IronDefense comes bundled with RegistryClever malware and may display pop ups to that lead to flvdirect.com. As a typical fake AV, it will also display fake security warnings and notifications. Iron Defense has its own security center but it looks just like the legitimate Windows Security Center. Obviously, it tries to deceive users into thinking that their computers don't have proper anti-virus software.
And even if you have anti-virus software on your computer, let's say Norton, Kaspersky or Avast the rogue program will still claim that your computer is unprotected. The rogue program costs $49.95, that's definitely a ripoff, you would pay that much for a single anti-spyware program anyway. Furthermore, IronDefense will block task manager and registry editor to evade detection by security products. In some cases it may disable system restore and block nearly all programs on your computer. Not to mention that it will block security software in the first place. It goes without saying that IronDefense is nothing more but a scam. You should call your credit card company and dispute the charges if you have already purchased it. Then please follow IronDefense removal instructions below. Thankfully, this scareware can be removed for free using legitimate anti-malware software mentioned in the removal guide below. Last, but not least, if you have any questions or additional information about this malicious software, please leave a comment. Good luck and be safe online!
IronDefense removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download anti-malware software from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
IronDefense removal instructions in Normal mode:
1. Download Process Explorer iexplore.exe. Double click to open it. Look for IronDefense in the process list and terminate its process(es): F0E84.exe and [RANDOM CHARACTERS].exe.
2. Download anti-malware software from the list below. Update it and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
IronDefense associated files and registry values:
Files:
In Windows XP:
- C:\Program Files\FDFCA\F0E84.exe
- C:\Program Files\FDFCA\Uninstall.exe
- C:\Documents and Settings\Auto Infoistrator\Local Settings\Temp\[RANDOM CHARACTERS].exe
- C:\WINDOWS\[RANDOM CHARACTERS].exe
- C:\WINDOWS\[RANDOM CHARACTERS].bin
- C:\WINDOWS\[RANDOM CHARACTERS].dll
- C:\WINDOWS\[RANDOM CHARACTERS].cpl
- C:\WINDOWS\system32\[RANDOM CHARACTERS].exe
- C:\WINDOWS\system32\[RANDOM CHARACTERS].bin
- C:\WINDOWS\system32\[RANDOM CHARACTERS].dll
- C:\WINDOWS\system32\[RANDOM CHARACTERS].cpl
- C:\Program Files\FDFCA\F0E84.exe
- C:\Program Files\FDFCA\Uninstall.exe
- C:\Users\[User Name]\Local Settings\Temp\[RANDOM CHARACTERS].exe
- C:\WINDOWS\[RANDOM CHARACTERS].exe
- C:\WINDOWS\[RANDOM CHARACTERS].bin
- C:\WINDOWS\[RANDOM CHARACTERS].dll
- C:\WINDOWS\[RANDOM CHARACTERS].cpl
- C:\WINDOWS\system32\[RANDOM CHARACTERS].exe
- C:\WINDOWS\system32\[RANDOM CHARACTERS].bin
- C:\WINDOWS\system32\[RANDOM CHARACTERS].dll
- C:\WINDOWS\system32\[RANDOM CHARACTERS].cpl
- HKEY_CURRENT_USER\Software\IronDefense
- HKEY_LOCAL_MACHINE\software\microsoft\Internet Explorer\ActiveX Compatibility\{188D171F-A126-4A3B-B1DC-ED698FDFCADA}
- HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run "F0E84.exe"
- HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\IronDefense
- HKEY_USERS\current\software "C:\Program Files\FDFCA\"
No comments:
Post a Comment