• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Rogue Anti Spyware › Tutorials - HowTo › How to remove Malware Defender 2009 (Uninstall instructions)

How to remove Malware Defender 2009 (Uninstall instructions)

Myantispyware team March 10, 2009     3 Comments    

Malware Defender 2009 also known as MalwareDef2009, MalwareDefender2009, MalDefender2009 is a rogue antispyware program that looks like System Guard 2009 and Spyware Guard 2009 and uses scare tactics (display fake alerts and false positives) to trick you into buying the fake software. Malware Defender 2009 distributed through the use trojan Vundo. Once infected with trojan Vundo your computer will display large amount of pop-ups that tells you that your computer is infected and you should download and install Malware Defender 2009 in order to protect your computer.

During installation, Malware Defender 2009 configures itself to run automatically every time, when you start your computer. Once running, Malware Defender 2009 will scan your computer and reports false or exaggerated system security threats on your computer to trick you to buy the paid version of the rogue, in order to remove the potential and reported threats.

Malware Defender 2009 have included the file c:\windows\system32\wcenter.exe that will display a fake Windows Security Center on your computer that will recommend you use Malware Defender 2009. Please ignore the fake center. Use the free instructions below to remove Malware Defender 2009, trojan Vundo and any associated malware from your computer.

Symptoms in a HijackThis Log.

O4 – HKLM\..\Run: [ctfxmon.exe] C:\WINDOWS\ctfxmon.exe
O4 – HKLM\..\Run: [malwaredef] C:\Program Files\Malware Defender 2009\malwaredef.exe
O4 – HKCU\..\Run: [ctfxmon.exe] C:\WINDOWS\ctfxmon.exe
O4 – HKCU\..\Run: [loader] “C:\Documents and Settings\All Users\Application Data\Microsoft\Network\svchost.exe” /n
O4 – HKCU\..\Run: [updater] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\install.exe /u
O21 – SSODL: HardwareDrivers – {8B2C743A-D44A-4A93-8233-ABEE8BF8ED62} – C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
O21 – SSODL: DriversLoad – {3F0691F1-70E6-44A9-938A-1DC356674878} – C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\zxjcisduo.dll

Use the following instructions to remove Malware Defender 2009 (Removal instructions).

1. Remove trojan Vundo.
Some variants of Malware Defender 2009 uses trojan Vundo to install itself.

  • Download VundoFix and save the file to your desktop.
  • Once it downloaded, double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it’s done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES.
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.

2. Remove Malware Defender 2009 registry entries and files.

  • Please download OTM by OldTimer from here.
  • Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
    :processes
    explorer.exe
    
    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "malwaredef"=-
    "ctfxmon.exe"=-
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "updater"=-
    "ctfxmon.exe"=-
    "loader"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "HardwareDrivers"=-
    "DriversLoad"=-
    
    :files
    %programfiles%\Malware Defender 2009
    %windir%\ctfxmon.exe
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Click the red Moveit! button.
  • When the tool is finished, it will produce a report for you.

Step 3. Remove Malware Defender 2009 associated malware.

  • Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
  • Once downloaded, close all programs and Windows on your computer (including this one).
  • Double-click on the icon named mbam-setup.exe to install the application.
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select “Perform Quick Scan”, then click Scan.
  • MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • MBAM will now delete all of the files and registry keys and add them to the quarantine.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Malware Defender 2009 creates the following files and folders.

C:\Program Files\Malware Defender 2009
C:\Program Files\Malware Defender 2009\conf.cfg
C:\Program Files\Malware Defender 2009\malwaredef.exe
C:\Program Files\Malware Defender 2009\mbase.vdb
C:\Program Files\Malware Defender 2009\quarantine.vdb
C:\Program Files\Malware Defender 2009\queue.vdb
C:\Program Files\Malware Defender 2009\uninstall.exe
C:\Program Files\Malware Defender 2009\vbase.vdb
C:\Program Files\Malware Defender 2009\quarantine
C:\WINDOWS\reged.exe
C:\WINDOWS\spoolsystem.exe
C:\WINDOWS\sys.com
C:\WINDOWS\syscert.exe
C:\WINDOWS\sysexplorer.exe
C:\WINDOWS\vmreg.dll
C:\WINDOWS\system32\wcenter.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers
C:\Documents and Settings\All Users\Application Data\Microsoft\win.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\svchos.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\t.id
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\c.cgm
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\vwkemjwebr.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\install.exe

Rogue Anti Spyware Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

3 Comments

  1. Ben
    ― April 15, 2009 - 6:56 am  Reply

    Hey It Worked …
    Great Work .
    Thanks a Lot for the Instruction ..

  2. bulat
    ― August 2, 2009 - 4:52 am  Reply

    “Please download OTmoveIt3 by OldTimer from here.” — [404 – Not Found]
    ——–
    ;((

  3. Patrik
    ― August 2, 2009 - 6:51 am  Reply

    bulat, i have updated a link to OTM (old name OTMoveIt3)

Leave a Reply Cancel reply




New Guides

OpenCandy PUP adware
OpenCandy adware (Virus removal guide)
Press Allow to watch the video SCAM
Press Allow to watch the video SCAM (Virus removal guide)
Win new Apple iPhone 13 Scam
Win new Apple iPhone 13 pop-up scam (Virus removal guide)
MICROSOFT WINDOWS With Pre-installed Mcafee SCAM
MICROSOFT WINDOWS With Pre-installed Mcafee POP-UP SCAM (Virus removal guide)
Win SAMSUNG GALAXY S22 pop-up scam
Win SAMSUNG GALAXY S22 pop-up scam (Virus removal guide)

Follow Us

Search

Useful Guides

remove chrome extension
How to remove Chrome extensions installed by enterprise policy
Iphone Calendar virus spam
Iphone Calendar Virus/Spam (Removal guide)
Best free malware removal tools
Best Free Malware Removal Tools 2020
How to reset Google Chrome settings to default
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]

Recent Posts

How to remove/uninstall Microsoft Recovery Console
How to remove Virus Melt (Uninstall instructions)
How to remove clickfraudmanager.com redirect (browser hijack)
How to remove Antivirus Agent Pro (Delete Instructions)
How to remove ANG AntiVirus 09 (Delete instructions)

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.