1. /
  2. Security Response/
  3. SysDefence

SysDefence

Updated:
December 18, 2009 3:23:28 PM
Type:
Misleading Application
Name:
SysDefence
Risk Impact:
Low
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Behavior
The program may be manually installed or installed by drive-by downloads.

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following files:
  • %ProgramFiles%\SysDefence Software\SysDefence\SysDefence.exe
  • %ProgramFiles%\SysDefence Software\SysDefence\uninstall.exe
  • %UserProfile%\Start Menu\Programs\SysDefence\1 SysDefence.lnk
  • %UserProfile%\Start Menu\Programs\SysDefence\2 Homepage.lnk
  • %UserProfile%\Start Menu\Programs\SysDefence\3 Uninstall.lnk
  • %UserProfile%\Desktop\SysDefence.lnk

Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"SysDefence.exe" = "%ProgramFiles%\SysDefence Software\SysDefence\SysDefence.exe"

It also creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\SysDefence
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SysDefence
  • HKEY_CURRENT_USER\Software\SysDefence


Similar Security Risks

Winiguard


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver