One of the prevalent fakeAlert trojan found nowadays is ‘defender.exe’. McAfee detection is on this fakeav is FakeAlert-Rena variant.

It's icon is generally like shown below:



When this fakeAV is executed, it copies itself hidden to thelocation “%appdata%\defender.exe”, and display the window as below:


It creates a start up registry so that every time windows starts , defender.exe runs.

This trojan tends to be distributed along various channels such as emails, malicious web pages, Inter Relay Chat channels (IRC) and some peer-to-peer networks. It is also highly capable of downloading additional malware onto the infected computer system, usually from a remote internet website, which is ultimately executed on a local system.

e.g. hxxp://*****


The best practice to prevent and deal with this infection is keep a fully functional and updated Anti-virus on your machine, avoid surfing malicious sites etc.