What is Orange Defender Antivirus?
The Malwarebytes research team has determined that Orange Defender Antivirus is a rogue anti-malware application. Some of these so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.
This particular one disables existing security programs and installs other software without user consent.
You are strongly advised to follow our removal instructions below.
How do I know if I am infected with Orange Defender Antivirus?
This is how the main screen of the rogue application looks:
You may see these warnings during install:
these scheduled tasks:
these warnings during operations:
and you may see this entry in your list of installed programs:
How did Orange Defender Antivirus get on my computer?
Rogue programs use different methods for spreading themselves. This particular one was downloaded from their website:
How do I remove Orange Defender Antivirus?
Our program Malwarebytes can detect and remove this rogue.
- Please download Malwarebytes for Windows to your desktop.
- Double-click MBSetup.exe and follow the prompts to install the program.
- When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- When the scan is finished click Quarantine to remove the found threats.
- Reboot the system if prompted to complete the removal process.
- No, Malwarebytes removes Orange Defender Antivirus completely.
- This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
We hope our application has helped you eradicate this malicious software. If your current security solution let this infection through, you might please consider purchasing the FULL version of Malwarebytes for additional protection.
As you can see below the full version of Malwarebytes would have protected you against the Orange Defender Antivirus rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
Possible signs in FRST logs:
Task: {42E55C23-1DA5-47B7-A186-A849AD55EC60} - System32\Tasks\OrangeDefender => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe [7831128 2019-04-03] (Innovative Solutions Grup SRL -> Innovative Solutions) Task: {7B506414-DDF8-4A7E-A17E-BC39773E40C2} - System32\Tasks\OrangeDefenderUpdate => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\updAvTask.exe [1539672 2019-04-03] (Innovative Solutions Grup SRL -> Innovative Solutions) Task: C:\Windows\Tasks\OrangeDefender.job => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [196344 2018-05-31] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153552 2018-05-31] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2018-05-31] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [40664 2018-04-25] (OpenVPN Technologies, Inc. -> The OpenVPN Project) C:\Windows\system32\Tasks\OrangeDefenderUpdate C:\Windows\system32\Tasks\OrangeDefender C:\Windows\Tasks\OrangeDefender.job C:\Users\{username}\Desktop\Orange Defender Antivirus.lnk C:\Users\{username}\AppData\Roaming\Innovative Solutions C:\Users\{username}\AppData\Local\Innovative Solutions C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orange Defender Antivirus C:\ProgramData\Innovative Solutions C:\Program Files (x86)\Innovative Solutions (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys (Innovative Solutions ) C:\Users\{username}\Desktop\orangedefender_setup.exe Orange Defender Antivirus (HKLM-x32\...\ORD6_is1) (Version: 3.37.0.205 - Innovative Solutions) FirewallRules: [{EF39E496-AD66-4973-813D-B966DBAE3249}] => (Allow) C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe (Innovative Solutions Grup SRL -> Innovative Solutions)Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus Adds the file avgio.dll"="5/31/2018 8:27 AM, 61872 bytes, A Adds the file countries.tsv"="4/25/2018 2:01 PM, 8537 bytes, A Adds the file exporter10.dll"="4/3/2019 10:37 AM, 2255448 bytes, A Adds the file innoupd.exe"="4/3/2019 10:37 AM, 1665624 bytes, A Adds the file memmgrset.dll"="4/3/2019 10:37 AM, 10840 bytes, A Adds the file orangedefender.CHS.lng"="4/3/2019 10:00 AM, 23976 bytes, A Adds the file orangedefender.DEU.lng"="4/3/2019 10:00 AM, 29564 bytes, A Adds the file orangedefender.ESN.lng"="4/3/2019 10:00 AM, 30262 bytes, A Adds the file orangedefender.exe"="4/3/2019 10:37 AM, 7831128 