Wednesday, February 23, 2011

Internet Defender Removal Guide

Internet Defender Removal Guide
Internet Defender is a fake antivirus which will infect the computer after a Trojan opens a backdoor on the computer. Normally this program is installed to the computer without the permission of the users when they visit some websites. Internet Defender start automatically when the computer boot. It will scan the infected computer and shows that the computer has been infected by many malwares. In fact, the computer is infected by itself! Then, Internet Defender will persuade the user to purchase the license in order to activate it. This fake antivirus should be removed immediately.

Internet Defender can be removed by stopping its processes [random].exe and [Internet Defender.exe] and the user should remember to kill the file. The registry settings should be restored by following the removal guide below.

Internet Defender must be removed from your computer immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
Internet Defender.exe
[random].exe

Unregister DLL files
c:\Program Files\Internet Defender\Internet Defender.dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "56a10a26-dc02-40f3-a4da-8fa92d06b357_33"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56a10a26-dc02-40f1-a4da-8fa92d06b357}
HKEY_CLASSES_ROOT\CLSID\{56a10a26-dc02-40f1-a4da-8fa92d06b357}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "56a10a26-dc02-40f3-a4da-8fa92d06b357_33"

Remove Folders and Files
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Defender.lnk
c:\Documents and Settings\All Users\Application Data\56a10a26-dc02-40f3-a4da-8fa92d06b357_33.avi
c:\Documents and Settings\All Users\Start Menu\Programs\Startup\56a10a26-dc02-40f3-a4da-8fa92d06b357_33.lnk
c:\Documents and Settings\All Users\Application Data\56a10a26-dc02-40f3-a4da-8fa92d06b357_33.ico
%UserProfile%\Start Menu\Programs\Startup\56a10a26-dc02-40f3-a4da-8fa92d06b357_33.lnk
c:\Program Files\Internet Defender

No comments:

Post a Comment