Image

Spyware "Defender2009"

Need some help fixing a computer problem, or just want to share a link to a program? Do it hear... From the PC to the CB!!!

Moderator: JR Moderator

User avatar
Secret Squirrel
Donor
Donor
Posts: 439
Joined: Tuesday, 26 June 2007, 13:32 PM
Radio: K40 CB '80s style
Name: Joe Husk
Location: Southwest Pennsylvania

Spyware "Defender2009"

Post by Secret Squirrel » Wednesday, 21 January 2009, 17:52 PM

Has anybody managed to remove Defender 2009 spyware without doing severe damage to Windows? This is the nastiest POS spyware I have come across. Reminds me of early MS-DOS boot sector viri. I was expecting to come to a website that says " Your PC is stoned. Legalize Marijuana."
Secret Squirrel

"Talking to the USA from my old pappy's CB"




User avatar
rotts4u
6 PILL USER
6 PILL USER
Posts: 58
Joined: Tuesday, 26 February 2008, 19:00 PM

Post by rotts4u » Wednesday, 21 January 2009, 18:04 PM

You need to download TWO freeware programs. One is called Super anti Spyware and the other is Malwarebytes anti malware. Then run them BOTH fully. I dont know where to find them so jsut google them. That is what I did and it worked. But you have to run BOTH and they take a while to fully scan the drives.

It works !!

User avatar
zinger827
Donor
Donor
Posts: 638
Joined: Wednesday, 26 September 2007, 16:06 PM
Radio: RCI 2970N2
Name: Mike
Location: Maine
Referrals: 1

RE Spyware "Defender2009"

Post by zinger827 » Wednesday, 21 January 2009, 18:10 PM

Secret Squirrel wrote:Has anybody managed to remove Defender 2009 spyware without doing severe damage to Windows? This is the nastiest POS spyware I have come across. Reminds me of early MS-DOS boot sector viri. I was expecting to come to a website that says " Your PC is stoned. Legalize Marijuana."
Try here http://www.myantispyware.com/2008/12/02 ... tructions/

User avatar
Buckshot1
Duckplucker
Duckplucker
Posts: 155
Joined: Sunday, 20 May 2007, 7:26 AM
Radio: Base & Mobile
Location: IN

Post by Buckshot1 » Wednesday, 21 January 2009, 18:48 PM

format c: will do the trick :D j/k

I use Spybot S&D http://www.safer-networking.org/en/spybotsd/index.html. It is good at removing most malware. It has a program called TeaTimer that will detect any new process and/or registry change on your pc and ask you if you want to allow the change. Very useful in preventing malware before it infects your pc.

Good luck!

User avatar
Black Lightning
Wordwide & Qualified
Wordwide & Qualified
Posts: 600
Joined: Wednesday, 20 February 2008, 21:46 PM
Radio: '78 Cobra 2000 GTL
Antenna: Super Penetrator
Name: Gary
Location: Mesa, AZ
Contact:

Post by Black Lightning » Wednesday, 21 January 2009, 19:30 PM

The aforementioned software (term is used loosely) installs itself as a rootkit so it is very difficult to remove from a running windows install. The superantispyware and malwarebytes does work in many cases, but not all. I personally use a Bart PE live XP boot CD and manually remove the relevant files from a corrupted/infected system. You will see files with randomly generated filenames or parts of filenames, you can generally find the affected files by using a command prompt and switching to the c:\windows\system32 (or %windir%\system32) directory and performing a DIR command (dir /a /od *.exe) (dir /a /od *.dll) (dir /a /od *.ini)...

It's pretty complicated to describe my entire process here as it would take a long time to do so, but it is a process which I have evolved from years of doing this sort of thing. My success rate using my method is 100% and it requires no 'cleanup' software at all.

Yes, I do this for a living.
Ignorance can be fixed. Stupid will present a special challenge!

Image




User avatar
NCMidnight
Skipshooter
Skipshooter
Posts: 459
Joined: Sunday, 21 January 2007, 3:14 AM

Post by NCMidnight » Friday, 23 January 2009, 18:16 PM

Kill processes:
pdefendr.exe ikbmqvex.exe

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "asus32"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Personal Defender 2009"


Unregister DLLs:
sccmsk.dll SDBHO.dll

Delete files:
c:\\Program Files\\Personal Defender 2009\\dbbase.div c:\\Program Files\\Personal Defender 2009\\pdefendr.exe UserProfile%\\Desktop\\sccmsk.dll UserProfile%\\Local Settings\\Temp\\ikbmqvex.exe UserProfile%\\My Documents\\PersonalDefender2009\\SDBHO.dll UserProfile%\\My Documents\\PersonalDefender2009\\sdcfg.dat

Delete directories:
c:\Program Files\Personal Defender 2009
c:\Documents and Settings\Bleeping\Start Menu\Programs\Personal Defender 2009


Malwarebytes should get it but if you have to do it manually this should help..
Ive been seeing this one a lot lately as well as Internet antivirus Pro there both pretty much the exact same thing only the Internet antivirus Pro is more evolved and tougher to remove.. In both cases this "software" is fraudulent concealment and the best advice I know to give you is only visit reputable URL's. If it says anything close to Brazilian_donkey stay clear. :shock:

User avatar
fatboy803
Duckplucker
Duckplucker
Posts: 188
Joined: Tuesday, 16 September 2008, 15:32 PM
Name: dwaine
Location: S Carolina

Post by fatboy803 » Friday, 23 January 2009, 20:09 PM

Black Lightning wrote:The aforementioned software (term is used loosely) installs itself as a rootkit so it is very difficult to remove from a running windows install. The superantispyware and malwarebytes does work in many cases, but not all. I personally use a Bart PE live XP boot CD and manually remove the relevant files from a corrupted/infected system. You will see files with randomly generated filenames or parts of filenames, you can generally find the affected files by using a command prompt and switching to the c:\windows\system32 (or %windir%\system32) directory and performing a DIR command (dir /a /od *.exe) (dir /a /od *.dll) (dir /a /od *.ini)...

It's pretty complicated to describe my entire process here as it would take a long time to do so, but it is a process which I have evolved from years of doing this sort of thing. My success rate using my method is 100% and it requires no 'cleanup' software at all.

Yes, I do this for a living.
Yeah I agree Black Lighting I do this stuff as a third hobby myself and the process youre speaking on is good if you know what to look for and dont delete things that you may need but when Im lazy I use ComboFix its a pretty good deep cleaning tool aswell and can be found here -> http://www.bleepingcomputer.com/combofi ... e-combofix I hope this is helpfull

User avatar
HI-TECH
Wordwide & Qualified
Wordwide & Qualified
Posts: 625
Joined: Sunday, 10 October 2004, 13:01 PM
Location: manteca california
Referrals: 1
Contact:

Post by HI-TECH » Friday, 23 January 2009, 21:21 PM

edit: fatboy's got it right... just sometimes monster.fx will corrupt your downloads and prevent you from going to certin sites, if you find combofix make sure you rename it to something else before you download it. if all else fails pm me and ill give you a link to my webserver i have it hosted too...
-------------------------------------------------------
Image




Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 2 guests