Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Saturday, October 30, 2010

How to remove Spyware Protection 2010 (Uninstall Guide)

Tell your friends:
Spyware Protection 2010 is a rogue security program that gives false reports of threats on the computer. It downloads itself onto the computer without your permission and claims that you are infected with spyware, adware, Trojans and other malicious software, e.g. W32/Blaster.Worm. When you click to remove the supposedly found infections it will take you to a page where you have to buy Spyware Protection 2010. It wants about $60 to use their program for a year. Please do not fall victim to this rogue program. Spyware Protection 2010 is a scam and a typical rip-off rogue program. You should remove Spyware Protection 2010 from your computer as soon as possible. Thankfully, we've got the removal instructions to help you to remove the rogue program from your computer for free using legitimate anti-malware programs. Please follow the removal instructions outlined below.



Most of the time, Spyware Protection has to be manually installed but it may also download itself onto your computer without your permission and pop-up like from nowhere. Spyware Protection malware spread via Banner Advertisements and through the use of Trojans. It can also be a part of a social engineering scam. While this fake security program is running it will pretend to scan your computer for malware. It will claim that you have bad viruses on your computer. In other words, it will try to trick you into thinking that your computer is infected. What is more, Spyware Protection 2010 will display numerous nag screens and warnings about major security problems.


Trojan detected!
Malicious code has been detected in your system. It can
replicate itself if no action is taken.
Click here to have your system cleaned by Spyware Protection.


Just like the fake scan results, these security alerts are all fake and should be ignored. But that's not all, it will also block legitimate software on your computer and hijack Internet Explorer (in some cases other web browsers too). It will claim that a web page you're about to visit serves malicious software. Of course, that's not true.

Spyware Protection related domains: spyprotection2010.com, protectionspy2010.com.

As you can see, Spyware Protection - designed to protect is a total scam. It won't remove any infections from your computer simply because they are not there. And obviously it won't protect your computer against malware. If you have already purchased this bogus program then you should contact your credit card company and dispute the charges. SL55J-T54YHJ61-YHG88 you can use this code (and any email) to register the rogue program. Then, please follow the removal instructions given below to remove Spyware Protection 2010 from your computer for free using legitimate anti-malware software. And finally, if you have any questions or additional information about this malicious software, please leave a comment. Good luck and be safe online!


Spyware Protection 2010 removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Alternate Spyware Protection 2010 removal instructions using Process Explorer (in Normal mode):

1. Download Process Explorer and end Spyware Protection 2010 process: defender.exe.





2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Spyware Protection associated files and registry values:

Files:
  • C:\Documents and Settings\[UserName]\Application Data\defender.exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Spyware Protection"
Share this information with other people:

156 comments:

topdeep said...

Thank uuuuuuuuu, the renaming part was very useful,
the program actually renamed itself to "Defender.exe" but finally removed.

Cheers

Anonymous said...

I also got this idiot virus and really awnt to remove it. I tired process explorer to kill it all the time and searched with ESET and Spybut S&D, but this crazed thing keep on coming and making me have to do these steps all the time.
Is there a soultion to destroy this malware once and for all?

Anonymous said...

thank you so much. the process explorer did the trick

Anonymous said...

Thanks alot! Had some real problems with this one! Malwarebytes did the job :)

Anonymous said...

I got this stupid PITA and MalwareBytes took care of it!

Anonymous said...

It works! It works! Follow these instructions in safe mode and it works! Thanks.

Anonymous said...

Thank you!!!!
You are a life savior...
I escaped from format thanks to your help!!!
Thanks again!!!
Greetings from Greece!

Anonymous said...

I really, really, really hate this thing. I got it yesterday and now I can't do anything on here. It won't even let me run the malware protection program and I've been to three different sites and I even renamed this one like I was instructed to. I'm about to use the Safe Networking prompt.

