5/28/2012

Windows Defence Council malware removal

1.Description

It’s a serious mistake to consider Windows Defence Council as a serious anti-virus software. You should not repeat the mistake, millions of Internet users have already done and regret about it. They lost their money, time and nerves


2. Behavior inside the compromised system

Typically Windows Defence Council gets inside the compromised PC without being noticed. It uses up-to-date rootkit techniques to get the targeted PC. It is not very pleasant to listen, but if you notice any signs of this scam it means that your antivirus program was successfully bypassed. When this hoax tool is running on your machine, it generates warning messages stating that some insecure items are detected. This malicious device reports trojans, keyloggers, rootkits, spyware etc, to be short, things you would like to neighbor with. Such pre-programs scanning results are the part of well thought-out-scheme on how to scare and catch the potential victims in its evil nets. Do not treat the information seriously. It is outrageous lie. Take some measures to remove this parasite without postponing

3. Files

In the process of the installation, Windows Defence Council copies the following files to the hard disk.

  • %AppData%\NPSWF32.dll
  • %AppData%\Protector-[rnd].exe
  • %AppData%\result.db

4. System registry

Windows Defence Council creates the following registry entries:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe

Windows Defence Council malware remover:

malware removal tool

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)