Home Malware Programs Rogue Anti-Spyware Programs Defender Unlimited

Defender Unlimited

Posted: July 19, 2011

Defender Unlimited is still another fake anti-virus program from the same criminal group that's given the world such infamous scamware products as Bogema Security and Eclipse Antivirus. SpywareRemove.com malware researchers haven't found any new features in Defender Unlimited that would make Defender Unlimited more than a clone of these older rogue anti-virus applications, although Defender Unlimited still uses the same fake infection warnings and program-blocking behavior that its predecessors were known for. The most recent distribution mechanism for Defender Unlimited has been seen using Trojans that are disguised as web browser updates, and you should take care to avoid any software updates that come from unusual sources if you want to keep Defender Unlimited off of your PC.
 

Defender Unlimited - Unlimited Only in the Trouble That It Can Cause Your PC

Defender Unlimited, also known as Defender Unlimited 2011, is sold by Defenderunlimited.com, a website that's been popularly blacklisted for trafficking in malicious security programs. Defender Unlimited is just one example of the many malware products that are disseminated across the web by the same gang of criminals; others include Malware Defender, Clean Security, Bogema Security, Alfa Defender Pro and a fake variant of Windows Defender. All of these rogue anti-virus programs use fake infection warnings instead of detecting real viruses or other infections, and Defender Unlimited, unfortunately, isn't an exception in that regard.
 
In addition to fake infection alerts, you may also experience other problems while Defender Unlimited is on your computer, including browser hijacks that redirect you to hostile websites or inability to use other types of anti-virus programs. Even though Defender Unlimited will do its utmost to make you think that other viruses are responsible for these attacks, SpywareRemove.com malware analysts have traced all of them right back to Defender Unlimited.
 

Rejecting Defender Unlimited's Fraudulent Defenses with a Real PC Defense

All of Defender Unlimited's fake and real features are enacted to tempt you into spending money to make these problems vanish. However, since SpywareRemove.com malware research team has found that the same criminals who run Defender Unlimited also have a reputation for charging credit cards multiple times, buying Defender Unlimited is definitely not recommended.
 
The easiest way to avoid a Defender Unlimited infection is to practice good safety measures that keep related Trojans, such as Zlob or Fake Microsoft Security Essentials Alert, off of your PC. In many cases, these Trojans will disguise themselves as fake online scanners, media codec updates or web browser updates before they install Defender Unlimited or another rogue security product.
 
One message that's closely-tied to Defender Unlimited's distribution strategy is the following sample, which doesn't indicate the presence of real viruses on your PC:
 
"Defender Unlimited Firewall Alert! – Scanning of your system is currently on, please waiting until the end. Your system affected by numerous virus attacks, Defender Unlimited Firewall Alert recommends you to install proper security program to protect your computer?"
 
You should also avoid websites like defenderunlimited.com, which may use other methods, such as browser exploits, to try to install Defender Unlimited on your PC.
 
If Defender Unlimited has been installed and you need to remove Defender Unlimited, instead of purchasing Defender Unlimited, try using basic anti-malware procedures, such as Safe Mode and full system scans with legitimate anti-virus application.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS] File name: %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]
%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS] File name: %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS]
%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe File name: %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
%Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS] File name: %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS]
%Documents and Settings%\[UserName]\Templates\[RANDOM CHARACTERS] File name: %Documents and Settings%\[UserName]\Templates\[RANDOM CHARACTERS]

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe" -safe-moHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exee" -a "%Program Files%\Internet Explorer\iexplore.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
Loading...