bytes, A Adds the file orangedefender.FIN.lng"="4/3/2019 10:00 AM, 30126 bytes, A Adds the file orangedefender.FRA.lng"="4/3/2019 10:00 AM, 30785 bytes, A Adds the file orangedefender.HIN.lng"="4/3/2019 10:00 AM, 31771 bytes, A Adds the file orangedefender.HUN.lng"="4/3/2019 10:00 AM, 33160 bytes, A Adds the file orangedefender.ITA.lng"="4/3/2019 10:00 AM, 29624 bytes, A Adds the file orangedefender.ntv.lng"="4/3/2019 10:00 AM, 26506 bytes, A Adds the file orangedefender.RUS.lng"="4/3/2019 10:00 AM, 27714 bytes, A Adds the file servpc.exe"="4/3/2019 10:37 AM, 1174104 bytes, A Adds the file sqlite3.dll"="4/3/2019 10:37 AM, 847816 bytes, A Adds the file stop_all.exe"="4/3/2019 10:37 AM, 917592 bytes, A Adds the file unins000.dat"="4/10/2020 8:46 AM, 44646 bytes, A Adds the file unins000.exe"="4/10/2020 8:44 AM, 1087649 bytes, A Adds the file updAvTask.exe"="4/3/2019 10:37 AM, 1539672 bytes, A Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA Adds the file on-access-drivers-install.cmd"="5/31/2018 8:27 AM, 5831 bytes, A Adds the file on-access-drivers-uninstall.cmd"="5/31/2018 8:27 AM, 7356 bytes, A Adds the file README"="5/31/2018 8:27 AM, 386 bytes, A Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\utils Adds the file on-access-drivers-final.cmd"="5/31/2018 8:27 AM, 2385 bytes, A Adds the file on-access-drivers-post.cmd"="5/31/2018 8:27 AM, 3835 bytes, A Adds the file on-access-drivers-pre.cmd"="5/31/2018 8:27 AM, 4641 bytes, A Adds the file sd_inst.exe"="5/31/2018 8:27 AM, 90368 bytes, A Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32 Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\vista Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win7 Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win8 Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\xp Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\vista Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win7 Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win8 Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\xp Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OpenVPN\bin Adds the file japonia.ovpn"="4/25/2018 2:02 PM, 8576 bytes, A Adds the file libeay32.dll"="4/25/2018 2:02 PM, 1705088 bytes, A Adds the file liblzo2-2.dll"="4/25/2018 2:02 PM, 174448 bytes, A Adds the file libpkcs11-helper-1.dll"="4/25/2018 2:02 PM, 112040 bytes, A Adds the file openssl.exe"="4/25/2018 2:02 PM, 859656 bytes, A Adds the file openvpn.exe"="4/25/2018 2:02 PM, 727680 bytes, A Adds the file openvpn-gui.exe"="4/25/2018 2:02 PM, 430720 bytes, A Adds the file openvpnserv.exe"="4/25/2018 2:02 PM, 32384 bytes, A Adds the file ssleay32.dll"="4/25/2018 2:02 PM, 379008 bytes, A Adds the file superb.ovpn"="4/25/2018 2:02 PM, 4494 bytes, A Adds the file test.ovpn"="4/25/2018 2:02 PM, 8636 bytes, A Adds the file vpn850936802.ovpn"="4/25/2018 2:02 PM, 8611 bytes, A Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OpenVPN64\bin Adds the file libeay32.dll"="4/25/2018 2:02 PM, 1757024 bytes, A Adds the file liblzo2-2.dll"="4/25/2018 2:02 PM, 226432 bytes, A Adds the file libpkcs11-helper-1.dll"="4/25/2018 2:02 PM, 123000 bytes, A Adds the file openssl.exe"="4/25/2018 2:02 PM, 851584 bytes, A Adds the file openvpn.exe"="4/25/2018 2:02 PM, 855904 bytes, A Adds the file openvpn-gui.exe"="4/25/2018 2:02 PM, 446304 bytes, A Adds the file openvpnserv.exe"="4/25/2018 2:02 PM, 38240 bytes, A Adds the file ssleay32.dll"="4/25/2018 2:02 PM, 367968 bytes, A Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows\bin Adds the file addtap.bat"="4/25/2018 2:02 PM, 114 bytes, A Adds the file deltapall.bat"="4/25/2018 2:02 PM, 177 bytes, A Adds the file devcon.exe"="4/25/2018 2:02 PM, 81920 bytes, A Adds the file tapinstall.exe"="4/25/2018 2:02 PM, 87696 bytes, A Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows\driver Adds the file OemVista.inf"="4/25/2018 2:02 PM, 7506 bytes, A Adds the file OemWin2k.inf"="4/25/2018 2:02 PM, 7288 bytes, A Adds the file tap0901.cat"="4/25/2018 2:02 PM, 19426 bytes, A Adds the file tap0901.sys"="4/25/2018 2:02 PM, 23040 bytes, A Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows64\bin Adds the file