Jump to content
Sign in to follow this  
Metallica

Removal instructions for Orange Defender Antivirus

Recommended Posts

What is Orange Defender Antivirus?

The Malwarebytes research team has determined that Orange Defender Antivirus is a rogue anti-malware application. Some of these so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.
This particular one disables existing security programs and installs other software without user consent.

You are strongly advised to follow our removal instructions below.

How do I know if I am infected with Orange Defender Antivirus?

This is how the main screen of the rogue application looks:

main.png

You may see these warnings during install:

warning1.png

warning2.png

these scheduled tasks:

warning3.png

these warnings during operations:

warning5.png

warning6.png

and you may see this entry in your list of installed programs:

warning5.png

How did Orange Defender Antivirus get on my computer?

Rogue programs use different methods for spreading themselves. This particular one was downloaded from their website:

website.png

How do I remove Orange Defender Antivirus?

Our program Malwarebytes can detect and remove this rogue.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of Orange Defender Antivirus?

  • No, Malwarebytes removes Orange Defender Antivirus completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.

How would the full version of Malwarebytes help protect me?

We hope our application has helped you eradicate this malicious software. If your current security solution let this infection through, you might please consider purchasing the FULL version of Malwarebytes for additional protection.

As you can see below the full version of Malwarebytes would have protected you against the Orange Defender Antivirus rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.


protection1.png

Technical details for experts

Possible signs in FRST logs:
 

Task: {42E55C23-1DA5-47B7-A186-A849AD55EC60} - System32\Tasks\OrangeDefender => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe [7831128 2019-04-03] (Innovative Solutions Grup SRL -> Innovative Solutions)
Task: {7B506414-DDF8-4A7E-A17E-BC39773E40C2} - System32\Tasks\OrangeDefenderUpdate => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\updAvTask.exe [1539672 2019-04-03] (Innovative Solutions Grup SRL -> Innovative Solutions)
Task: C:\Windows\Tasks\OrangeDefender.job => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [196344 2018-05-31] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153552 2018-05-31] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2018-05-31] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [40664 2018-04-25] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
C:\Windows\system32\Tasks\OrangeDefenderUpdate
C:\Windows\system32\Tasks\OrangeDefender
C:\Windows\Tasks\OrangeDefender.job
C:\Users\{username}\Desktop\Orange Defender Antivirus.lnk
C:\Users\{username}\AppData\Roaming\Innovative Solutions
C:\Users\{username}\AppData\Local\Innovative Solutions
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orange Defender Antivirus
C:\ProgramData\Innovative Solutions
C:\Program Files (x86)\Innovative Solutions
(Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
(Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
(Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
(The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
(Innovative Solutions ) C:\Users\{username}\Desktop\orangedefender_setup.exe

Orange Defender Antivirus (HKLM-x32\...\ORD6_is1) (Version: 3.37.0.205 - Innovative Solutions)
FirewallRules: [{EF39E496-AD66-4973-813D-B966DBAE3249}] => (Allow) C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe (Innovative Solutions Grup SRL -> Innovative Solutions)

