You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard

APcDefender

 
Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

APcDefender is an adware program that carries out the following actions:

  • It reaches the computer in a file with the following name and icon:

    Icon with which APcDefender reaches the computer
  • Then, the interface of the program is opened and it starts scanning the computer in search for possible malware:

    Interface of the program
  • Once the scan is finished, a warning message is displayed informing users that the computer is infected:

    Warning message displayed by APcDefender
  • If users decide to follow the program's instructions and remove the threats, they will be required to enter a registration code:

    Registration code required by APcDefender
  • This registration code will be provided once users have purchased the product in the following website:

    Website to purchase APcDefender
  • It also adds an icon like the following to the task bar:

    Icon of the program which is added to the task bar

Infection strategy 

APcDefender creates a directory called APcDefender Software in the Program Files directory and a group of programs with the name APcDefender in the Start menu.

APcDefender creates the following files:

  • AH8585FM.EXE, which is a copy of itself in the Windows system directory.
  • APCDEFENDER.LNK, in the Desktop. This file is a shortcut to the program.

APcDefender creates many files in the Windows directory and in the Windows system directory.

 

APcDefender creates the following entries in the Windows Registry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    ah8585fm.exe
    By creating this entry, APcDefender ensures that it is run whenever Windows is started.
  • HKEY_CURRENT_USER\Software\APcDefender
    AgentsSettings
  • HKEY_CURRENT_USER\Software\APcDefender
    CurrentVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\APcDefender
    Install_Dir
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ APcDefender
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ APcDefender
    DisplayName
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ APcDefender
    NoModify
  • HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ APcDefender
    NoRepair
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ APcDefender
    UninstallString = C:\Program Files\APcDefender Software\APcDefender\uninstall.exe

Means of transmission 

APcDefender can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program. It can also reach the computer in a link that can be received via spam messages, fraudulent websites, etc.

Further Details  

APcDefender is 1,635,328 bytes in size.