addtap.bat"="4/25/2018 2:02 PM, 110 bytes, A Adds the file deltapall.bat"="4/25/2018 2:02 PM, 173 bytes, A Adds the file devcon.exe"="4/25/2018 2:02 PM, 81920 bytes, A Adds the folder C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows64\driver Adds the file OemWin2k.inf"="4/25/2018 2:02 PM, 7288 bytes, A Adds the file tap0901.cat"="4/25/2018 2:02 PM, 10512 bytes, A Adds the file tap0901.sys"="4/25/2018 2:02 PM, 40664 bytes, A Adds the folder C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4 Adds the file 16c3a02deb98ec21341667253136cf31.conf"="4/10/2020 8:47 AM, 285 bytes, A Adds the file antivir.key"="4/10/2020 8:47 AM, 1024 bytes, A Adds the file avupdate.exe"="5/31/2018 8:26 AM, 1967224 bytes, A Adds the file avupdate.log"="4/10/2020 8:47 AM, 0 bytes, A Adds the file avupdate_msg.avr"="5/31/2018 8:26 AM, 6392 bytes, A Adds the folder C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\idx Adds the file master.idx"="4/10/2020 8:47 AM, 172 bytes, A Adds the folder C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\idx\cache-tmp_YWSQtZ Adds the file module-vdf.info"="4/10/2020 8:47 AM, 142385 bytes, A Adds the folder C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\tmp\avupdate_tmp_DgqH2W\idx Adds the file master.idx"="4/10/2020 8:47 AM, 172 bytes, A Adds the file savapi4-ave2-win32-en.info"="4/10/2020 8:47 AM, 11601 bytes, A Adds the file savapi4-ave2-win32-en.info.gz"="4/10/2020 8:47 AM, 2793 bytes, A Adds the file savapi4lib-win32-en.info"="4/10/2020 8:47 AM, 6641 bytes, A Adds the file savapi4lib-win32-en.info.gz"="4/10/2020 8:47 AM, 2204 bytes, A Adds the file xvdf.info"="4/10/2020 8:47 AM, 142640 bytes, A Adds the file xvdf.info.gz"="4/10/2020 8:47 AM, 14714 bytes, A Adds the folder C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\tmp\avupdate_tmp_DgqH2W\savapi4lib\win32\en Adds the file apc_random_id_generator.exe"="4/10/2020 8:47 AM, 277024 bytes, A Adds the file apc_random_id_generator.exe.gz"="4/10/2020 8:47 AM, 138283 bytes, A Adds the file apcfile.dll"="4/10/2020 8:47 AM, 2774312 bytes, A Adds the file apcfile.dll.gz"="4/10/2020 8:47 AM, 1454982 bytes, A Adds the file cacert.crt"="4/10/2020 8:47 AM, 5242 bytes, A Adds the file cacert.crt.gz"="4/10/2020 8:47 AM, 3620 bytes, A Adds the file savapi.dll"="4/10/2020 8:47 AM, 2852128 bytes, A Adds the file savapi.dll.gz"="4/10/2020 8:47 AM, 1489062 bytes, A Adds the folder C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\tmp\avupdate_tmp_DgqH2W\x_vdf Adds the file aevdf.dat"="4/10/2020 8:47 AM, 5644 bytes, A Adds the file aevdf.dat.gz"="4/10/2020 8:47 AM, 1113 bytes, A Adds the file xbv00000.vdf.gz"="4/10/2020 8:47 AM, 0 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orange Defender Antivirus Adds the file Orange Defender Antivirus.lnk"="4/10/2020 8:46 AM, 1389 bytes, A Adds the file Uninstall Orange Defender Antivirus.lnk"="4/10/2020 8:46 AM, 1531 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Innovative Solutions\Orange Defender Adds the file cstscn.txt"="4/10/2020 8:47 AM, 169 bytes, A Adds the file ips.txt"="4/10/2020 8:47 AM, 242 bytes, A Adds the file vir.dat"="4/10/2020 8:47 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Innovative Solutions\Orange Defender\Promo\Inno\ntv\3-promo-1y-2y-spr2-ups Adds the file extra.txt"="4/10/2020 8:47 AM, 91 bytes, A Adds the file hint.jpg"="4/10/2020 8:47 AM, 8669 bytes, A Adds the file small.jpg"="4/10/2020 8:47 AM, 73704 bytes, A Adds the file small_buy_h.bmp"="4/10/2020 8:47 AM, 50630 bytes, A Adds the file small_buy_n.bmp"="4/10/2020 8:47 AM, 50630 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Innovative Solutions\Orange Defender In the existing folder C:\Users\{username}\Desktop Adds the file Orange Defender Antivirus.lnk"="4/10/2020 8:46 AM, 1371 bytes, A In the existing folder C:\Windows\System32\drivers Adds the file avgntflt.sys"="5/31/2018 8:27 AM, 196344 bytes, A Adds the file avipbb.sys"="5/31/2018 8:27 AM, 153552 bytes, A Adds the file avkmgr.sys"="5/31/2018 8:27 AM, 35328 bytes, A Adds the file tap0901.sys"="4/25/2018 2:02 PM, 40664 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file ODWELCOME"="4/10/2020 8:47 AM, 3776 