Spyware "Defender2009"
- Secret Squirrel
- Donor
- Posts: 450
- Joined: June 26th, 2007, 2:32 pm
- Handle: Secret Squirrel
- Real Name: Joseph Husk
- Antenna: Hustler HQ-27 Magnum
- Radio: Stryker 89MC in mobile
- Contact:
Spyware "Defender2009"
Has anybody managed to remove Defender 2009 spyware without doing severe damage to Windows? This is the nastiest POS spyware I have come across. Reminds me of early MS-DOS boot sector viri. I was expecting to come to a website that says " Your PC is stoned. Legalize Marijuana."
Secret Squirrel
"Talking to the USA from my Archer Space Patrol walkie"
"Talking to the USA from my Archer Space Patrol walkie"
-
- Donor
- Posts: 58
- Joined: February 26th, 2008, 7:00 pm
- Handle: sniper
- Real Name: Emmit
- Antenna: fire stick
- Radio: RCI
- Contact:
You need to download TWO freeware programs. One is called Super anti Spyware and the other is Malwarebytes anti malware. Then run them BOTH fully. I dont know where to find them so jsut google them. That is what I did and it worked. But you have to run BOTH and they take a while to fully scan the drives.
It works !!
It works !!
- zinger827
- Donor
- Posts: 634
- Joined: September 26th, 2007, 5:06 pm
- Real Name: Mike
- Radio: RCI 2970N2
- Contact:
RE Spyware "Defender2009"
Try here http://www.myantispyware.com/ ... tructions/Secret Squirrel wrote:Has anybody managed to remove Defender 2009 spyware without doing severe damage to Windows? This is the nastiest POS spyware I have come across. Reminds me of early MS-DOS boot sector viri. I was expecting to come to a website that says " Your PC is stoned. Legalize Marijuana."
- Buckshot1
- Duckplucker
- Posts: 137
- Joined: May 20th, 2007, 8:26 am
- Radio: Base & Mobile
- Contact:
format c: will do the trick :D j/k
I use Spybot S&D http://www.safer-networking.o ... index.html. It is good at removing most malware. It has a program called TeaTimer that will detect any new process and/or registry change on your pc and ask you if you want to allow the change. Very useful in preventing malware before it infects your pc.
Good luck!
I use Spybot S&D http://www.safer-networking.o ... index.html. It is good at removing most malware. It has a program called TeaTimer that will detect any new process and/or registry change on your pc and ask you if you want to allow the change. Very useful in preventing malware before it infects your pc.
Good luck!
- Black Lightning
- Wordwide & Qualified
- Posts: 599
- Joined: February 20th, 2008, 9:46 pm
- Handle: Black Lightning
- Real Name: Gary
- Antenna: Super Penetrator
- Radio: '78 Cobra 2000 GTL
- Contact:
The aforementioned software (term is used loosely) installs itself as a rootkit so it is very difficult to remove from a running windows install. The superantispyware and malwarebytes does work in many cases, but not all. I personally use a Bart PE live XP boot CD and manually remove the relevant files from a corrupted/infected system. You will see files with randomly generated filenames or parts of filenames, you can generally find the affected files by using a command prompt and switching to the c:\windows\system32 (or %windir%\system32) directory and performing a DIR command (dir /a /od *.exe) (dir /a /od *.dll) (dir /a /od *.ini)...
It's pretty complicated to describe my entire process here as it would take a long time to do so, but it is a process which I have evolved from years of doing this sort of thing. My success rate using my method is 100% and it requires no 'cleanup' software at all.
Yes, I do this for a living.
It's pretty complicated to describe my entire process here as it would take a long time to do so, but it is a process which I have evolved from years of doing this sort of thing. My success rate using my method is 100% and it requires no 'cleanup' software at all.
Yes, I do this for a living.
Ignorance can be fixed. Stupid will present a special challenge!
Kill processes:
pdefendr.exe ikbmqvex.exe
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "asus32"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Personal Defender 2009"
Unregister DLLs:
sccmsk.dll SDBHO.dll
Delete files:
c:\\Program Files\\Personal Defender 2009\\dbbase.div c:\\Program Files\\Personal Defender 2009\\pdefendr.exe UserProfile%\\Desktop\\sccmsk.dll UserProfile%\\Local Settings\\Temp\\ikbmqvex.exe UserProfile%\\My Documents\\PersonalDefender2009\\SDBHO.dll UserProfile%\\My Documents\\PersonalDefender2009\\sdcfg.dat
Delete directories:
c:\Program Files\Personal Defender 2009
c:\Documents and Settings\Bleeping\Start Menu\Programs\Personal Defender 2009
Malwarebytes should get it but if you have to do it manually this should help..
Ive been seeing this one a lot lately as well as Internet antivirus Pro there both pretty much the exact same thing only the Internet antivirus Pro is more evolved and tougher to remove.. In both cases this "software" is fraudulent concealment and the best advice I know to give you is only visit reputable URL's. If it says anything close to Brazilian_donkey stay clear.
pdefendr.exe ikbmqvex.exe
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "asus32"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Personal Defender 2009"
Unregister DLLs:
sccmsk.dll SDBHO.dll
Delete files:
c:\\Program Files\\Personal Defender 2009\\dbbase.div c:\\Program Files\\Personal Defender 2009\\pdefendr.exe UserProfile%\\Desktop\\sccmsk.dll UserProfile%\\Local Settings\\Temp\\ikbmqvex.exe UserProfile%\\My Documents\\PersonalDefender2009\\SDBHO.dll UserProfile%\\My Documents\\PersonalDefender2009\\sdcfg.dat
Delete directories:
c:\Program Files\Personal Defender 2009
c:\Documents and Settings\Bleeping\Start Menu\Programs\Personal Defender 2009
Malwarebytes should get it but if you have to do it manually this should help..
Ive been seeing this one a lot lately as well as Internet antivirus Pro there both pretty much the exact same thing only the Internet antivirus Pro is more evolved and tougher to remove.. In both cases this "software" is fraudulent concealment and the best advice I know to give you is only visit reputable URL's. If it says anything close to Brazilian_donkey stay clear.
- fatboy803
- Duckplucker
- Posts: 177
- Joined: September 16th, 2008, 4:32 pm
- Real Name: dwaine
- Contact:
Yeah I agree Black Lighting I do this stuff as a third hobby myself and the process youre speaking on is good if you know what to look for and dont delete things that you may need but when Im lazy I use ComboFix its a pretty good deep cleaning tool aswell and can be found here -> http://www.bleepingcomputer.c ... e-combofix I hope this is helpfullBlack Lightning wrote:The aforementioned software (term is used loosely) installs itself as a rootkit so it is very difficult to remove from a running windows install. The superantispyware and malwarebytes does work in many cases, but not all. I personally use a Bart PE live XP boot CD and manually remove the relevant files from a corrupted/infected system. You will see files with randomly generated filenames or parts of filenames, you can generally find the affected files by using a command prompt and switching to the c:\windows\system32 (or %windir%\system32) directory and performing a DIR command (dir /a /od *.exe) (dir /a /od *.dll) (dir /a /od *.ini)...
It's pretty complicated to describe my entire process here as it would take a long time to do so, but it is a process which I have evolved from years of doing this sort of thing. My success rate using my method is 100% and it requires no 'cleanup' software at all.
Yes, I do this for a living.
edit: fatboy's got it right... just sometimes monster.fx will corrupt your downloads and prevent you from going to certin sites, if you find combofix make sure you rename it to something else before you download it. if all else fails pm me and ill give you a link to my webserver i have it hosted too...