Is there any other way to get rid of this? Could I buy it, then cancel my order with the credit card company AND these fools, and so I'll be free, supposedly? OR do I have to buy a new computer or even take this PC to Best Buy and have some technician help me?

I'm sorry - this is just very aggravating. I'm not in the mood to lose all of my data, you know?

Admin said...

Restart your computer in safe mode and use Windows search option to find "defender.exe". Track down the file and deleted it. Then go back to normal mode and run anti-malware software. I hope this helps. Good luck!

Lily said...

I have the same problem as Anonymous. In normal mode, the virus prevents me from starting the Task manager or Process Explorer.
However when I am in safe mode with networking (obviously it's not running) and I search for it in windows search, I can not find "defender.exe"....what gives????!!!
Thank you for your help!

Unforgiven said...

The directions worked like a charm! Many thanks!

Anonymous said...

Thank you so much. it worked. Process explorer did the trick.

Anonymous said...

After reading the instructions I tried an easier way. I clicked on start and saw the icon for Spyware Protection. Right click on the icon and then click properties then locate target. It found the program. It won't let you delete it, or drag it to the recycle bin. So I changed its name to "pile of crap". Then rebooted the computer. When it booted back up the Spyware did not open. I was then able to delete the pile of crap with no problem.

Anonymous said...

the comment above mine helped the most ..Thank You

Anonymous said...

Thanks man, a great help indeed.

Anonymous said...

It appears the virus is shutting down defender.exe as well as the anitmalware. Help!

Anonymous said...

Renaming the file didn't work for me as it just recreated itself somehow when I rebooted. However in safe mode I was able to delete the (renamed) file, and then empty the recycle bin. Rebooted and everything seems to be back to normal.

melissa said...

System restore from safe mode worked too. That made me very angry. Glad it is fixed, you wouldn't like me when I am angry. :D

Anonymous said...

I just delete THE icon in THE start menu :(
Internet doesnt work on my computer Also, THE virus block it!!
How to handle?? hELP

Anonymous said...

Thank you so much. I can solve the problem with your helpful instruction.

Lewis said...

Thank you very much! you are a godsend!

KimOH said...

We got rid of ours by logging in to WinXP as a different user, then deleting the "defender.exe" from the infected user's files. I expected it to reinstall itself, but it didn't.

Jim said...

thx a lot

anw said...

THANK YOU SOOOO SUCH !!!!! YOU ARE THE BEST !!!

But I still have a little problem .. I think the

computer is slower than before .. what is the problem ? ( please answer me ) and thanx again.

Admin said...

anw, please scan your computer with Hitman Pro. And then use CCleaner. I hope this helps. Good luck!

The shareminator said...

Thanks all. This worked for me.
Start safe mode - F8 at start-up into safe mode with networking.
Right click on the icon on the start menu to enter properties. Used find target and deleted the defender.exe. The emptied the re-cycle bin.
I downloaded and ran malwarebytes just to be sure.
Thanks again.

pieseauto said...

Merge Super...in 20 minute este Gata. Multumesc
Mult.

Anonymous said...

I followed the manual steps (Defender.exe and the REGISTRY steps) and it worked perfectly in SAFE mode! No need to download any other potentially dangerous software - just follow the steps.

Thanks.

Anonymous said...

Safe mode and MalwareBytes Free removal did the trick.
This is a particularly bad malware. Ugly. In trying to seduce me to send over my CC number, it suggested that there were all kinds of bad things loaded on my pc. Liar AND Thief.

Thank you very much for posting this information.
God Bless.

Anonymous said...

Thank you so much for providing this information! I wasn't about to buy their software to stop the attack; it was pretty obvious when I couldn't stop the program from running that it wasn't legit! I was at my wit's end, thanks for keeping me from going over the edge. Bless you!

Anonymous said...

Thanks so much! I used the 'easier way' posted above and it worked. You NEED to change the file name, not just delete defender.exe because it will come back. Thanks again!

Anonymous said...

Thank you!!!!!!
It worked like a charm ;)))))

Anonymous said...

