Updated: May 6, 2009 12:00:59 AM
Type: Misleading Application
Infection Length: 8,352,504 bytes
Name: Perfect Defender 2009
Version: 2.0.0.53
Publisher: Trambambon LLC
Risk Impact: Medium
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
BehaviorThe program can be manually installed or may be installed through
Trojan.Zlob.
The program reports false or exaggerated system security threats on the computer.
The user is then prompted to pay for a full license of the application in order to remove the threats.
InstallationWhen the program is executed, it creates the following files:
- %UserProfile%\Start Menu\Programs\Perfect Defender 2009\Perfect Defender 2009.lnk
- %UserProfile%\Start Menu\Programs\Perfect Defender 2009\Uninstall Perfect Defender 2009.lnk
- %ProgramFiles%\Perfect Defender 2009\dbbase.div
- %ProgramFiles%\Perfect Defender 2009\pd.dll
- %ProgramFiles%\Perfect Defender 2009\pdfndr.exe
- %ProgramFiles%\Perfect Defender 2009\UnInstall.exe
It then creates the following folders:
- %UserProfile%\Start Menu\Programs\Perfect Defender 2009
- %ProgramFiles%\Perfect Defender 2009
Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Perfet Defender 2009" = "%ProgramFiles%\Perfect Defender 2009\pdfndr.exe"
It also creates the following registry subkeys:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDefender
- HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defender 2009
SIMILAR SECURITY RISKS
The following misleading application is similar to PerfectDefender 2009:
Registry Defender Platinum
Facebook
Digg
Reddit
Technorati
Slashdot
Twitter
Google
Yahoo Buzz
Delicious
StumbleUpon