Thursday, 24 February 2011

How to Remove Internet Defender (Uninstall Guide)

Internet Defender is a rogue security application that runs a system scan for viruses and reports false threats to frighten you into thinking your computer is infected with Trojans, viruses, spyware and other type of malware. The rogue program displays fake security warnings and annoying pop ups stating that your computer is being attacked from a remote machine or that additionally installed software can steal your passwords and other sensitive information. Internet Defender is a piece of malware designed to rip people off. The bad guys behind this rogue program hope that you will believe your computer is badly infected and pay for the full version of the software to clean your PC. Internet Defender impersonates the legitimate Microsoft anti-spyware program called Windows Defender. This rogue AV makes its way to the system with the help of fake online scanners and Trojan horses. It is obvious that Internet Defender 2011 is a complete scam. You shouldn’t install or purchase this scareware. And if you somehow ended up with this malware on your computer, please follow the steps in the removal guide below to remove Internet Defender from your computer for free.



Internet Defender is a clone of Security Defender. We wrote about it two weeks ago. The graphical user interface and self-defense mechanism hasn't changed much. The rogue program uses randomly names files and web browser hijacking to block legitimate security related websites and malware removal tools. Here are some of the fake security warnings it displays:
Internet Defender
Spyware.IEMonster process is found. The virus is going to send your passwords from Internet browser (Explorer, Mozilla Firefox, Outlook & others) to the third-parties. Click here for further protection of your data with Internet Defender.

Internet Defender Firewall Alert
Suspicious activity in your registry system space was detected. Rogue malware detected in your system. Data leaks and system damage are possible. Please use a deep scan option.
Although, it is possible to remove Internet Defender manually, we do not recommend doing so. First of all, it drops randomly named files into ApplicationData (Win XP) and ProgramData (Win Vista/7) folders. It could be rather difficult to identify and delete each malicious file from your computer. Secondly, Internet Defender can download additional malware onto your computer. That's why you should definitely scan your computer with anti-malware software. Last, but not least, if you have already purchased this phony security program, you should contact your credit card company and dispute the charges stating that Internet Defender 2011 is malicious software. If Internet Defender is installed on your computer, you should remove it immediately. Please follow the removal instructions below. If you have any questions or comments for us, please let us know. Good luck and be safe online!


Internet Defender removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this rogue security program from your computer. Don't forget to update anti-malware software before scanning.
    NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.


    Alternate Internet Defender removal instructions:

    1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
    Launch the iexplore.exe and click "Do a system scan only" button.
    If you can't open iexplore.exe file then download explorer.scr and run it.

    2. Search for such entry in the scan results (Windows XP):
    O4 - HKLM\..\Run: [SET OF RANDOM CHARACTERS] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].avi", DllUnregisterServer
    O4 - HKCU\..\Run: [SET OF RANDOM CHARACTERS] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].avi", DllUnregisterServer
    O4 - Startup: [SET OF RANDOM CHARACTERS].lnk = C:\WINDOWS\system32\rundll32.exe


    Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.
      3. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this rogue security program from your computer. Don't forget to update anti-malware software before scanning.
        NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.


        Associated Internet Defender files and registry values:

        Files:

        Windows XP
        • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS]_.mkv
        • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].avi
        • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].ico
        • C:\Program Files\Internet Defender
        • C:\Program Files\Internet Defender\Internet Defender.dll
        • C:\Documents and Settings\[UserName]\Local Settings\Temp\[SET OF RANDOM CHARACTERS].dll
        Windows Vsita/7
        • C:\ProgramData\[SET OF RANDOM CHARACTERS]_.mkv
        • C:\ProgramData\[SET OF RANDOM CHARACTERS].avi
        • C:\ProgramData\[SET OF RANDOM CHARACTERS].ico
        • C:\Program Files\Internet Defender
        • C:\Program Files\Internet Defender\Internet Defender.dll
        • C:\Users\[UserName]\AppData\Local\Temp\[SET OF RANDOM CHARACTERS].dll
        Registry values:
        • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
        • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
        Share the knowledge:

        No comments:

        Post a Comment