Spyware "Defender2009"

[Secret Squirrel]

Has anybody managed to remove Defender 2009 spyware without doing severe damage to Windows? This is the nastiest POS spyware I have come across. Reminds me of early MS-DOS boot sector viri. I was expecting to come to a website that says " Your PC is stoned. Legalize Marijuana."

[rotts4u]

You need to download TWO freeware programs. One is called Super anti Spyware and the other is Malwarebytes anti malware. Then run them BOTH fully. I dont know where to find them so jsut google them. That is what I did and it worked. But you have to run BOTH and they take a while to fully scan the drives.

It works !!

[zinger827]

Has anybody managed to remove Defender 2009 spyware without doing severe damage to Windows? This is the nastiest POS spyware I have come across. Reminds me of early MS-DOS boot sector viri. I was expecting to come to a website that says " Your PC is stoned. Legalize Marijuana."

Try here http://www.myantispyware.com/ ... tructions/

[Buckshot1]

format c: will do the trick :D j/k

I use Spybot S&D http://www.safer-networking.o ... index.html. It is good at removing most malware. It has a program called TeaTimer that will detect any new process and/or registry change on your pc and ask you if you want to allow the change. Very useful in preventing malware before it infects your pc.

Good luck!

[Black Lightning]

The aforementioned software (term is used loosely) installs itself as a rootkit so it is very difficult to remove from a running windows install. The superantispyware and malwarebytes does work in many cases, but not all. I personally use a Bart PE live XP boot CD and manually remove the relevant files from a corrupted/infected system. You will see files with randomly generated filenames or parts of filenames, you can generally find the affected files by using a command prompt and switching to the c:\windows\system32 (or %windir%\system32) directory and performing a DIR command (dir /a /od *.exe) (dir /a /od *.dll) (dir /a /od *.ini)...

It's pretty complicated to describe my entire process here as it would take a long time to do so, but it is a process which I have evolved from years of doing this sort of thing. My success rate using my method is 100% and it requires no 'cleanup' software at all.

Yes, I do this for a living.

[NCMidnight]

Kill processes:
pdefendr.exe ikbmqvex.exe

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "asus32"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Personal Defender 2009"


Unregister DLLs:
sccmsk.dll SDBHO.dll

Delete files:
c:\\Program Files\\Personal Defender 2009\\dbbase.div c:\\Program Files\\Personal Defender 2009\\pdefendr.exe UserProfile%\\Desktop\\sccmsk.dll UserProfile%\\Local Settings\\Temp\\ikbmqvex.exe UserProfile%\\My Documents\\PersonalDefender2009\\SDBHO.dll UserProfile%\\My Documents\\PersonalDefender2009\\sdcfg.dat

Delete directories:
c:\Program Files\Personal Defender 2009
c:\Documents and Settings\Bleeping\Start Menu\Programs\Personal Defender 2009


Malwarebytes should get it but if you have to do it manually this should help..
Ive been seeing this one a lot lately as well as Internet antivirus Pro there both pretty much the exact same thing only the Internet antivirus Pro is more evolved and tougher to remove.. In both cases this "software" is fraudulent concealment and the best advice I know to give you is only visit reputable URL's. If it says anything close to Brazilian_donkey stay clear.

[fatboy803]

The aforementioned software (term is used loosely) installs itself as a rootkit so it is very difficult to remove from a running windows install. The superantispyware and malwarebytes does work in many cases, but not all. I personally use a Bart PE live XP boot CD and manually remove the relevant files from a corrupted/infected system. You will see files with randomly generated filenames or parts of filenames, you can generally find the affected files by using a command prompt and switching to the c:\windows\system32 (or %windir%\system32) directory and performing a DIR command (dir /a /od *.exe) (dir /a /od *.dll) (dir /a /od *.ini)...

It's pretty complicated to describe my entire process here as it would take a long time to do so, but it is a process which I have evolved from years of doing this sort of thing. My success rate using my method is 100% and it requires no 'cleanup' software at all.

Yes, I do this for a living.

Yeah I agree Black Lighting I do this stuff as a third hobby myself and the process youre speaking on is good if you know what to look for and dont delete things that you may need but when Im lazy I use ComboFix its a pretty good deep cleaning tool aswell and can be found here -> http://www.bleepingcomputer.c ... e-combofix I hope this is helpfull

[HI-TECH]

edit: fatboy's got it right... just sometimes monster.fx will corrupt your downloads and prevent you from going to certin sites, if you find combofix make sure you rename it to something else before you download it. if all else fails pm me and ill give you a link to my webserver i have it hosted too...