BehaviorThe program may be manually installed or installed by drive-by downloads.
The program reports false or exaggerated system security threats on the computer.
The user is then prompted to pay for a full license of the application in order to remove the threats.
InstallationWhen the program is executed, it creates the following files:
- %ProgramFiles%\SysDefence Software\SysDefence\SysDefence.exe
- %ProgramFiles%\SysDefence Software\SysDefence\uninstall.exe
- %UserProfile%\Start Menu\Programs\SysDefence\1 SysDefence.lnk
- %UserProfile%\Start Menu\Programs\SysDefence\2 Homepage.lnk
- %UserProfile%\Start Menu\Programs\SysDefence\3 Uninstall.lnk
- %UserProfile%\Desktop\SysDefence.lnk
Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"SysDefence.exe" = "%ProgramFiles%\SysDefence Software\SysDefence\SysDefence.exe"
It also creates the following registry subkeys:
- HKEY_LOCAL_MACHINE\SOFTWARE\SysDefence
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SysDefence
- HKEY_CURRENT_USER\Software\SysDefence
Similar Security RisksWiniguard 
