Once installed, Advanced Defender creates numerous harmless and fake files on your computer, then runs a fake system scan and detects those files as serious system threats. The fake files are located in C:\Windows\ folder. The files are:
Furthermore, this fake application displays fake security alerts and system error messages claiming that nearly all executable files are infected and that you should purchase AdvancedDefender in order to fix this problem.
"Advanced Defender Warning
C:\Windows\Sytem32\cmd.exe is infected with worm
Lsas.Blaster.Keylogger. This worm is trying to send your credit
card details using C:\Windows\Sytem32\cmd.exe to
connect to remote post."
That's actually a very clever self protection method used by almost all rogue programs nowadays. There are more such fake notifications. Ignore false scan results and those fake warnings. Then remove Advanced Defender from your computer as soon as possible. Use the removal guide below. It will show you how to get rid of this infection for free using legitimate and reliable anti-malware software. If you have any questions don't hesitate and leave a comment. Good luck!
Advanced Defender removal instructions:
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
If you can't reboot your PC in Safe Mode with Networking, download SafeBootKeyRepair and run it. If the rogue program blocks it then download and run this file RenamedSBKRepair. Follow the prompts. Then reboot your PC in Safe Mode with Networking.
2. Download one of the following legitimate anti-malware applications and run a full system scan. Don’t forget to update it first. All programs a free.
Advanced Defender associated files and registry values:
Directories and Files:
- C:\Documents and Settings\All Users\Microsoft PData
- %UserProfile%\Start Menu\Programs\Advanced Defender
- C:\Program Files\Advanced Defender
- C:\Program Files\Advanced Defender\advanceddefender.exe
- C:\Program Files\Advanced Defender\base.wdb
- C:\Program Files\Advanced Defender\baseadd.wdb
- C:\Program Files\Advanced Defender\conf.wcf
- C:\Program Files\Advanced Defender\quarant.wdb
- C:\Program Files\Advanced Defender\q
- HKEY_LOCAL_MACHINE\SOFTWARE\Advanced Defender
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Defender
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = "1"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "advanceddefender"
Share this information with other people: