Shug7272 Posted March 5, 2009 CID Share Posted March 5, 2009 So a girl I work with got some shit on her pc at work. Not sure what it is. It looks like a spyware removal program. Its called Malware Defender 2009. It looks just like a program that pops up and scans, its not though. Seems to be pretty new. I need help getting it off. I have googled around and it looks like it is a new version of what was called Perfect Defender 2009 which is also malware. Any help is appreciated. Link to solution - Thanks Tangle Quote Link to comment Share on other sites More sharing options...
coknuck Posted March 5, 2009 CID Share Posted March 5, 2009 Delete the program file and delete its presents in the registry! Quote Link to comment Share on other sites More sharing options...
Shug7272 Posted March 5, 2009 Author CID Share Posted March 5, 2009 Delete the program file and delete its presents in the registry! Well its not that simple, but I did delete everything I could from the PC and registry but it is coming back. Im telling you this one is a bitch. Quote Link to comment Share on other sites More sharing options...
Buntz Posted March 5, 2009 CID Share Posted March 5, 2009 Did you delete system restore too? Try deleting the program and system restore in safe mode Quote Link to comment Share on other sites More sharing options...
coknuck Posted March 5, 2009 CID Share Posted March 5, 2009 give these links a try: http://remove-malware.net/how-to-remove-personal-defender-2009/ http://www.myantispyware.com/2008/12/02/how-to-remove-perfect-defender-2009-delete-instructions/ Quote Link to comment Share on other sites More sharing options...
Shug7272 Posted March 5, 2009 Author CID Share Posted March 5, 2009 Did you delete system restore too? Try deleting the program and system restore in safe mode Already did it. give these links a try: http://remove-malware.net/how-to-remove-personal-defender-2009/ http://www.myantispyware.com/2008/12/02/how-to-remove-perfect-defender-2009-delete-instructions/ Already used these links too. Like I said the Personal Defender 2009 is a little different. The removal tools for it dont work on this "Malware Defender 2009". I have tried every tried and true trick in the book.... DANGIT!!! :tickedoff: Quote Link to comment Share on other sites More sharing options...
zalternate Posted March 5, 2009 CID Share Posted March 5, 2009 How about this page as a start.... http://www.threatexpert.com/report.aspx?md5=a33c9afba1683c2927a1cb18920be6ca File System Modifications * The following files were created in the system: # Filename(s) File Size File MD5 Alias 1 %System%conf.cfg 0 bytes 0xD41D8CD98F00B204E9800998ECF8427E (not available) 2 %System%queue.vdb 369,222 bytes 0xF5CE0E589E22755A887AD37E9ADE9758 (not available) 3 [file and pathname of the sample #1] 1,011,712 bytes 0xA33C9AFBA1683C2927A1CB18920BE6CA Virus.Win32.Fasec [ikarus] Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet o HKEY_LOCAL_MACHINESOFTWAREMalware Defender 2009 o HKEY_LOCAL_MACHINESOFTWAREMalware Defender 2009Lic * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + malwaredef = "[file and pathname of the sample #1]" so that [file and pathname of the sample #1] runs every time Windows starts Quote Link to comment Share on other sites More sharing options...
ghostmaster Posted March 5, 2009 CID Share Posted March 5, 2009 try http://www.superantispyware.com Make sure to run the updates on it first... Quote Link to comment Share on other sites More sharing options...
Shug7272 Posted March 5, 2009 Author CID Share Posted March 5, 2009 How about this page as a start.... http://www.threatexpert.com/report.aspx?md5=a33c9afba1683c2927a1cb18920be6ca File System Modifications * The following files were created in the system: # Filename(s) File Size File MD5 Alias 1 %System%conf.cfg 0 bytes 0xD41D8CD98F00B204E9800998ECF8427E (not available) 2 %System%queue.vdb 369,222 bytes 0xF5CE0E589E22755A887AD37E9ADE9758 (not available) 3 [file and pathname of the sample #1] 1,011,712 bytes 0xA33C9AFBA1683C2927A1CB18920BE6CA Virus.Win32.Fasec [ikarus] Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet o HKEY_LOCAL_MACHINESOFTWAREMalware Defender 2009 o HKEY_LOCAL_MACHINESOFTWAREMalware Defender 2009Lic * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + malwaredef = "[file and pathname of the sample #1]" so that [file and pathname of the sample #1] runs every time Windows starts Thanks man, I already found that too. The weird thing is I dont have all of the same files, just a few. try http://www.superantispyware.com Make sure to run the updates on it first... Will try, thanks. Thanks to all the replies. Quote Link to comment Share on other sites More sharing options...
tommie gorman Posted March 5, 2009 CID Share Posted March 5, 2009 Thats what she gets for letting you surf porn on her puter. Let us know how that worked. Quote Link to comment Share on other sites More sharing options...
Tangle Posted March 6, 2009 CID Share Posted March 6, 2009 Sorry if I shouldn't be posting this. I was infected with the vundo infection that causes these malware defender 2009 pop-ups on my screen as well. Found a guide here that was able to remove it: Malware Defender removal guide Quote Link to comment Share on other sites More sharing options...
Shug7272 Posted March 6, 2009 Author CID Share Posted March 6, 2009 Sorry if I shouldn't be posting this. I was infected with the vundo infection that causes these malware defender 2009 pop-ups on my screen as well. Found a guide here that was able to remove it: Malware Defender removal guide HOLY SHIT!! Thanks so much. That will do it! Fucking EPIC first post. :haha: Quote Link to comment Share on other sites More sharing options...
tommie gorman Posted March 7, 2009 CID Share Posted March 7, 2009 Great post, now that some here had to reformat. Just kidding, thanks again. And welcome to the forum. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.