Remove Strong Malware Defender (Removal Instructions Inside)

Strong Malware Defender is a malicious program, which pretends to be a legitimate anti-virus tool. The truth is, it is a hacker creation, which attempts to mislead users into purchasing its fake full version. Fake online scanners are the main method for transmitting the Strong Malware Defender infection. They are placed on corrupted websites and simply wait for visitors. When such appear, the bogus scanners claim to be performing a scan of the computer system. As a result, they state that the PC has been seriously infected and needs immediate assistance. Then, the user is prompted to download a file in order to get rid of the presumable infections. This file is, in fact, Strong Malware Defender. Please note, that Strong Malware Defender online scanners do not have access to the computers of the visitors. Therefor, they cannot possibly detect any viruses, if such are present in the system. This is merely a trick that forces the scared victim to download the rogue.

Figure 1. Strong Malware Defender GUI

Immediately after its installation, Strong Malware Defender configures itself to be launched automatically as soon as Windows starts. From that moment on, whenever the user turns the PC on, the Strong Malware Defender screen appears, ready to perform a made-up scan. After it is done with the malicious configurations, the rogue creates a number of harmless files. They are later on used by the rogue to be detected as viruses. Some of these scans are:

%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.drv
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\fix.sys
%UserProfile%\Recent\grid.sys

Once it settles into the system, Strong Malware Defender starts flooding the system with counterfeit alerts and notifications. The pop-ups constantly appear on the screen, which makes them extremely annoying. They serve as a scare-strategy because they state that the PC is facing a great security risk. Each alert tries to make the user believe he/she needs to purchase the full version of Strong Malware Defender and even prompts him/her to do so. Some of the fake alerts, produced as a result of a Strong Malware Defender infection, are:

Warning! Virus detected
Threat Detected: Trojan-PSW.VBS.Half
Description: This is a VBScript-virus. It steals user’s passwords.

Warning! Access conflict detected!
An unidentified program is trying to access system process address space.
Process Name: AllowedForm
Location: C:\Windows\…\taskmgr.exe

Warning! Identity theft attempt detected
System Alert
Potentially harmful programs have been detected in your system and need to be dealt with immediately. Click here to remove them using Strong Malware Defender.

With their constant popping-up, these messages also hamper the victim’s work on the machine and slow down the PC’s overall performance. The only way to get rid of them is to eliminate their prime source – Strong Malware Defender.

The rogue’s phony scans are yet another one of its deception-tools. They are performed automatically, without the user’s authorization. Though the program pretends to be working hard on detecting malware pieces, it is incapable of doing so. However, after each scan, a list of infections is presented. It actually includes the very same files that Strong Malware Defender has created upon its installation. After each scan, the user is urged to buy the full version of Strong Malware Defender, which is advertised as an efficient virus-fighter. Keep in mind that the full version of this product is nothing more but a scam – again, and it cannot secure your computer’s safety.

To put in a nutshell, there is nothing legitimate in Strong Malware Defender. It is just one of the numerous viruses, invented by hackers with the only intention of gaining profit from unaware users. Strong Malware Defender can neither detect, nor remove viruses – what it does is to take computer systems as hostages and require their users to purchase its bogus full version. Do not let this malware trick you – eliminate it immediately with the help of a genuine AV tool!

Strong Malware Defender Manual Removal Instructions:

Stop These Strong Malware Defender Processes:
(Learn how to do this)

[random].exe
AS9c5_8046.exe
scandsk211d_8046.exe
ASa76.exe eb.exe
runddlkey.exe
Find and Delete These Strong Malware Defender Files:
(Learn how to do this)
%AllUsersProfile%\Application Data\5c678c\
%AllUsersProfile%\Application Data\5c678c\sqlite3.dll
%AllUsersProfile%\Application Data\5c678c\ASPSys\
%AllUsersProfile%\Application Data\5c678c\BackUp\
%AllUsersProfile%\Application Data\5c678c\Quarantine Items\
%AllUsersProfile%\Application Data\5c678c\582.mof
%AllUsersProfile%\Application Data\5c678c\AS9c5_8046.exe
%AllUsersProfile%\Application Data\5c678c\ASP.ico
%AllUsersProfile%\Application Data\5c678c\mozcrt19.dll
%AllUsersProfile%\Application Data\ASLNP\
%AllUsersProfile%\Application Data\ASLNP\ASUUDJRRJXP.cfg
%AppData%\Strong Malware Defender\
%AppData%\Strong Malware Defender\cookies.sqlite
%AppData%\Microsoft\Internet Explorer\Quick Launch\Strong Malware Defender.lnk
%UserProfile%\Desktop\Strong Malware Defender.lnk
%Temp%\scandsk211d_8046.exe
%UserProfile%\Start Menu\Strong Malware Defender.lnk
%UserProfile%\Start Menu\Programs\Smart Anti-Malware Protection.lnk
Remove These Strong Malware Defender Registry Values:
(Learn how to do this)
HKEY_LOCAL_MACHINE\Software\Classes\clsid\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Default = Implements DocHostUIHandler
LocalServer32 = %AllUsersProfile%\Application Data\5c678c\AS9c5_8046.exe
ProgID = AS9c5_8046.DocHostUIHandler
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe\
Debugger = svchost.exe
HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe\
Debugger = svchost.exe

Free Antispyware Scan

Tags: , , , ,

By

Speak Your Mind

*