bytes, A Adds the file OrangeDefender"="4/10/2020 8:47 AM, 2636 bytes, A Adds the file OrangeDefenderUpdate"="4/10/2020 8:47 AM, 3804 bytes, A In the existing folder C:\Windows\Tasks Adds the file OrangeDefender.job"="4/10/2020 8:47 AM, 354 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\OrangeDefender] "(Default)"="REG_SZ", "Scan with Orange Defender Antivirus" "Icon"="REG_SZ", "C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\OrangeDefender\command] "(Default)"="REG_SZ", ""C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe" "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\OrangeDefender] "(Default)"="REG_SZ", "Scan with Orange Defender Antivirus" "Icon"="REG_SZ", "C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\OrangeDefender\command] "(Default)"="REG_SZ", ""C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe" "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "OrangeDefender.job"="REG_BINARY, ................................ "OrangeDefender.job.fp"="REG_DWORD", -1539930913 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Innovative Solutions\AVBase_SAVAPI4] "2d1c67aa0cf67ec853bc83f1fc57cea6"="REG_DWORD", 43931 "update"="REG_DWORD", 86400 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Innovative Solutions\Orange Defender] "Affiliate"="REG_SZ", "Inno" "avd"="REG_BINARY, .... "driverVer"="REG_SZ", "49" "lappd"="REG_SZ", "C:\ProgramData" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Innovative Solutions\Orange Defender\Settings] "date"="REG_BINARY, .... [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ORD6_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orange-defender.exe" "DisplayName"="REG_SZ", "Orange Defender Antivirus" "DisplayVersion"="REG_SZ", "3.37.0.205" "EstimatedSize"="REG_DWORD", 31949 "HelpLink"="REG_SZ", "http://www.orange-defender.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "Orange Defender Antivirus" "Inno Setup: Language"="REG_SZ", "english" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20200410" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\" "MajorVersion"="REG_DWORD", 3 "MinorVersion"="REG_DWORD", 37 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Innovative Solutions" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\unins000.exe"" "URLInfoAbout"="REG_SZ", "http://www.innovative-sol.com/" "URLUpdateInfo"="REG_SZ", "http://www.orange-defender.com/" [HKEY_CURRENT_USER\Software\Innovative Solutions\Analytics] "cid"="REG_SZ", "A66BB257-B4EE-46F2-B3BE-CFDA7A3960C6" [HKEY_CURRENT_USER\Software\Innovative Solutions\Orange Defender] "gl2"="REG_BINARY, .... "idate"="REG_BINARY, .... "lpr"="REG_BINARY, .... "servpc"="REG_SZ", "START_PC_" "welcome_displayed"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Innovative Solutions\Orange Defender\3] "chkActivCheck"="REG_DWORD", 1 "chkActivEnabled"="REG_DWORD", 1 "chkActivVisible"="REG_DWORD", 1 "chkallfilesCheck"="REG_DWORD", 1 "chkallfilesEnabled"="REG_DWORD", 1 "chkallfilesVisible"="REG_DWORD", 1 "chkAutoRunCheck"="REG_DWORD", 1 "chkAutoRunEnabled"="REG_DWORD", 1 "chkAutoRunVisible"="REG_DWORD", 1 "chkAutoUpdatesCheck"="REG_DWORD", 1 "chkAutoUpdatesEnabled"="REG_DWORD", 1 "chkAutoUpdatesVisible"="REG_DWORD", 1 "chkdangerofilesCheck"="REG_DWORD", 0 "chkdangerofilesEnabled"="REG_DWORD", 1 "chkdangerofilesVisible"="REG_DWORD", 1 "chkfilelistCheck"="REG_DWORD", 0 "chkfilelistEnabled"="REG_DWORD", 1 "chkfilelistVisible"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Innovative Solutions\Orange Defender\3\Default] "chkActivCheck"="REG_DWORD", 1 "chkActivEnabled"="REG_DWORD", 1 "chkActivVisible"="REG_DWORD", 1 "chkallfilesCheck"="REG_DWORD", 1 "chkallfilesEnabled"="REG_DWORD", 1 "chkallfilesVisible"="REG_DWORD", 1 "chkAutoRunCheck"="REG_DWORD", 1 "chkAutoRunEnabled"="REG_DWORD", 1 "chkAutoRunVisible"="REG_DWORD", 1 "chkAutoUpdatesCheck"="REG_DWORD", 1 "chkAutoUpdatesEnabled"="REG_DWORD", 1 "chkAutoUpdatesVisible"="REG_DWORD", 1 "chkdangerofilesCheck"="REG_DWORD", 0 "chkdangerofilesEnabled"="REG_DWORD", 1 "chkdangerofilesVisible"="REG_DWORD", 1 "chkfilelistCheck"="REG_DWORD", 0 "chkfilelistEnabled"="REG_DWORD", 1 "chkfilelistVisible"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\Innovative Solutions\Orange Defender\3\Settings] "LocalizerExt"="REG_SZ", "EXE"Malwarebytes log:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/10/20 Scan Time: 9:03 AM Log File: 680b74a8-7af9-11ea-b3b5-00ff7d9d7bd1.