Updated: July 13, 2007 2:59:48 PM
Type: Misleading Application
Name: SpyDefender
Version: 2007
Publisher: Nous-Tech Solutions Ltd.
Risk Impact: Medium
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000
BehaviorThe misleading application must be manually executed. When the file is executed, it visibly downloads the install files, but then silently installs them.
The misleading application identifies the fake threat Trojan.MetaMorf.F as present on the computer.
The detected files may be associated with the download and installation of UltimateDefender.
The user is then prompted to pay for a full license of the application in order to remove the fake threat.
InstallationThe risk creates the following files:
%UserProfile%\Application Data\Ultimate Defender\logs\1184156634.log
%UserProfile%\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
C:\Documents and Settings\All Users\Start Menu\Programs\Ultimate Defender\Ultimate Defender Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Ultimate Defender\Ultimate Defender.lnk
%ProgramFiles%\Ultimate Defender\program.info
%ProgramFiles%\Ultimate Defender\udefender.pkg
%ProgramFiles%\Ultimate Defender\UltimateDefender.db
%ProgramFiles%\Ultimate Defender\UltimateDefender.exe
%ProgramFiles%\Ultimate Defender\Uninstall.exe
%System%\drivers\etc\.protected
%Windir%\.protected
%SystemRoot%\.protected
The risk also creates the following registry subkeys:
HKEY_ALL_USERS\Software\Ultimate Defender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ultimate Defender
HKEY_LOCAL_MACHINE\SOFTWARE\Ultimate Defender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ultimate Defender
Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
