Sunday, May 2, 2010

Defence Lab

Defence Lab (D.Lab) is a fake antivirus software. The fake scanner test the presence of a winload.dll file at different location:
%SYSTEM%\
%APPDATA%\Mozilla\Firefox\Profiles\Main\
%APPDATA%\Microsoft\SystemBackup\



if the file is present at any of these places (no matter if it is a 0ko file), the rogue displays a list of HardCoded fake infections:

WM/Trojan.Downloader.Get.5
AD/Porn.Adware.Gen
WM/Worm.Sun.E54
BHO/Dropper.Generic
TR/Trojan-Dropper.W32
TR/Trojan.Win32.Swisyn
BD/Malware.Assist
WM/BankTRJ.65
TR/Spyware.NTAP.Gen
BHO/Trojan-Banker.CI
TR/Trojan-Banker.Banbra.QOS

BOOTVID.DLL
pxcpyi64.exe
vrlogon.dll
iexpress.exe
mstime.dll
ieakeng.dll
wisptis.exe
hbaapi.dll
ws2_32.dll
TCPSVCS.EXE
ieui.dll
ntoskrnl.exe
kernel32.dll
user32.dll
userinit.exe
w95inf32.dll
explorer.exe



If your PC is infected with Defence Lab use MBAM to remove the infection.