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus
       Adds the file avgio.dll"="5/31/2018 8:27 AM, 61872 bytes, A
       Adds the file countries.tsv"="4/25/2018 2:01 PM, 8537 bytes, A
       Adds the file exporter10.dll"="4/3/2019 10:37 AM, 2255448 bytes, A
       Adds the file innoupd.exe"="4/3/2019 10:37 AM, 1665624 bytes, A
       Adds the file memmgrset.dll"="4/3/2019 10:37 AM, 10840 bytes, A
       Adds the file orangedefender.CHS.lng"="4/3/2019 10:00 AM, 23976 bytes, A
       Adds the file orangedefender.DEU.lng"="4/3/2019 10:00 AM, 29564 bytes, A
       Adds the file orangedefender.ESN.lng"="4/3/2019 10:00 AM, 30262 bytes, A
       Adds the file orangedefender.exe"="4/3/2019 10:37 AM, 7831128 bytes, A
       Adds the file orangedefender.FIN.lng"="4/3/2019 10:00 AM, 30126 bytes, A
       Adds the file orangedefender.FRA.lng"="4/3/2019 10:00 AM, 30785 bytes, A
       Adds the file orangedefender.HIN.lng"="4/3/2019 10:00 AM, 31771 bytes, A
       Adds the file orangedefender.HUN.lng"="4/3/2019 10:00 AM, 33160 bytes, A
       Adds the file orangedefender.ITA.lng"="4/3/2019 10:00 AM, 29624 bytes, A
       Adds the file orangedefender.ntv.lng"="4/3/2019 10:00 AM, 26506 bytes, A
       Adds the file orangedefender.RUS.lng"="4/3/2019 10:00 AM, 27714 bytes, A
       Adds the file servpc.exe"="4/3/2019 10:37 AM, 1174104 bytes, A
       Adds the file sqlite3.dll"="4/3/2019 10:37 AM, 847816 bytes, A
       Adds the file stop_all.exe"="4/3/2019 10:37 AM, 917592 bytes, A
       Adds the file unins000.dat"="4/10/2020 8:46 AM, 44646 bytes, A
       Adds the file unins000.exe"="4/10/2020 8:44 AM, 1087649 bytes, A
       Adds the file updAvTask.exe"="4/3/2019 10:37 AM, 1539672 bytes, A
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA
       Adds the file on-access-drivers-install.cmd"="5/31/2018 8:27 AM, 5831 bytes, A
       Adds the file on-access-drivers-uninstall.cmd"="5/31/2018 8:27 AM, 7356 bytes, A
       Adds the file README"="5/31/2018 8:27 AM, 386 bytes, A
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\utils
       Adds the file on-access-drivers-final.cmd"="5/31/2018 8:27 AM, 2385 bytes, A
       Adds the file on-access-drivers-post.cmd"="5/31/2018 8:27 AM, 3835 bytes, A
       Adds the file on-access-drivers-pre.cmd"="5/31/2018 8:27 AM, 4641 bytes, A
       Adds the file sd_inst.exe"="5/31/2018 8:27 AM, 90368 bytes, A
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\vista
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win7
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win8
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\xp
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\vista
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win7
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win8
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\xp
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OpenVPN\bin
       Adds the file japonia.ovpn"="4/25/2018 2:02 PM, 8576 bytes, A
       Adds the file libeay32.dll"="4/25/2018 2:02 PM, 1705088 bytes, A
       Adds the file liblzo2-2.dll"="4/25/2018 2:02 PM, 174448 bytes, A
       Adds the file libpkcs11-helper-1.dll"="4/25/2018 2:02 PM, 112040 bytes, A
       Adds the file openssl.exe"="4/25/2018 2:02 PM, 859656 bytes, A
       Adds the file openvpn.exe"="4/25/2018 2:02 PM, 727680 bytes, A
       Adds the file openvpn-gui.exe"="4/25/2018 2:02 PM, 430720 bytes, A
       Adds the file openvpnserv.exe"="4/25/2018 2:02 PM, 32384 bytes, A
       Adds the file ssleay32.dll"="4/25/2018 2:02 PM, 379008 bytes, A
       Adds the file superb.ovpn"="4/25/2018 2:02 PM, 4494 bytes, A
       Adds the file test.ovpn"="4/25/2018 2:02 PM, 8636 bytes, A
       Adds the file vpn850936802.ovpn"="4/25/2018 2:02 PM, 8611 bytes, A
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OpenVPN64\bin
       Adds the file libeay32.dll"="4/25/2018 2:02 PM, 1757024 bytes, A
       Adds the file liblzo2-2.dll"="4/25/2018 2:02 PM, 226432 bytes, A
       Adds the file libpkcs11-helper-1.dll"="4/25/2018 2:02 PM, 123000 bytes, A
       Adds the file openssl.exe"="4/25/2018 2:02 PM, 851584 bytes, A
       Adds the file openvpn.exe"="4/25/2018 2:02 PM, 855904 bytes, A
       Adds the file openvpn-gui.exe"="4/25/2018 2:02 PM, 446304 bytes, A
       Adds the file openvpnserv.exe"="4/25/2018 2:02 PM, 38240 bytes, A
       Adds the file ssleay32.dll"="4/25/2018 2:02 PM, 367968 bytes, A
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows\bin
       Adds the file addtap.bat"="4/25/2018 2:02 PM, 114 bytes, A
       Adds the file deltapall.bat"="4/25/2018 2:02 PM, 177 bytes, A
       Adds the file devcon.exe"="4/25/2018 2:02 PM, 81920 bytes, A
       Adds the file tapinstall.exe"="4/25/2018 2:02 PM, 87696 bytes, A
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows\driver
       Adds the file OemVista.inf"="4/25/2018 2:02 PM, 7506 bytes, A
