Home > Threats > Malware Defense

Malware Defense - Fake Anti-Virus

Posted on 20 December 2009 under Rogue Programs

1. What is Malware Defense?

Malware Defense is unreliable computer security tool, that crams system with wide range of warning messages also known as false alarms, which are finally used against user for the sole purpose - cash benefits. Affected by such programs (misleading applications), inexperienced and frightened users usually selects inappropriate way to solve computer problems, especially when the issue is security related. Malware Defense is related to Paladin Antivirus, comparing the similarity between the programs.

Malware Defense is carried through Trojan. Also system reboots can be experienced right after Trojan infection, which may develop into reboot loop.

Just before the emergence of Malware Defense, user is noticed that the threats had been found in his system and Malware Defense is recommended as anti-spyware tool to remove them. The alert is imitated as genuine Windows warning through faked Windows Security Center:

Fake Windows Security Center | Malware Defense

Acting on the message, Malware Defense will come up and start computer scan, followed by a prompt Registration required, which will tell that dangerous viruses has been found and removal is necessary as soon as possible.

Viruses found in Malware Defense scan report will indicate legal Windows files (clock.avi) or the ones dropped by the program itself.

Security Center Alerts will appear one after another which state that these viruses has been found, asking if user wants them to be blocked:
  • Backdoor.Win32.Kbot.al | This Trojan provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. It is 12787 bytes in size.
  • Trojan.Win32.Agent.dcc | This Trojan has a malicious payload. It is a Windows PE EXE file. It is 20480 bytes in size.
  • Virus.Win32.Gpcode.ak | This malicious program encrypts files on the victim machine. It is a Windows PE EXE file 8030, bytes in size.
  • Net-Worm.Win32.DipNet.d | DipNet.d infects computers running under Windows. The worm itself is a Windows PE EXE file approximately 91KB in size, packed using UPX. The unpacked file is approximately 246KB in size. The worm propagates by exploiting a vulnerability in Microsoft Windows LSASS (MS04-011).
  • Rootkit.Win32.Agent.pp | This Trojan masks its presence in the system from users and from other programs. It is a Windows PE SYS file. It is 40960 bytes in size. It is not packed in any way. It is written in C.
  • Virus.Win32.Hala.a | This malicious program infects executable files on the victim machine. It is a Windows DLL file. The malicious file is 20480 bytes in size. It is not packed in any way. It is written in Visual C++.
What to do if internet connection has been lost?
  • Launch Internet Explorer
  • Go to Tools and then Internet Options
  • Choose Connections tab
  • Click on Lan settings
  • Uncheck box next to Use a proxy server for your LAN
  • Click OK to close current window
  • Click OK to close Internet Options window

2. Malware Defense screen shot:

Malware Defense

3. How to remove Malware Defense:

  1. Internet connection might be disabled or Internet browser might be blocked by Malware Defense, so it won't be possible to download any files to infected computer. In this case please download all files required for Malware Defense removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove Malware Defense download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove Malware Defense.

  5. Restart the computer to complete Malware Defense removal procedure.
Security Alert:

Security Alert | Malware Defense

4. Malware Defense files:

C:\Program Files\Malware Defense\help.ico
C:\Program Files\Malware Defense\md.db
C:\Program Files\Malware Defense\mdext.dll
C:\Program Files\Malware Defense\mdefense.exe
C:\Program Files\Malware Defense\uninstall.exe

5. Hijackthis entries:

O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan