Here is one more malware that disguises itself as the useful malware removal tool. It's function is almost same as that of the other disguised malwares. It does not scan your computer or find any virus or malware. When IronDefender is installed in a computer it will start along with windows on the next booting. It will perform a fake scan and informs the user that a harmful malware is present in his computer and it has to be removed. It asks the user to register IronDefender by paying a price for registration. Actually the message is a lie to make the poor victim to pay for the malware.
IronDefender will display options that other genuine antivirus as- "Full Scan", "System Scan", "Scan Basic Locations", "Scan Removable Media", "Scan Folder", "Realtime protection" and "Tools". All of the features do not really protect the computer but just show the fake functions only.
If you are a victim of the IronDefender, ir has to be removed immediately !
Removal:
Kill the process
F0E84.exe
vur4.exe
[random].exe
Delete the registry
HKEY_CURRENT_USER\Software\IronDefender
HKEY_LOCAL_MACHINE\SOFTWARE\IronDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IronDefender
HKEY_CURRENT_USER\Software "Install_Dir" = "C:\Program Files\FDFCA"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "vur4.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "F0E84.exe"
Delete the files and folders
%ALLUSERSPROFILE%\Start Menu\Programs\IronDefender.lnk
%ProgramFiles%\FDFCA\
%ProgramFiles%\FDFCA\F0E84.exe
%ProgramFiles%\FDFCA\Uninstall.exe
%SystemRoot%\[random].exe
%SystemRoot%\[random].bin
%SystemRoot%\[random].dll
%SystemRoot%\[random].cpl
%SystemRoot%\system32\[random].exe
%SystemRoot%\system32\[random].bin
%SystemRoot%\system32\[random].dll
%SystemRoot%\system32\[random].cpl
%UserProfile%\Desktop\hash
%UserProfile%\Desktop\IronDefender.lnk
%UserProfile%\Local Settings\Temp\[random].exe