What is IronDefender, How to remove IronDefender
Monday, September 13th, 2010This is a harmful program.
It is a malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Files:
c:\Documents and Settings\All Users\Start Menu\Programs\IronDefender.lnk
%UserProfile%\Desktop\IronDefender.lnk
c:\Program Files\{RANDOM}
c:\Program Files\{RANDOM}\{RANDOM}.exe
c:\Program Files\{RANDOM}\Uninstall.exe
c:\WINDOWS\{RANDOM}.exe
c:\WINDOWS\{RANDOM}.bin
c:\WINDOWS\{RANDOM}.dll
c:\WINDOWS\{RANDOM}.cpl
c:\WINDOWS\system32\{RANDOM}.exe
c:\WINDOWS\system32\{RANDOM}.bin
c:\WINDOWS\system32\{RANDOM}.dll
c:\WINDOWS\system32\{RANDOM}.cpl
Registry keys/values:
HKEY_CURRENT_USER\Software\IronDefender
HKEY_LOCAL_MACHINE\SOFTWARE\IronDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IronDefender
HKEY_CURRENT_USER\Software | Install_Dir = “C:\Program Files\{RANDOM}”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | {RANDOM}.exe
Startup Type: HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:
O4 – HKLM\..\Run: [{RANDOM}.exe] “C:\Program Files\{RANDOM}\{RANDOM}.exe” -min
O4 – HKCU\..\Run: [{RANDOM}.exe] C:\WINDOWS\system32\{RANDOM}.exe
Description: rogue antispyware program
How to remove: use the IronDefender removal instructions.