Malware Defender 2009 also known as MalwareDef2009, MalwareDefender2009, MalDefender2009 is a rogue antispyware program that looks like System Guard 2009 and Spyware Guard 2009 and uses scare tactics (display fake alerts and false positives) to trick you into buying the fake software. Malware Defender 2009 distributed through the use trojan Vundo. Once infected with trojan Vundo your computer will display large amount of pop-ups that tells you that your computer is infected and you should download and install Malware Defender 2009 in order to protect your computer.
During installation, Malware Defender 2009 configures itself to run automatically every time, when you start your computer. Once running, Malware Defender 2009 will scan your computer and reports false or exaggerated system security threats on your computer to trick you to buy the paid version of the rogue, in order to remove the potential and reported threats.
Malware Defender 2009 have included the file c:\windows\system32\wcenter.exe that will display a fake Windows Security Center on your computer that will recommend you use Malware Defender 2009. Please ignore the fake center. Use the free instructions below to remove Malware Defender 2009, trojan Vundo and any associated malware from your computer.
Symptoms in a HijackThis Log.
O4 – HKLM\..\Run: [ctfxmon.exe] C:\WINDOWS\ctfxmon.exe
O4 – HKLM\..\Run: [malwaredef] C:\Program Files\Malware Defender 2009\malwaredef.exe
O4 – HKCU\..\Run: [ctfxmon.exe] C:\WINDOWS\ctfxmon.exe
O4 – HKCU\..\Run: [loader] “C:\Documents and Settings\All Users\Application Data\Microsoft\Network\svchost.exe” /n
O4 – HKCU\..\Run: [updater] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\install.exe /u
O21 – SSODL: HardwareDrivers – {8B2C743A-D44A-4A93-8233-ABEE8BF8ED62} – C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
O21 – SSODL: DriversLoad – {3F0691F1-70E6-44A9-938A-1DC356674878} – C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\zxjcisduo.dll
Use the following instructions to remove Malware Defender 2009 (Removal instructions).
1. Remove trojan Vundo.
Some variants of Malware Defender 2009 uses trojan Vundo to install itself.
- Download VundoFix and save the file to your desktop.
- Once it downloaded, double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it’s done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES.
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will shutdown your computer, click OK.
- Turn your computer back on.
2. Remove Malware Defender 2009 registry entries and files.
- Please download OTM by OldTimer from here.
- Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:processes explorer.exe :reg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "malwaredef"=- "ctfxmon.exe"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "updater"=- "ctfxmon.exe"=- "loader"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "HardwareDrivers"=- "DriversLoad"=- :files %programfiles%\Malware Defender 2009 %windir%\ctfxmon.exe :Commands [emptytemp] [start explorer] [Reboot]
- Click the red Moveit! button.
- When the tool is finished, it will produce a report for you.
Step 3. Remove Malware Defender 2009 associated malware.
- Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
- Once downloaded, close all programs and Windows on your computer (including this one).
- Double-click on the icon named mbam-setup.exe to install the application.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- MBAM will now delete all of the files and registry keys and add them to the quarantine.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Malware Defender 2009 creates the following files and folders.
C:\Program Files\Malware Defender 2009
C:\Program Files\Malware Defender 2009\conf.cfg
C:\Program Files\Malware Defender 2009\malwaredef.exe
C:\Program Files\Malware Defender 2009\mbase.vdb
C:\Program Files\Malware Defender 2009\quarantine.vdb
C:\Program Files\Malware Defender 2009\queue.vdb
C:\Program Files\Malware Defender 2009\uninstall.exe
C:\Program Files\Malware Defender 2009\vbase.vdb
C:\Program Files\Malware Defender 2009\quarantine
C:\WINDOWS\reged.exe
C:\WINDOWS\spoolsystem.exe
C:\WINDOWS\sys.com
C:\WINDOWS\syscert.exe
C:\WINDOWS\sysexplorer.exe
C:\WINDOWS\vmreg.dll
C:\WINDOWS\system32\wcenter.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers
C:\Documents and Settings\All Users\Application Data\Microsoft\win.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\svchos.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\t.id
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\c.cgm
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\vwkemjwebr.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\install.exe
Hey It Worked …
Great Work .
Thanks a Lot for the Instruction ..
“Please download OTmoveIt3 by OldTimer from here.” — [404 – Not Found]
——–
;((
bulat, i have updated a link to OTM (old name OTMoveIt3)