Fake BitDefender 2011

Use the procedure on this page to remove fake BitDefender 2011 from the infected computer. Also included is link where in you can download a free removal tool.

Fake BitDefender 2011 is a misleading security software. It will mimic a legitimate and known antivirus program in order to deceive computer users. Sometimes called as the Fake Bit Defender 2011, this one is included in the lists of rogue security software that were created in the objective of making money using via unfair marketing method. The real BitDefender 2011 can be downloaded from official web site at bitdefender.com. It requires manual installation before it can run on the computer. While the rogue one’s are typically dropped by a Trojan and installed without user’s consent. In addition, real security software has three variants namely BitDefender Antivirus Pro, BitDefender Total Security 2011 and BitDefender Internet Security 2011. These variants offer different levels of protection.

You must know that fake BitDefender 2011 can penetrate your computer without getting spotted by your antivirus program. This malware is using a technique that will hide itself on the system by injecting a code on legitimate Windows process. A Trojan is also responsible why this fake software can control a system without hindrance from any of your computer protection. To load the malware each time you start Windows, it will make changes to the registry and other system settings.

Removing the fake BitDefender 2011 is the best idea to prevent further harm it may cause to a compromised computer. Use only legitimate anti-malware programs to scan the computer and remove the threat together with all corrupt files residing on the system.

Screenshot Image:

Alias: Bit Defender 2011

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

BitDefender 2011 Virus Removal Procedures

Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “BitDefender 2011″. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe

2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to BitDefender 2011 Virus.
4. Registry entries created by BitDefender 2011 must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of BitDefender 2011 start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe

7. Click Apply and restart Windows.

BitDefender 2011 Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Click here to download and run SAS Portable Scanner.

Technical Details and Additional Information:

Malicious Files Added by Fake BitDefender 2011:
c:\Program Files\BitDefender 2011\
c:\Program Files\BitDefender 2011\bitdefender.exe
c:\Documents and Settings\All Users\Start Menu\BitDefender 2011\
c:\Documents and Settings\All Users\Start Menu\BitDefender 2011\BitDefender 2011.lnk
%AllUsersProfile%\Start Menu\BitDefender 2011\Uninstall.lnk
%UserProfile%\Desktop\BitDefender 2011.lnk
%Temp%\srvED4.ini
%Temp%\srvED4.tmp

Fake BitDefender 2011 Registry Entries:
HKEY_CURRENT_USER\Software\MonEC2
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = ‘0’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “BitDefender 2011″ = ‘C:\Program Files\BitDefender 2011\bitdefender.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe “Debugger” = ‘msiexecs.exe -sb’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “WinNT-EVI 21.04.2011″

Alternative Removal Method for Fake BitDefender 2011

Option 1 : Use Windows System Restore to return Windows to previous state

If Fake BitDefender 2011 enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Fake BitDefender 2011 infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.