommonAppData%\pcdfdata\support.ico
File name: %CommonAppData%\pcdfdata\support.icoMime Type: unknown/ico
Group: Malware file
%CommonAppData%\pcdfdata\uninst.ico
File name: %CommonAppData%\pcdfdata\uninst.icoMime Type: unknown/ico
Group: Malware file
%CommonAppData%\pcdfdata\vl.bin
File name: %CommonAppData%\pcdfdata\vl.binFile type: Binary File
Mime Type: unknown/bin
Group: Malware file
%CommonStartMenu%\Programs\Vista Defender\Remove Vista Defender.lnk
File name: %CommonStartMenu%\Programs\Vista Defender\Remove Vista Defender.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonStartMenu%\Programs\Vista Defender\Vista Defender Help and Support.lnk
File name: %CommonStartMenu%\Programs\Vista Defender\Vista Defender Help and Support.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%CommonStartMenu%\Programs\Vista Defender\Vista Defender.lnk
File name: %CommonStartMenu%\Programs\Vista Defender\Vista Defender.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "pcdfsvc" = "%CommonAppData%\pcdfdata\.exe /minHKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = ""%CommonAppData%\pcdfdata\.exe" /ex "%1" %*"HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pcdfdataHKEY_CLASSES_ROOT\secfileHKEY_CURRENT_USER\Software\Classes\secfile\shell\open\commandHKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
Additional Information
| # | Message |
|---|---|
| 1 | System Security Alert!
Unknown program is scanning your system registry right now! Identify the theft detected! |
| 2 | System Security Alert!
Vulnerabilities found Background scan for security breaches has been finished. Serious problems have been detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defence. |
| 3 | System Security Alert Unknown program is scanning your system registry right now! Identity theft detected. |
| 4 | System Security Alert Vulnerabilities found Background scan for security breaches was finished. Serious issues were detected. Safeguard your system against exploits, malware and viruses right now by activating Proactive Defense. |
| 5 | Vista Defender Firewall Alert
Iexplore.exe is infected with Trojan.JS.Fraud.ba. Private data can be stolen by third parties, including credit card details and passwords. |
| 6 | Vista Defender Firewall Alert Firefox.exe is infected with Trojan-Clicker.Js.Agent.op. Private data can be stolen by third parties, including credit card details and passwords. |
| 7 | Vista Defender Firewall Alert Iexplore.exe is infected with Trojan.JS.Fraud.ba. Private data can be stolen by third parties, including credit card details and passwords. |
Hi,
I tried to remove vista defender using the method above and now i can't open the internet as when i click on the windows explorer icon it comes up with a msg saying: This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel. I have no idea how to do this and can't find this Set Associations control panel anywhere. Please help!
I did what you said and now am living in happy-land again. Thanks!!!!
hi! good day. i accidentally install the different version of windows defender on my laptop. when i update it shows always error. when i check the windows update it shows failed and different version to my original built in windows defender. please help me how to remove this eroor.