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.867 Update Package Version: 1.0.22220 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233684 Threats Detected: 355 Threats Quarantined: 355 Time Elapsed: 5 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 5 PUP.Optional.OrangeDefender, HKLM\SOFTWARE\CLASSES\*\SHELL\OrangeDefender, Quarantined, 1253, 809395, 1.0.22220, , ame, PUP.Optional.OrangeDefender, HKCU\SOFTWARE\INNOVATIVE SOLUTIONS\Orange Defender, Quarantined, 1253, 809400, 1.0.22220, , ame, PUP.Optional.OrangeDefender, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ORD6_is1, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, HKLM\SOFTWARE\WOW6432NODE\INNOVATIVE SOLUTIONS\AVBase_SAVAPI4, Quarantined, 1253, 809397, 1.0.22220, , ame, PUP.Optional.OrangeDefender, HKLM\SOFTWARE\WOW6432NODE\INNOVATIVE SOLUTIONS\Orange Defender, Quarantined, 1253, 809396, 1.0.22220, , ame, Registry Value: 1 PUP.Optional.OrangeDefender, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ORD6_IS1|DISPLAYNAME, Quarantined, 1253, 809398, 1.0.22220, , ame, Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows64\bin, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\idx, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\tmp, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\USERS\{username}\APPDATA\ROAMING\INNOVATIVE SOLUTIONS\ORANGE DEFENDER, Quarantined, 1253, 809392, 1.0.22220, , ame, File: 345 PUP.Optional.OrangeDefender, C:\USERS\{username}\DESKTOP\ORANGE DEFENDER ANTIVIRUS.LNK, Quarantined, 1253, 809389, 1.0.22220, , ame, PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\utils\on-access-drivers-final.cmd, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\utils\on-access-drivers-post.cmd, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\utils\on-access-drivers-pre.cmd, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\vista\avgntflt.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\vista\avipbb.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\vista\avkmgr.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win7\avgntflt.cat, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win7\avgntflt.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win7\avipbb.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win7\avkmgr.cat, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win7\avkmgr.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win8\avgntflt.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win8\avipbb.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\win8\avkmgr.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\xp\avgntflt.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\xp\avipbb.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win32\xp\avkmgr.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\vista\avgntflt.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\vista\avipbb.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\vista\avkmgr.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win7\avgntflt.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win7\avipbb.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win7\avkmgr.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win8\avgntflt.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win8\avipbb.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\win8\avkmgr.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\xp\avgntflt.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\xp\avipbb.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\win64\xp\avkmgr.