When will this end? As the economy continues its downturn, internet fraud will continue to climb. MalwareDefender2009 is a misleading application that may give exaggerated reports of threats on your computer.

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP

Risk Impact: Medium

This program can be manually installed. It may also be downloaded by Trojan.Zlob.

The program reports false or exaggerated system security threats on the computer.

malware-defender

The user is then prompted to pay for a full license of the application in order to remove the threats.

Installation
When the program is executed, it creates the following files:

* %UserProfile%\Desktop\Malware Defender 2009.lnk
* %UserProfile%\Start Menu\Programs\Malware Defender 2009\Malware Defender 2009.lnk
* %UserProfile%\Start Menu\Programs\Malware Defender 2009\Uninstall.lnk
* %UserProfile%\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
* %ProgramFiles%\Malware Defender 2009\conf.cfg
* %ProgramFiles%\Malware Defender 2009\malwaredef.exe
* %ProgramFiles%\Malware Defender 2009\mbase.vdb
* %ProgramFiles%\Malware Defender 2009\quarantine.vdb
* %ProgramFiles%\Malware Defender 2009\queue.vdb
* %ProgramFiles%\Malware Defender 2009\uninstall.exe
* %ProgramFiles%\Malware Defender 2009\vbase.vdb

Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”malwaredef” = “%ProgramFiles%\Malware Defender 2009\malwaredef.exe”

It also creates the following registry subkeys:

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defender 2009
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
* HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defender 2009

Removal Instructions:

If you have Norton Antivirus, visit the link below for instructions on how to remove this application from your computer.

http://www.symantec.com/norton/security_response/writeup.jsp?docid=2009-033012-2224-99&tabid=3