Malware called DefendAPc will pretend as a security application for Windows and promoted on fake security websites. DefendAPc also uses these website to spread itself on visitors computer by automatically installing it without their knowledge. Coming from the family where also SysDefenders and SysProtectoralso belongs, DefendAPc shares the same graphical user interface and method to deceive computer users. Dozens of threat will be detected by its own virus scanner that may mislead users to obtain the registered version anticipating to remove the infections. A Trojan associated with DefendAPc will communicate to a remote server to download additional threats that will make it difficult for any security programs to get rid of DefendAPc.
What are the Symptoms of DefendAPc Infection?
Virus scan will be exhibited by DefendAPc displaying false information about current computer security status.
It will modify Windows Registry and add the following entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “[random].exe”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run “DefendAPc”
- HKEY_CURRENT_USER\Software\DefendAPc
- HKEY_LOCAL_MACHINE\SOFTWARE\DefendAPc
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefendAPc
DefendAPc will drop the following malicious files:
- c:\WINDOWS\1347s5zal6471.cpl
- c:\WINDOWS\13z2backdo3124.ocx
- c:\WINDOWS\13z795roj318.bin
- c:\WINDOWS\system32\41c09ackzoor1897.bin
- c:\WINDOWS\system32\134895rez5.cpl
- c:\WINDOWS\system32\[random].exe
- %Temp%\[random].exe
- c:\Documents and Settings\All Users\Desktop\DefendAPc.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\DefendAPc
- c:\Documents and Settings\All Users\Start Menu\Programs\DefendAPc\1 DefendAPc.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\DefendAPc\2 Homepage.lnk
- c:\Documents and Settings\All Users\Start Menu\Programs\DefendAPc\3 Uninstall.lnk
- c:\Program Files\DefendAPc Software
- c:\Program Files\DefendAPc Software\DefendAPc
- c:\Program Files\DefendAPc Software\DefendAPc\DefendAPc.exe
- c:\Program Files\DefendAPc Software\DefendAPc\main_config.xml
- c:\Program Files\DefendAPc Software\DefendAPc\uninstall.exe
How to Remove DefendAPc Manually
1. Restart your computer in SafeMode
– After Power-On the computer, just before Windows start, press F8
– From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
– Click Start > Run
– Type in the field, regedit
– Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
– Base on the given location above, browse and delete the file
– If no location is given, click Start>Search> and search for the files.
– If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
– Update antivirus program
– Scan computer and delete all detected threats.
How to Easily Remove DefendAPc
1. Download and run Removal Tool to remove DefendAPc
