TheDefend is a rogue antispyware program that spreads mostly through the use of trojans which usually pretend to be flash updates, or even video codecs required to watch movies online.
Once installed, the trojan will install TheDefend onto your computer and will configure it to run automatically when Windows loads. The trojan will also create a lot of files with random name in Windows and Windows\System32 folders. All of these files are harmless, but TheDefend during the scan will label them as infections to trick you think that your computer in danger. Of course, the scan results are fake and you should ignore all that the program gives you!
What is more, the trojan that installs TheDefend will also install a variant of trojan FakeAlert. Once running, the trojan will show a screen that looks like Windows Security Center and a lot of fake spyware alerts and nag screens. An example:
Spyware Alert!
Your computer is infected with spyware. It could damage your
critical files or expose your private data on the Internet. Click
here to register your copy of TheDefend and remove spyware
threats from your PC.
Of course, all of these alerts are fake and like false scan results should be ignored! As you can see, TheDefend is a scam and should be removed upon detection. It designed with one purpose, to trick you into purchasing so-called “full” version of the program!
If you find that your computer is infected with the malware, please use the removal guide below to remove TheDefend from your computer for free.
More screen shoots of TheDefend
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [
O4 – HKCU\..\Run: [TheDefend.exe] C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe
Use the following instructions to remove TheDefend (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for TheDefend infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start TheDefend removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
TheDefend creates the following files and folders
C:\Documents and Settings\All Users\Start Menu\Programs\TheDefend
C:\Program Files\TheDefend Software
C:\Program Files\TheDefend Software\TheDefend
C:\Program Files\TheDefend Software\TheDefend\TheDefend.exe
C:\WINDOWS\system32\
C:\Documents and Settings\All Users\Start Menu\Programs\TheDefend\1 TheDefend.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\TheDefend\2 Homepage.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\TheDefend\3 Uninstall.lnk
C:\Program Files\TheDefend Software\TheDefend\uninstall.exe
C:\Documents and Settings\All Users\Desktop\TheDefend.LNK
TheDefend creates the following registry keys and values
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TheDefend
HKEY_LOCAL_MACHINE\SOFTWARE\TheDefend
HKEY_CURRENT_USER\SOFTWARE\TheDefend
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TheDefend.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Spyware can do the following:
1. gather information about user habits of use of the Internet, what sites are visited most frequently (known as “tracking software”);
2. record keystrokes (keyloggers) and make a screenshots (screen scraper) and send collected data to the creator of the spyware;
3. remotely control user computer (remote control software) – backdoor, botnets, droneware;
4. download and run on user computer an additional malware;
5. analyze the state of security systems, scan an open ports, and look for vulnerabilities to crack passwords;