       Adds the file OemWin2k.inf"="4/25/2018 2:02 PM, 7288 bytes, A
       Adds the file tap0901.cat"="4/25/2018 2:02 PM, 19426 bytes, A
       Adds the file tap0901.sys"="4/25/2018 2:02 PM, 23040 bytes, A
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows64\bin
       Adds the file addtap.bat"="4/25/2018 2:02 PM, 110 bytes, A
       Adds the file deltapall.bat"="4/25/2018 2:02 PM, 173 bytes, A
       Adds the file devcon.exe"="4/25/2018 2:02 PM, 81920 bytes, A
    Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows64\driver
       Adds the file OemWin2k.inf"="4/25/2018 2:02 PM, 7288 bytes, A
       Adds the file tap0901.cat"="4/25/2018 2:02 PM, 10512 bytes, A
       Adds the file tap0901.sys"="4/25/2018 2:02 PM, 40664 bytes, A
    Adds the folder C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4
       Adds the file 16c3a02deb98ec21341667253136cf31.conf"="4/10/2020 8:47 AM, 285 bytes, A
       Adds the file antivir.key"="4/10/2020 8:47 AM, 1024 bytes, A
       Adds the file avupdate.exe"="5/31/2018 8:26 AM, 1967224 bytes, A
       Adds the file avupdate.log"="4/10/2020 8:47 AM, 0 bytes, A
       Adds the file avupdate_msg.avr"="5/31/2018 8:26 AM, 6392 bytes, A
    Adds the folder C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\idx
       Adds the file master.idx"="4/10/2020 8:47 AM, 172 bytes, A
    Adds the folder C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\idx\cache-tmp_YWSQtZ
       Adds the file module-vdf.info"="4/10/2020 8:47 AM, 142385 bytes, A
    Adds the folder C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\tmp\avupdate_tmp_DgqH2W\idx
       Adds the file master.idx"="4/10/2020 8:47 AM, 172 bytes, A
       Adds the file savapi4-ave2-win32-en.info"="4/10/2020 8:47 AM, 11601 bytes, A
       Adds the file savapi4-ave2-win32-en.info.gz"="4/10/2020 8:47 AM, 2793 bytes, A
       Adds the file savapi4lib-win32-en.info"="4/10/2020 8:47 AM, 6641 bytes, A
       Adds the file savapi4lib-win32-en.info.gz"="4/10/2020 8:47 AM, 2204 bytes, A
       Adds the file xvdf.info"="4/10/2020 8:47 AM, 142640 bytes, A
       Adds the file xvdf.info.gz"="4/10/2020 8:47 AM, 14714 bytes, A
    Adds the folder C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\tmp\avupdate_tmp_DgqH2W\savapi4lib\win32\en
       Adds the file apc_random_id_generator.exe"="4/10/2020 8:47 AM, 277024 bytes, A
       Adds the file apc_random_id_generator.exe.gz"="4/10/2020 8:47 AM, 138283 bytes, A
       Adds the file apcfile.dll"="4/10/2020 8:47 AM, 2774312 bytes, A
       Adds the file apcfile.dll.gz"="4/10/2020 8:47 AM, 1454982 bytes, A
       Adds the file cacert.crt"="4/10/2020 8:47 AM, 5242 bytes, A
       Adds the file cacert.crt.gz"="4/10/2020 8:47 AM, 3620 bytes, A
       Adds the file savapi.dll"="4/10/2020 8:47 AM, 2852128 bytes, A
       Adds the file savapi.dll.gz"="4/10/2020 8:47 AM, 1489062 bytes, A
    Adds the folder C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\tmp\avupdate_tmp_DgqH2W\x_vdf
       Adds the file aevdf.dat"="4/10/2020 8:47 AM, 5644 bytes, A
       Adds the file aevdf.dat.gz"="4/10/2020 8:47 AM, 1113 bytes, A
       Adds the file xbv00000.vdf.gz"="4/10/2020 8:47 AM, 0 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orange Defender Antivirus
       Adds the file Orange Defender Antivirus.lnk"="4/10/2020 8:46 AM, 1389 bytes, A
       Adds the file Uninstall Orange Defender Antivirus.lnk"="4/10/2020 8:46 AM, 1531 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Innovative Solutions\Orange Defender
       Adds the file cstscn.txt"="4/10/2020 8:47 AM, 169 bytes, A
       Adds the file ips.txt"="4/10/2020 8:47 AM, 242 bytes, A
       Adds the file vir.dat"="4/10/2020 8:47 AM, 0 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Innovative Solutions\Orange Defender\Promo\Inno\ntv\3-promo-1y-2y-spr2-ups
       Adds the file extra.txt"="4/10/2020 8:47 AM, 91 bytes, A
       Adds the file hint.jpg"="4/10/2020 8:47 AM, 8669 bytes, A
       Adds the file small.jpg"="4/10/2020 8:47 AM, 73704 bytes, A
       Adds the file small_buy_h.bmp"="4/10/2020 8:47 AM, 50630 bytes, A
       Adds the file small_buy_n.bmp"="4/10/2020 8:47 AM, 50630 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Innovative Solutions\Orange Defender
    In the existing folder C:\Users\{username}\Desktop
       Adds the file Orange Defender Antivirus.lnk"="4/10/2020 8:46 AM, 1371 bytes, A
    In the existing folder C:\Windows\System32\drivers
       Adds the file avgntflt.sys"="5/31/2018 8:27 AM, 196344 bytes, A
       Adds the file avipbb.sys"="5/31/2018 8:27 AM, 153552 bytes, A
       Adds the file avkmgr.sys"="5/31/2018 8:27 AM, 35328 bytes, A
       Adds the file tap0901.sys"="4/25/2018 2:02 PM, 40664 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file ODWELCOME"="4/10/2020 8:47 AM, 3776 bytes, A
       Adds the file OrangeDefender"="4/10/2020 8:47 AM, 2636 bytes, A
       Adds the file OrangeDefenderUpdate"="4/10/2020 8:47 AM, 3804 bytes, A
