System Defender

System Defender

Found: 
2011-03-21
Known system changes: 

Files


c:\Documents and Settings\<user>\Application Data\Microsoft\Internet Explorer\Quick Launch\System Defender.lnk
c:\Documents and Settings\All Users\Application Data\1379ef4e-c6f9-4a33-be28-409b9d3c7e04_.mkv
c:\Documents and Settings\All Users\Application Data\1379ef4e-c6f9-4a33-be28-409b9d3c7e04_39.avi
c:\Documents and Settings\All Users\Application Data\1379ef4e-c6f9-4a33-be28-409b9d3c7e04_39.ico


Folders
c:\Program Files\System Defender


Registry Entries


HKCU\Software\Microsoft\Windows\CurrentVersion\Run "1379ef4e-c6f9-4a33-be28-409b9d3c7e04_39"
Type: REG_SZ
Data: "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\All Users\Application Data\1379ef4e-c6f9-4a33-be28-409b9d3c7e04_39.avi", DllUnregisterServer
 
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\system32\rundll32.exe"
Type: REG_SZ
Data: C:\WINDOWS\system32\rundll32.exe:*:Enabled:System Defender


HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\system32\rundll32.exe"
Type: REG_SZ
Data: C:\WINDOWS\system32\rundll32.exe:*:Enabled:System Defender