Wednesday, 10 February 2010

How to remove Advanced Defender fake antivirus program? (Uninstall guide)

Advanced Defender is a fake and very annoying antivirus program. Basically it's the same thing as Personal Protector scareware which was released last year. Both programs look the same only the name is different. AdvancedDefender is promoted and installed through the use of Trojans, however the fake program still has to be manually installed. Cyber criminals use various misleading methods to trick you into downloading ans installing  this bogus software. This infection may come from fake online scanners, bogus websites or bundled with other malicious software. Also note that the scammers use such well know sites as Facebook and MySpace to promote their products. Don't download or install anything if you are not sure what it is and especially don't open any links sent by unknown people.

Once installed, Advanced Defender creates numerous harmless and fake files on your computer, then runs a fake system scan and detects those files as serious system threats. The fake files are located in C:\Windows\ folder. The files are:
  • microsoftdefend.dll
  • explorers.exe
  • certofsystem.exe
  • regp.exe
  • spoos.exe
Of course, it can also include legitimate Windows files in its false scan results. That's why don't trust it and don't delete any of those reported files otherwise you can damage your system. As a typical scareware, Advanced Defender prompts you to purchase the program in order to remove the infections or computer threats. Of course, yous shouldn't buy it. Cyber criminals won't return your money, believe me. Contact your credit card company and dispute the charges if you already purchased it.

Furthermore, this fake application displays fake security alerts and system error messages claiming that nearly all executable files are infected and that you should purchase AdvancedDefender in order to fix this problem.

"Advanced Defender Warning
C:\Windows\Sytem32\cmd.exe is infected with worm
Lsas.Blaster.Keylogger. This worm is trying to send your credit
card details using C:\Windows\Sytem32\cmd.exe to
connect to remote post."

That's actually a very clever self protection method used by almost all rogue programs nowadays. There are more such fake notifications. Ignore false scan results and those fake warnings. Then remove Advanced Defender from your computer as soon as possible. Use the removal guide below. It will show you how to get rid of this infection for free using legitimate and reliable anti-malware software. If you have any questions don't hesitate and leave a comment. Good luck!

Advanced Defender removal instructions:

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here:

NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
If you can't reboot your PC in Safe Mode with Networking, download SafeBootKeyRepair and run it. If the rogue program blocks it then download and run this file RenamedSBKRepair. Follow the prompts. Then reboot your PC in Safe Mode with Networking.

2. Download one of the following legitimate anti-malware applications and run a full system scan. Don’t forget to update it first. All programs a free.

Advanced Defender associated files and registry values:

Directories and Files:
  • C:\Documents and Settings\All Users\Microsoft PData
  • %UserProfile%\Start Menu\Programs\Advanced Defender
  • C:\Program Files\Advanced Defender
  • C:\Program Files\Advanced Defender\advanceddefender.exe
  • C:\Program Files\Advanced Defender\base.wdb
  • C:\Program Files\Advanced Defender\baseadd.wdb
  • C:\Program Files\Advanced Defender\conf.wcf
  • C:\Program Files\Advanced Defender\quarant.wdb
  • C:\Program Files\Advanced Defender\q
  • C:\WINDOWS\certofsystem.exe
  • C:\WINDOWS\explorers.exe
  • C:\WINDOWS\microsoftdefend.dll
  • C:\WINDOWS\regp.exe
  • C:\WINDOWS\spoos.exe
  • C:\WINDOWS\system32\winscent.exe

Registry values:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Defender
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "advanceddefender"

Share this information with other people:

No comments:

Post a Comment