Home Malware Programs Rogue Anti-Spyware Programs Security Defense

Security Defense

Posted: September 15, 2011

Threat Metric

Threat Level: 8/10
Infected PCs: 7
First Seen: September 15, 2011
Last Seen: July 21, 2021
OS(es) Affected: Windows

Security Defense is a clone of other rogue security programs from a small but growing family of scamware named . This subgroup of rogue security products uses several different types of false positives to trick you into spending money on a Security Defense activation scam, when the only infection on your PC is actually Security Defense itself. SpywareRemove.com malware experts have also noted software-blocking behavior from Security Defense and Security Defense's relatives, which have been advertised on social networking sites via fraudulent advertisement. Since an imperfect removal of Security Defense will allow Security Defense to reinstall itself, it's suggested that you use an anti-malware application that you trust, to delete all Security Defense components.

Security Defense – a Misleading Name in Every Possible Way

Security Defense has been found to market itself in Facebook advertisements, particularly with the usage of fake system scans. You shouldn't trust these simulated scans, since they will always appear to find infections and always recommend that you install Security Defense or one of Security Defense's relatives. This behavior is a forewarning to Security Defense's own attacks, since SpywareRemove.com malware experts have found many fake error messages in common with Security Defense's presence on a PC.

In addition to filling Security Defense's scanner results with fake infection detections, Security Defense will create inaccurate warnings at random intervals, such as these examples:

Security Warning
Malicious program has been detected. Click here to protect your computer.

Attention! We strongly recommend that you activate [Rogue security program] for the safety and faster running of your PC.

[Rogue security program] has found [random number] useless and UNWANTED files on your computer!

These errors will include a variety of infections and supposedly critical-level threats to your PC, but SpywareRemove.com malware researchers haven't found any indication that Security Defense is capable of detecting or removing real Trojans, viruses or other infections from your computer.

How to Exchange Your Fake Security Defense for Real Security

A typical Security Defense infection will also attempt to block various programs from running, including baseline Windows tools (Task Manager, Notepad, etc) and security products such as anti-virus scanners. SpywareRemove.com malware research team has found that the following fake alert often appears after you try to access a program that Security Defense has blocked:

taskmgr.exe can not start
File taskmgr.exe is infected by W32/Blaster.worm. Please activate Security Protection to protect your computer.

However, using Safe Mode will allow you to access all of the programs that Security Defense is trying to stop you from using. Wiping Security Defense off of your hard drive at that point, only requires a good anti-malware program that can detect Security Defense and affiliated infections, including dropper Trojans and rootkits.

You should also be on guard against similar rogue security programs that may be installed in the same way as Security Defense, such as Security Defense's close relatives,

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Documents and Settings%\[UserName]\Local Settings\Application Data\defender.exe File name: %Documents and Settings%\[UserName]\Local Settings\Application Data\defender.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Security Defense
Loading...