    In the existing folder C:\Windows\Tasks
       Adds the file OrangeDefender.job"="4/10/2020 8:47 AM, 354 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\OrangeDefender]
       "(Default)"="REG_SZ", "Scan with Orange Defender Antivirus"
       "Icon"="REG_SZ", "C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\OrangeDefender\command]
       "(Default)"="REG_SZ", ""C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe" "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\OrangeDefender]
       "(Default)"="REG_SZ", "Scan with Orange Defender Antivirus"
       "Icon"="REG_SZ", "C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\OrangeDefender\command]
       "(Default)"="REG_SZ", ""C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe" "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
       "OrangeDefender.job"="REG_BINARY, ................................
       "OrangeDefender.job.fp"="REG_DWORD", -1539930913
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Innovative Solutions\AVBase_SAVAPI4]
       "2d1c67aa0cf67ec853bc83f1fc57cea6"="REG_DWORD", 43931
       "update"="REG_DWORD", 86400
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Innovative Solutions\Orange Defender]
       "Affiliate"="REG_SZ", "Inno"
       "avd"="REG_BINARY, ....
       "driverVer"="REG_SZ", "49"
       "lappd"="REG_SZ", "C:\ProgramData"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Innovative Solutions\Orange Defender\Settings]
       "date"="REG_BINARY, ....
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ORD6_is1]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orange-defender.exe"
       "DisplayName"="REG_SZ", "Orange Defender Antivirus"
       "DisplayVersion"="REG_SZ", "3.37.0.205"
       "EstimatedSize"="REG_DWORD", 31949
       "HelpLink"="REG_SZ", "http://www.orange-defender.com/"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus"
       "Inno Setup: Deselected Tasks"="REG_SZ", ""
       "Inno Setup: Icon Group"="REG_SZ", "Orange Defender Antivirus"
       "Inno Setup: Language"="REG_SZ", "english"
       "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon"
       "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (a)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20200410"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\"
       "MajorVersion"="REG_DWORD", 3
       "MinorVersion"="REG_DWORD", 37
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Innovative Solutions"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\unins000.exe""
       "URLInfoAbout"="REG_SZ", "http://www.innovative-sol.com/"
       "URLUpdateInfo"="REG_SZ", "http://www.orange-defender.com/"
    [HKEY_CURRENT_USER\Software\Innovative Solutions\Analytics]
       "cid"="REG_SZ", "A66BB257-B4EE-46F2-B3BE-CFDA7A3960C6"
    [HKEY_CURRENT_USER\Software\Innovative Solutions\Orange Defender]
       "gl2"="REG_BINARY, ....
       "idate"="REG_BINARY, ....
       "lpr"="REG_BINARY, ....
       "servpc"="REG_SZ", "START_PC_"
       "welcome_displayed"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\Innovative Solutions\Orange Defender\3]
       "chkActivCheck"="REG_DWORD", 1
       "chkActivEnabled"="REG_DWORD", 1
       "chkActivVisible"="REG_DWORD", 1
       "chkallfilesCheck"="REG_DWORD", 1
       "chkallfilesEnabled"="REG_DWORD", 1
       "chkallfilesVisible"="REG_DWORD", 1
       "chkAutoRunCheck"="REG_DWORD", 1
       "chkAutoRunEnabled"="REG_DWORD", 1
       "chkAutoRunVisible"="REG_DWORD", 1
       "chkAutoUpdatesCheck"="REG_DWORD", 1
       "chkAutoUpdatesEnabled"="REG_DWORD", 1
       "chkAutoUpdatesVisible"="REG_DWORD", 1
       "chkdangerofilesCheck"="REG_DWORD", 0
       "chkdangerofilesEnabled"="REG_DWORD", 1
       "chkdangerofilesVisible"="REG_DWORD", 1
       "chkfilelistCheck"="REG_DWORD", 0
       "chkfilelistEnabled"="REG_DWORD", 1
       "chkfilelistVisible"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\Innovative Solutions\Orange Defender\3\Default]
       "chkActivCheck"="REG_DWORD", 1
       "chkActivEnabled"="REG_DWORD", 1
       "chkActivVisible"="REG_DWORD", 1
       "chkallfilesCheck"="REG_DWORD", 1
       "chkallfilesEnabled"="REG_DWORD", 1
       "chkallfilesVisible"="REG_DWORD", 1
       "chkAutoRunCheck"="REG_DWORD", 1
       "chkAutoRunEnabled"="REG_DWORD", 1
       "chkAutoRunVisible"="REG_DWORD", 1
       "chkAutoUpdatesCheck"="REG_DWORD", 1
       "chkAutoUpdatesEnabled"="REG_DWORD", 1
       "chkAutoUpdatesVisible"="REG_DWORD", 1
       "chkdangerofilesCheck"="REG_DWORD", 0
       "chkdangerofilesEnabled"="REG_DWORD", 1
       "chkdangerofilesVisible"="REG_DWORD", 1
       "chkfilelistCheck"="REG_DWORD", 0
       "chkfilelistEnabled"="REG_DWORD", 1
       "chkfilelistVisible"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\Innovative Solutions\Orange Defender\3\Settings]
       "LocalizerExt"="REG_SZ", "EXE"

