Advanced Defender

Updated: March 23, 2013 Rogue 0 Comment

Advanced Defender is an added malware and a variant of Personal Protector. Both originate from a family of rogue programs. An evaluation made on Advanced Defender shows that it is lack of virus scanning components and therefore all of its generated scans are purely for promotional purposes. It will alert computer users of identified threats that do not actually exist on computer. This rogue program will first sneak into computer as a Trojan that is capable of redirecting Internet browser to scam web sites. These sites may secretly download and execute the fake anti-virus program onto visitor’s PC. The Trojan gets intensify in the presence of harmful software called Advanced Defender.

Fake programs like Advanced Defender is being promoted on its own swindle websites and can be carried-out by Trojan infection. Other ways to acquire this is by visiting malicious web sites that can download and install it on computer without your consent. Removing this unwanted application may not be feasible via Add/Remove of Windows because it does not contain an uninstall component when installed. An anti-malware or removal tool is necessary to completely remove Advanced Defender virus.

Screenshot Image:

Advanced Defender Image

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Malware Behavior
Advanced Defender’s presence on the computer will cause severe disturbance coming from excessive pop-up alerts and browser redirection. It also precludes users from executing any installed software. Opening or running any programs will exhibit a warning stating virus infection on the executable file. The alert will contain this full message:

“Cmd.exe is infected with worm Lsas.Blaster.Keyloger. This worm is trying to send your credit card details using to connect to remote host.”

This fake alert generated by Advanced Defender is fictitious. It attempts to trick victims about current security status of the system.

How to Remove Advanced Defender

Manual Removal Procedure

1. Kill any running process that belongs to Advanced Defender.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
algadvanceddefender.exe

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit. This will open registry editor.
- Find and delete the following:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "advanceddefender"
- Close registry editor. Changes made will be save automatically.

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Advanced Defender.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'

Automatic Removal of Advanced Defender

In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Alternative Removal Method for Advanced Defender

Option 1 : Use Windows System Restore to return Windows to previous state

If Advanced Defender enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Advanced Defender infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

Option 2 : Advanced Defender manual uninstall guide

IMPORTANT! Manual removal of Advanced Defender requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Advanced Defender.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Advanced Defender files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Advanced Defender.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

Associated Files and Folders:Added Registry Entries: