Abs.Net web Page

Share Your Knowledge, Build your Network..

«
»

Malware Defender 2009, Another Malware Virus

Posted by Hari Saryono on 12 March 2009


Ever hear a program name : Malware Defender 2009?. If so, don’t try to install it on your system, because it’s a real malware.

What this program does

Malware

Defender 2009 is a program from the same family as System Guard 2009 and Spyware Guard 2009. This rogue is promoted by the Trojan Vundo infection, which displays fake security alerts and pop-ups that state your computer is infected. These pop-ups will then state that you should run an online anti-malware scanner in order to scan your computer for malware. Once you click on this pop-up, you will be brought to a page that displays an advertisement pretending to be an online anti-malware scanner. Once the advertisement is finished, it will state your computer has a variety of malware and then prompt you to download and install Malware Defender 2009 in order to protect your computer. While infected with the Vundo infection, you will constantly be barraged by these types of popups.

And this is Fake Warning Created.

Where You can Get Them

Malicious Domains that promote this rogue software are:

easywinscanner17.com (209.249.222.48)
malwaredefender2009.com (67.43.237.75)
gomaldef09.com (67.43.237.77)

I try to enter easywinscanner17.com, and here’s what i get

Suddenly a warning about my computer infected (??). Please don’t click anything (because they’ll install something if you do so). You can’t close this site or turn to other tab. The safest way is CTRL + ALT + DEL to show your task manager, and then right click your browser program name and choose : End process tree. If your task manager killed by certain virus, use this tool to enable again .

I try to enter malwaredefender2009.com (67.43.237.75) and gomaldef09.com (67.43.237.77), too, but gomaldef09 will redirect to malwaredefender2009.com. They don’t act like their counterpart above, but please don’t scan your computer using their online scanner, or else: your computer will be infected.

Symptom

Symptoms of the installation of Malware Defender 2009 are:

  • Slow system
  • Repeated warning popups windows
  • Websites that suddenly come-up on your desktop
  • “Your computer is infected by spyware” messages
  • A process named malwaredef.exe is running in your system

Files Created:

  • C:/Program Files/Malware Defender 2009
  • C:/Program Files/Malware Defender 2009/conf.cfg
  • C:/Program Files/Malware Defender 2009/malwaredef.exe
  • C:/Program Files/Malware Defender 2009/mbase.vdb
  • C:/Program Files/Malware Defender 2009/quarantine.vdb
  • C:/Program Files/Malware Defender 2009/queue.vdb
  • C:/Program Files/Malware Defender 2009/uninstall.exe
  • C:/Program Files/Malware Defender 2009/vbase.vdb
  • C:/Program Files/Malware Defender 2009/quarantine
  • C:/WINDOWS/reged.exe
  • C:/WINDOWS/spoolsystem.exe
  • C:/WINDOWS/sys.com
  • C:/WINDOWS/syscert.exe
  • C:/WINDOWS/sysexplorer.exe
  • C:/WINDOWS/vmreg.dll
  • C:/WINDOWS/system32/wcenter.exe
  • C:/Documents and Settings/All Users/Application Data/Microsoft/Media Index/Drivers
  • C:/Documents and Settings/All Users/Application Data/Microsoft/win.exe
  • C:/Documents and Settings/All Users/Application Data/Microsoft/Media Index/svchos.exe
  • C:/Documents and Settings/All Users/Application Data/Microsoft/Media Index/t.id
  • C:/Documents and Settings/All Users/Application Data/Microsoft/Media Index/Drivers/c.cgm
  • C:/Documents and Settings/All Users/Application Data/Microsoft/Media Index/Drivers/hdddriver.dll
  • C:/Documents and Settings/All Users/Application Data/Microsoft/Media Index/Drivers/vwkemjwebr.dll
  • C:/Documents and Settings/All Users/Application Data/Microsoft/Network/install.exe

Registry keys Created:

  • HKEY_LOCAL_MACHINE/SOFTWARE/Malware Defender 2009
  • HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Malware Defender 2009
  • HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run/updater
  • HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/malwaredef

Manual Removal

  1. Tools
  1. Process Explorer
  2. Total Commander
  • Procedures
    1. Open Process Explorer
    2. Kill Malwaredef.exe process name
    3. Open Total Commander
    4. Delete all program name specified in File Created above
    5. Open Regedit
    6. Delete all registry keys created above

    Automatic Removal

    If you want to use software to remove it , you can choose this one.

    This entry was posted on 12 March 2009 at 7:52 AM and is filed under Antivirus, Malware. Tagged: , , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    One Response to “Malware Defender 2009, Another Malware Virus”

    1. maspai said

      19 March 2009 at 2:36 PM

      Thanks for your information

      BAHASA
      matur nuwun infone…

      Reply

    Leave a comment

    «
    »