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/10/20
Scan Time: 9:03 AM
Log File: 680b74a8-7af9-11ea-b3b5-00ff7d9d7bd1.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.867
Update Package Version: 1.0.22220
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 233684
Threats Detected: 355
Threats Quarantined: 355
Time Elapsed: 5 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 5
PUP.Optional.OrangeDefender, HKLM\SOFTWARE\CLASSES\*\SHELL\OrangeDefender, Quarantined, 1253, 809395, 1.0.22220, , ame, 
PUP.Optional.OrangeDefender, HKCU\SOFTWARE\INNOVATIVE SOLUTIONS\Orange Defender, Quarantined, 1253, 809400, 1.0.22220, , ame, 
PUP.Optional.OrangeDefender, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ORD6_is1, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, HKLM\SOFTWARE\WOW6432NODE\INNOVATIVE SOLUTIONS\AVBase_SAVAPI4, Quarantined, 1253, 809397, 1.0.22220, , ame, 
PUP.Optional.OrangeDefender, HKLM\SOFTWARE\WOW6432NODE\INNOVATIVE SOLUTIONS\Orange Defender, Quarantined, 1253, 809396, 1.0.22220, , ame, 

Registry Value: 1
PUP.Optional.OrangeDefender, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ORD6_IS1|DISPLAYNAME, Quarantined, 1253, 809398, 1.0.22220, , ame, 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows64\bin, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\idx, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\tmp, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\USERS\{username}\APPDATA\ROAMING\INNOVATIVE SOLUTIONS\ORANGE DEFENDER, Quarantined, 1253, 809392, 1.0.22220, , ame, 

