Windows Vista Blog

Antimalware Defender is a rogue anti-spyware that is related to Virus Doctor. It uses similar methods as other fake programs to try and get the user to purchase a software license. Antimalware Defender reaches the user’s system via Trojans that get downloaded from spam emails and fake websites. Once downloaded, this Trojan displays an alert saying that the Windows malware database needs to be updated. If the user agrees, the Trojan will download and install Antimalware Defender. After it has been installed, Antimalware Defender will perform countless fake scans of the system and warn the user that there are many threats to the system. It also installs a Browser Helper Object (BHO) that will redirect the user’s web browser to websites that promote similar rogue programs. Antimalware Defender will ask the user to pay for the ‘full’ version of the software, claiming that the currently installed ‘trial’ version is insufficient to remove the detected false ‘threats’. However it is important to remember that the ‘full’ version of Antimalware Defender is just as incapable of scanning your system as the ‘trial’ version is.

As soon as you find a copy of Antimalware Defender on your system, you should take steps to remove it. The process of Antimalware Defender removal is outlined below.
File Removal Procedures

The first step in Antimalware Defender removal is to unregister the following DLL file:

•    ca84c702-c758-4421-974e-b02662e76d7c_6.avi (random named avi file in C:\WINDOWS\system32\ )

The next step is to remove the following files and folders:

•    c:\Documents and Settings\All Users\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.avi
•    c:\Documents and Settings\All Users\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.ico
•     c:\Documents and Settings\All Users\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.mkv
•     c:\Documents and Settings\All Users\Start Menu\Programs\Antimalware Defender
•    c:\Documents and Settings\All Users\Start Menu\Programs\Antimalware Defender\Antimalware Defender.lnk
•    c:\Documents and Settings\All Users\Start Menu\Programs\Startup\ca84c702-c758-4421-974e-b02662e76d7c_6.lnk c:\Program Files\Antimalware Defender
•    c:\Program Files\Antimalware Defender\Antimalware Defender.dll
•    c:\WINDOWS\system32\ca84c702-c758-4421-974e-b02662e76d7c_6.avi
•    c:\WINDOWS\system32\ca84c702-c758-4421-974e-b02662e76d7c_6.ico
•    %UserProfile%\Local Settings\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.avi
•    %UserProfile%\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.avi
•     %UserProfile%\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.avi
•    %UserProfile%\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.ico
•    %UserProfile%\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.mkv
•    %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Defender.lnk
•    %UserProfile%\Desktop\Antimalware Defender.lnk
•    %UserProfile%\Local Settings\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.avi
•    %UserProfile%\Local Settings\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.ico
•    %UserProfile%\Local Settings\Application Data\ca84c702-c758-4421-974e-b02662e76d7c_6.mkv
•    %UserProfile%\Start Menu\Programs\Antimalware Defender
•    %UserProfile%\Start Menu\Programs\Antimalware Defender\Antimalware Defender.lnk
•    %UserProfile%\Start Menu\Programs\Startup\ca84c702-c758-4421-974e-b02662e76d7c_6.lnk

Once these steps have been completed, your file system is safe from Antimalware Defender. However, in order to make sure that Antimalware Defender has been completely removed from the PC it is recommended to conduct a full system scan using Spyware Doctor with Antivirus.

Registry Removal Procedures

As the final step in Antimalware Defender removal, you should delete the following keys and settings from the Windows registry:

•    HKEY_CLASSES_ROOT\CLSID\ca84c702-c758-4421-974e-b02662e76d7c
•    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ca84c702-c758-4421-974e-b02662e76d7c
•    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ca84c702-c758-4421-974e-b02662e76d7c_6″

Once these steps have all been completed, your computer is safe from Antimalware Defender.
Conclusion

Manual Antimalware Defender removal is not recommended for inexperienced users, as any wrong move made on your part could damage your system. The best way to go is to use a web-based repair service such as www.onlinecomputerrepair.org. This ensures that this rogue software is removed safely and efficiently.