F-Secure
Tools
Rogue:W32/TotalDefender
Summary
Dishonest antivirus or antispyware software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.Additional Details
This is the family description for the TotalDefender family of rogue antimalware programs.
Like most rogueware families, programs from the TotalDefender family will scan the computer system and then display fake alert messages stating that the system has been compromised. To deal with the supposed infections, the user is required to purchase a license to 'fully utilize' the program and/or 'enable' its disinfection functionality.
Installation
A typical installation from this rogueware family installs component files in:
And adds the following registry key:
Where [Name] will typically be:
For example, the registry key may appear as HKEY_LOCAL_MACHINE\Software\Windows Defender\ .
Like most rogueware families, programs from the TotalDefender family will scan the computer system and then display fake alert messages stating that the system has been compromised. To deal with the supposed infections, the user is required to purchase a license to 'fully utilize' the program and/or 'enable' its disinfection functionality.
Installation
A typical installation from this rogueware family installs component files in:
- %Program Files%\ [Name] Defender\
And adds the following registry key:
- HKEY_LOCAL_MACHINE\Software\[Name] Defender\
Where [Name] will typically be:
- Windows
- Total
- IE
- Malware
For example, the registry key may appear as HKEY_LOCAL_MACHINE\Software\Windows Defender\ .