Home » Fake Antispyware » Strong Malware Defender

Strong Malware Defender Removal Guide

Threat Level:
9/10
Rate this Article:
Comments (0)
Article Views: 603
Category: Fake Antispyware

It seems like there’s no end to the flood of rogues from Rogue.VirusDoctor family, because Strong Malware Defender is yet another product from the same nest that has spawned Malware Protection Center, Home Malware Cleaner, Smart Anti-Malware Protection and other rogues. The relationship between the rogues is obvious, because Strong Malware Defender shares the same interface and is equipped with the same dangerous that can turn your life into hell.

Strong Malware Defender is dangerous in a sense that it seldom comes alone. It can be delivered by a Trojan infection, and if you have one Trojan in your system, you are very likely to get another Trojan anytime soon. Since Strong Malware Defender adds a subkey into the registry the rogue springs into action every single time you start your Windows. It floods you with various fake notifications that claim you are infected with Trojans and other viruses. According to Strong Malware Defender, the only way to get rid of these “viruses” is to register the program.

For that you are required to provide your name, address, credit card number, expiration date and CVV2 that would allow the criminals behind Strong Malware Defender to access your bank account and steal your money, using your information for various illegal financial operations. On top of that, your computer would still be infected with Strong Malware Defender and you certainly don’t want this infection to end that way, so you have to ignore all the fake security messages and fake alerts from Strong Malware Defender. Even this:

Warning! Virus detected
Threat detected: Trojan-PSW.Win32.Antigen.a
Security Risk
Infected File: [file path]
Description: This Trojan named ANTIGEN.EXE scans system files for your Internet passwords to steal and misuse them. It also scans your data for more private information: phone.

Such alerts look very professional and it is easy to fall for this trick, but do not be one of these users that lose all of their money and are left with a comatose computer at hand.

Remove Strong Malware Defender from your system as soon as you can. You can delete the rogue-related files on your own, but if your computer knowledge is not brilliant you are advised to acquire a trustworthy computer security program that will terminate Strong Malware Defender for you automatically.

Download Malware Scanner to detect Strong Malware Defender
Tested Strong Malware Defender removal solution for 64/32-bit Windows 7/Vista/XP/2000
*The Spyhunter scanner download on this site is intended to be used as a detection tool. If you want to use its a removal function, you will need to purchase the full version of SpyHunter.

Strong Malware Defender Screenshots:

Strong Malware Defender
Strong Malware Defender

Strong Malware Defender technical info for manual removal:

Files Modified/Created on the system:

# File Name File Size (Bytes) File Hash
1%CommonAppData%\79b35\Quarantine Items\
2%AppData%\Strong Malware Defender\ScanDisk_.exe
3%UserProfile%\Recent\ddv.dll
4%UserProfile%\Recent\PE.tmp
5%AppData%\Strong Malware Defender\Instructions.ini
6%CommonAppData%\79b35\HMCSys\
7%UserProfile%\Recent\eb.drv
8%UserProfile%\Recent\DBOLE.tmp
9%UserProfile%\Recent\tjd.dll
10%UserProfile%\Recent\fix.sys
11%AppData%\Microsoft\Internet Explorer\Quick Launch\Strong Malware Defender.lnk
12%CommonAppData%\79b35\BackUp\
13%UserProfile%\Recent\grid.sys
14%UserProfile%\Recent\energy.tmp
15%UserProfile%\Recent\CLSV.sys
16%AllUsersProfile%\Application Data\??????
17%CommonAppData%\79b35\
18%CommonAppData%\79b35\mozcrt19.dll
19%AppData%\Strong Malware Defender\cookies.sqlite
20%UserProfile%\Desktop\Strong Malware Defender.lnk
21%StartMenu%\Programs\Strong Malware Defender.lnk
22Strong Malware Defender.lnk
23%CommonAppData%\SMICFD\
24%CommonAppData%\79b35\SMa76.exe
25%AllUsersProfile%\Application Data\?????
26SMbf0.exe6725632 bytesMD5: 4c8f629b6cb36c5af155c225fc95e383
27%AppData%\Strong Malware Defender
28%AppData%\Strong Malware Defender\
29%AllUsersProfile%\??????
30%UserProfile%\Recent\kernel32.tmp
31%AllUsersProfile%\?????
32%CommonAppData%\SMICFD\SMSIFRIED.cfg
33%CommonAppData%\79b35\SMD.ico
34%CommonAppData%\79b35\sqlite3.dll
35%UserProfile%\Recent\ppal.sys
36StrongMD.exe4308480 bytesMD5: d4d7cfef9f046c27ea229f7c1db3f624
37%StartMenu%\Strong Malware Defender.lnk
38%UserProfile%\Recent\PE.exe
39%CommonAppData%\79b35\717.mof

Files in the following directories were modified:

  • %CommonAppData%\79b35\Quarantine Items
  • %AppData%\Strong Malware Defender
  • %UserProfile%\Recent
  • %CommonAppData%\79b35\HMCSys
  • %AppData%\Microsoft\Internet Explorer\Quick Launch
  • %CommonAppData%\79b35\BackUp
  • %AllUsersProfile%\Application Data
  • %CommonAppData%\79b35
  • %UserProfile%\Desktop
  • %StartMenu%\Programs
  • %CommonAppData%\SMICFD
  • %AppData%
  • %AllUsersProfile%
  • %StartMenu%

Memory Processes Created:

# Process Name Process Filename Main module size
1ScanDisk_.exeScanDisk_.exe
2SMa76.exeSMa76.exe
3SMbf0.exeSMbf0.exe6725632 bytes
4StrongMD.exeStrongMD.exe4308480 bytes
5PE.exePE.exe

Registry Modifications:

The following Registry Keys were created:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "DisallowRun" = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "6" = "avscan.exe"
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "0" = "msseces.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "IIL" = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "14" = "avgcmgr.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "12" = "avgemc.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "1" = "MSASCui.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "13" = "avgchsvx.exe"
  • HKEY_CLASSES_ROOT\dumped_patched.DocHostUIHandler
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "7" = "avgfrw.exe
  • HKEY_CURRENT_USER\Software\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "11" = "avgcfgex.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe
  • HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "15" = "avgwdsvc.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "lib/7.00007"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltTST"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "PRS" = "http://127.0.0.1:27777/?inj=%ORIGINAL%"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer "ltHI" = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "2" = "ekrn.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Strong Malware Defender"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "9" = "avgtray.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "10" = "avgscanx.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "UID" = 7
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "3" = "egui.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "8" = "avgui.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "4" = "avgnt.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun "5" = "avcenter.exe"

Reply

Your email address will not be published.

Name
Website
Comment

Enter the numbers in the box to the right *