File: 345
PUP.Optional.OrangeDefender, C:\USERS\{username}\DESKTOP\ORANGE DEFENDER ANTIVIRUS.LNK, Quarantined, 1253, 809389, 1.0.22220, , ame, 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\utils\on-access-drivers-final.cmd, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\utils\on-access-drivers-post.cmd, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\utils\on-access-drivers-pre.cmd, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\vista\avgntflt.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\vista\avipbb.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\vista\avkmgr.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win7\avgntflt.cat, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win7\avgntflt.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win7\avipbb.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win7\avkmgr.cat, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win7\avkmgr.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win8\avgntflt.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win8\avipbb.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win8\avkmgr.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\xp\avgntflt.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\xp\avipbb.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\xp\avkmgr.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\vista\avgntflt.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\vista\avipbb.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\vista\avkmgr.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win7\avgntflt.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win7\avipbb.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win7\avkmgr.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win8\avgntflt.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win8\avipbb.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win8\avkmgr.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\xp\avgntflt.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\xp\avipbb.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\xp\avkmgr.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\on-access-drivers-install.cmd, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\on-access-drivers-uninstall.cmd, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\README, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OpenVPN\bin\japonia.ovpn, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OpenVPN\bin\superb.ovpn, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OpenVPN\bin\test.ovpn, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OpenVPN\bin\vpn850936802.ovpn, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows\bin\addtap.bat, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows\bin\deltapall.bat, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows\bin\devcon.exe, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows\driver\OemVista.inf, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows\driver\tap0901.sys, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows64\bin\addtap.bat, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows64\bin\deltapall.bat, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows64\bin\devcon.exe, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\countries.tsv, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\exporter10.dll, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\innoupd.exe, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\memmgrset.dll, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.CHS.lng, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.DEU.lng, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.ESN.lng, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.FIN.lng, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.FRA.lng, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.HIN.lng, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.HUN.lng, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.ITA.lng, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.ntv.lng, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.RUS.lng, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\servpc.exe, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\sqlite3.dll, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\stop_all.exe, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\unins000.dat, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\unins000.exe, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\updAvTask.exe, Quarantined, 1253, 809386, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\idx\master.idx, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\idx\module-vdf.info, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\16c3a02deb98ec21341667253136cf31.conf, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aedroid_gwf.dat, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aeexp_gwf.dat, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aeheur_agen.dat, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aeheur_gwf.dat, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aeheur_mv.dat, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aelibinf_db.dat, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aelidb.dat, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aeoffice_gwf.dat, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aeset.dat, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aevdf.dat, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\antivir.key, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\apcfile.dll, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\apc_random_id_generator.exe, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\avupdate.log, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\avupdate_msg.avr, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\cacert.crt, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\inno.log, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\local000.vdf, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\xbv00000.vdf, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\xbv00255.vdf, Quarantined, 1253, 809388, , , , 
PUP.Optional.OrangeDefender, C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\LOCALCOPY\{9F95FB58-A63F-48A9-8352-79053907B8E4}-ORANGEDEFENDER_SETUP.EXE, Quarantined, 1253, 809402, 1.0.22220, , ame, 
PUP.Optional.OrangeDefender, C:\USERS\{username}\DESKTOP\ORANGEDEFENDER_SETUP.EXE, Quarantined, 1253, 809402, 1.0.22220, , ame, 

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.