Monday, 11 January 2010

Malware Defense virus removal (How to uninstall guide)

Malware Defense is a fake anti-malware application. Don't install it; otherwise it may cause serious problems to your computer. MalwareDefense removal guide is stated below in this page, but first let me tell you what this virus actually does. In short, it's a scareware that displays fake security alerts and false scan results to trick you into believing that your computer is in danger and has many security problems. The rogue application displays alerts stating that you have to pay for a full version of this program to remove found infections. However, don't purchase it. This is a scam. If you have undesignedly paid for this rogue software then you should contact your credit card company immediately and dispute the charges.

Malware Defense comes from misleading websites. Most of the time, it comes bundled with Trojans or other malicious software. If there is only MalwareDefense virus installed on your PC then removal its shoudn't be complicated. But if it was installed with the help of Trojans then this malware will likely disable conventional anti-virus and anti-spyware programs and prevents you from installing new ones. In some cases, Malware Defense disables Internet connection, so that the user of the compromised computer can't download anything or search for removal instructions. Now, how to remove Malware Defense?

First of all, if you use Internet Explorer then go to: Tools->Internet Options->Connections tab.
Click Lan Settings button and  uncheck the checkbox labeled Use a proxy server for your LAN. Click OK. If you have Firefox, Chrome or Opera then use on of these browsers instead of Internet Explorer.

Malware Defense removal methods:

Method #1
Restore Windows to a previous state, when your PC was not infected. In some cases this may actually work. Read more about how to restore Windows here:
Then run a full system scan with an anti-malware application.

Method #2
Boot your PC in "Safe Mode with Networking" and run an anti-virus/malware software from there.

Method #3
Download TDSSKiller tool from Kaspersky website. Unzip file, launch it and follow the prompts. It will remve the Trojans that block anti-virus software.Then run a full system scan with an anti-malware application.

Method #4
1. Download Process Explorer from Microsoft website (rename procexp.exe to explorer.exe or for example firefox.exe before saving it)
2. Launch renamed Process Explorer. Select Security Tool process mdefense.exe and terminate it.
3. Download an anti-malware application and run a system scan. (NOTE: don't restart your PC at this point and don't forget to update an anti-malware application)

If all the removal methods stated above fail, then do this:
Bootable Rescue Disk
If your PC doesn't start up or you see just a black/blue screen and can't do anything, a bootable rescue disk may be your last chance before doing a clean installation of Windows.
Read more here: How to create bootable Avira Antivir Rescue Disk

Manual removal instructions: 
C:\Program Files\Malware Defense (delete this directory and all files in it)

Other files to remove:
  • %UserProfile%\Desktop\Malware Defense Support.lnk
  • %UserProfile%\Desktop\Malware Defense.lnk
  • %UserProfile%\Start Menu\Programs\Malware Defense
  • %UserProfile%\Start Menu\Programs\Malware Defense\Malware Defense Support.lnk
  • %UserProfile%\Start Menu\Programs\Malware Defense\Malware Defense.lnk
  • %UserProfile%\Start Menu\Programs\Malware Defense\Uninstall Malware Defense.lnk 
Remove the following registry values: 
  • HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
  • HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Malware Defense"
More information about this virus:;_ylt=AvqgeEGWQ1RgpaCjb5gGuM8jzKIX;_ylv=3?qid=20091230191247AA9BZmG;_ylt=AgrBmMKBkFNgepvYWaEUQtQjzKIX;_ylv=3?qid=20100111074106AAc9DyN 

Malware Defense removal video:

No comments:

Post a Comment