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\on-access-drivers-install.cmd, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\on-access-drivers-uninstall.cmd, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OA\README, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OpenVPN\bin\japonia.ovpn, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OpenVPN\bin\superb.ovpn, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OpenVPN\bin\test.ovpn, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\OpenVPN\bin\vpn850936802.ovpn, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows\bin\addtap.bat, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows\bin\deltapall.bat, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows\bin\devcon.exe, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows\driver\OemVista.inf, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows\driver\tap0901.sys, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows64\bin\addtap.bat, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows64\bin\deltapall.bat, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\TAP-Windows64\bin\devcon.exe, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\countries.tsv, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\exporter10.dll, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\innoupd.exe, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\memmgrset.dll, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.CHS.lng, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.DEU.lng, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.ESN.lng, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.FIN.lng, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.FRA.lng, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.HIN.lng, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.HUN.lng, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.ITA.lng, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.ntv.lng, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.RUS.lng, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\servpc.exe, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\sqlite3.dll, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\stop_all.exe, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\unins000.dat, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\unins000.exe, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\updAvTask.exe, Quarantined, 1253, 809386, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\idx\master.idx, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\idx\module-vdf.info, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\16c3a02deb98ec21341667253136cf31.conf, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aedroid_gwf.dat, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aeexp_gwf.dat, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aeheur_agen.dat, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aeheur_gwf.dat, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aeheur_mv.dat, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aelibinf_db.dat, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aelidb.dat, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aeoffice_gwf.dat, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aeset.dat, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\aevdf.dat, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\antivir.key, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\apcfile.dll, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\apc_random_id_generator.exe, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\avupdate.log, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\avupdate_msg.avr, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\cacert.crt, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\inno.log, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\local000.vdf, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\xbv00000.vdf, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\ProgramData\Innovative Solutions\AVBase_SAVAPI4\xbv00255.vdf, Quarantined, 1253, 809388, , , , PUP.Optional.OrangeDefender, C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\LOCALCOPY\{9F95FB58-A63F-48A9-8352-79053907B8E4}-ORANGEDEFENDER_SETUP.EXE, Quarantined, 1253, 809402, 1.0.22220, , ame, PUP.Optional.OrangeDefender, C:\USERS\{username}\DESKTOP\ORANGEDEFENDER_SETUP.EXE, Quarantined, 1253, 809402, 1.0.22220, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention