1. /
  2. Security Response/
  3. SysDefence

SysDefence

Updated:
December 18, 2009 3:23:28 PM
Type:
Misleading Application
Name:
SysDefence
Risk Impact:
Low
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
Behavior
The program may be manually installed or installed by drive-by downloads.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following files:
  • %ProgramFiles%\SysDefence Software\SysDefence\SysDefence.exe
  • %ProgramFiles%\SysDefence Software\SysDefence\uninstall.exe
  • %UserProfile%\Start Menu\Programs\SysDefence\1 SysDefence.lnk
  • %UserProfile%\Start Menu\Programs\SysDefence\2 Homepage.lnk
  • %UserProfile%\Start Menu\Programs\SysDefence\3 Uninstall.lnk
  • %UserProfile%\Desktop\SysDefence.lnk

Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"SysDefence.exe" = "%ProgramFiles%\SysDefence Software\SysDefence\SysDefence.exe"

It also creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\SysDefence
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SysDefence
  • HKEY_CURRENT_USER\Software\SysDefence


Similar Security Risks

Winiguard


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver