Malware Defense is a rogue antispyware program from the same family as Anti Malware. The rogue is usually distributed through the use of trojans. Once the trojan is running, it will download and install Malware Defense onto your computer.
When installed, Malware Defense will configure itself to run automatically each time when you login to Windows. Once running, the rogue will simulate a system scan and lists numerous infections to make you think that your computer in danger, is infected with a lot of worms, trojans, spyware and other malware. It uses the real names of infection to make the scam look more realistic. However, Malware Defense won’t remove those infections unless you purchase so-called “full” version of the program. Most importantly, do not purchase it! All of these threats are fake. So you can safely ignore the scan results!
What is more, while running, the rogue will flood your computer with warnings, fake security alerts and notifications from Windows task bar. Of course, all of these warnings and alerts nothing more but a scam and like false scan results should be ignored!
As you can see, this program is a scam and should be removed from the system upon detection. Please follow the guidelines below to remove Malware Defense and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [Malware Defense] “C:\Program Files\Malware Defense\mdefense.exe” -noscan
Use the following instructions to remove Malware Defense (Uninstall instructions)
Step 1. Remove H8SRT trojan (Rootkit TDSS)
Some variants of Malware Defense installed with a H8SRT trojan-rootkit that blocks the ability to run a lot of antivirus and antispyware programs, including Malwarebytes Anti-Malware.
Download TDSSKiller from here and unzip to your desktop.
Open TDSSKiller folder.
Double click the TDSSKiller icon and follow the prompts.
Step 2. Remove Malware Defense and any any associated malware.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Malware Defense infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Malware Defense removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Malware Defense creates the following files and folders
C:\Program Files\Malware Defense\mdefense.exe
C:\Program Files\malware Defense\help.ico
C:\Program Files\malware Defense\md.db
C:\Program Files\malware Defense\mdext.dll
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Malware Defense Support.lnk
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Malware Defense.lnk
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Uninstall Malware Defense.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense Support.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense ReadMe.txt
C:\Documents and Settings\comp\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk
Malware Defense creates the following registry keys and values
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defense
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense
After spending about 6 hours struggling with trying to remove this thing following other instructions I read on line, I decided to give your steps a try as a last ditch effort before resorting to running a clean reinstall of XP (system restore wasn’t functional for some reason). About 15 minutes later, I’ve got a clean machine again. Thanks!
I unzipped and double clicked the TDSSKiller but on a black box it says it does not support a x64 operating system. can anyone help me with this?
i downloaded and unzipped the TDSSkiller but it says in a black box that it doesn’t support a x64 operating system. does anyone know how to fix this? thanks in advance!
Carol, ask for help in our Spyware removal forum.
Hi, I just wanted to thank you for the software provided on this site. I got the Malware Defense on my computer, and was able to successfully get it off as well as a number of other malware’s with the software given. Thanks again!
Aaron
Hi I’m running win xp64, looks like your program won’t work with it, any suggestions, this malware defense trojan is ridiculous it even shuts down my computer every once in a while all by itself.
Mike, open a new topic in our Spyware removal forum.
Just wanted to state my appreciation after weeks of trying to fix my computer finally something that worked. Thanks!
Thank you so much for these instructions. After battling with Malware defense for 2 days- i finally came across this page and as a last resort i thought i’d try the instructions given here. WOWWWWW!!!!!!!!!! I am so thrilled that it worked. The key was the TDSS killer because i couldn’t launch malwarebytes prior to that. I changed the name and i was able to run it but though the software kept killing the various malware, it kept reinstalling itself. All malware was cleaned up only when i ran TDSS first and then ran the updated version of malwarebytes. The windows security icon at the bottom right of my desktop shows a red shield with a white X on it – but i guess that’s ok and it’s because i need to update the antivirus.
Thank you so much for sharing your expertise on this site. You helped me clean up my computer without losing any data!!! Keep up the great work!
I’m with the above statement, I love you, you complete me. haha. No seriously, this fix is awesome, almost makes me feel like “so you gotta virus, what’s the big deal”. So simple and quick. My Daughter was using an app. on facebook when she allowed something and boom, popups, porn, and blocking all antivirus and malware apps. Printed this page from my computer, took it to her computer and followed the instructions. computer froze while running malwarebytes so i had to run it in safe mode. Worked beautifully and computer has a clean bill of health. Thank you. I bookmarked this page for future reference and for family and friends.
Been having a lot of fun with Paladin ANtivirus for the last three days – NOT! The first thing it did was delete my McAfee, I bought Norton and it wouldn’t load it on properly. Managed to run housecall which sorted the TDSS virus but could not run malwarebytes – it let me load in safe mode but not run. I had got rid of some of the functionality manually – I was getting no more pop ups but it was blocking websites and I need to sort out my printer and network card when I have finished scanning. In desparation, took the advice of changing Malwarebytes name – went into its directory and renamed it “Fred”! – It is now running the Malwarebytes scanner and has found 8 infected items so far, so touch wood, throw salt and avoid ladders for me! Feeling a lot more optimistic now, since everyone seems to think Malwarebytes will work, so thanks (although I may be back if things go wrong!)
Can anyone post a link to the forum-topic explaining the tdss killer problem on x64 operating sysyems? Can’t seem to find it..
Thanks!
when i try to open TDSS killer it doesent open, it shows the loading sign but nothing happens. HELP!!
quinn, try rename it before running.
I have download the TDSS killer and extracted it onto my desktop. However when i double click it to open it an error just comes up saying that the file is infected?
Then when i open malwarebytes it does the same thing ( comes up with a security error )
Brad, looks like the rogue blocks all programs from running. Open a new topic in our Spyware removal forum. Further, download RSIT by random/random from here but before saving, in the Save dialog, rename rsit.exe to rsit.com or iexplore.exe and save it to your desktop. Run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. If it does not automatically open, then these logs can be found at %systemdrive%\rsit folder (typically C:\rsit). Post both logs into your topic.
Ok thanks i will do that now
Right i’ve loaded the logs into my topic
THANK YOU SO MUCH! IT WORKED 😀 Cheers for your help
Thank you greatly from now on I will not go to isohunt.