I downloaded the MalwareBytes, and it too wanted me to buy the full version before it would even try to remove anything. I swear most spyware is made by anti-spyware software developers.

Anonymous said...

Looked at all the comments and tried most... What worked for me...
1. Boot in in Safe Mode by constantly tapping F8 as your machine starts and select any Safe Mode.
2. Select Administrator if you have an option to do so at the 'choose user screen'
3. Once the PC has booted go to Start button, right click and select 'Search'
4. Type in 'Defender.exe' in the top box (All or part of the file name)
5. Under 'Look in' box click on the down arrow and select 'My Computer'
6. Left click on 'More advanced options' and tick the 'Search hidden files and folders' (NB - really important as it can hide somewhere as a prefrecth file or similar and spawn again)
7. When the search stops, in the results panel rename any defender files to 'pileofcrap' by right clicking and selecting 'rename' - then delete the bloody thing.
8. Go to the recycle bin select all the 'pileofcrap' files and delete again.

Like I said worked for me... hope it does for you.

Jase

Anonymous said...

It looks like it has been said many many times, but again, thank you for the great directions. It is amazing how easy it is to use the internet for good and share valued info with people you will never, hear see or meet in your life.

Anonymous said...

Didn't work. Help

Anonymous said...

Thank you so much!!!! Your instructions were simple and easy. I don't know what I would have done without your help.

Anonymous said...

I went in under safe mode and downloaded MalwareBytes Free. It looks like this did the trick!

Anonymous said...

Hit with this nasty virus - but can't get into safe mode!? Win7 says F12 for boot options, tried that and F8 to no avail. Any help much appreciated!

Anonymous said...

I was another victim. I "bought" the program. I have contact them through the 1800 number they have in the websitel, and ask them to teach me how to uninstall the program.They told me I do not have to do it, they "will do it for me" and my refund will take 3 weeks to be processed. Anyway I called the credit card company to dispute the charge. But... the icon of "spyware protection" dissapired from my computer and the alerts too, but I don't if I have it hidden.
How can I check if my computer is safe now?

haidil said...

Thank you Jase. I've follow your instruction and its works perfectly. Whoever created this damm thing is really bad bad people. They try to make consumer in trouble and want to get benefit from it. If I found these people I will shoot them, cut into pieces and throw it into crocodile farm....I really really hate them!!!!

Anonymous said...

I read Anonymous on January 1st and that worked for me too. THANK YOU! Here is the advice:

"After reading the instructions I tried an easier way. I clicked on start and saw the icon for Spyware Protection. Right click on the icon and then click properties then locate target. It found the program. It won't let you delete it, or drag it to the recycle bin. So I changed its name to "pile of crap". Then rebooted the computer. When it booted back up the Spyware did not open. I was then able to delete the pile of crap with no problem."

Anonymous said...

I think I figured out a way to get this done without going into safe mode. The program will automatically run at startup and disable any other program claiming that it is infected, including ctrl - alt - del for command prompt. If you do it fast enough, you can shut it down since there is a 1 second window to react. From there, I was able to remove it using conventional anti virus, etc

Anonymous said...

WOW! Process explorer worked for me! I called my credit card company about this horse crap program and then called them 1-800-338-4926. Some man with an Indian accent answered and said that all the claims that Spyware Protection 2010 was bogus is false. He tried to "help" me by sending software updates via email? What the hell!?! Anyway, I told him that my credit card was informed and as soon as it was "posted" on my account then it would be disputed and my credit card company would not pay it. He tried and tried to get me to change my mind on the refund. I was stern, but polite and he finally refunded my money. I will still check my statement. Said I would get an email about my refund...have yet to get the refund.

Anonymous said...

Fantasic instructions, installing the Malware program did the trick! GOD BLESS GOOGLE! Thanks for the great directions!

Anonymous said...

I took the "piece of crap" advice and it worked for me too. THANKS

LisaL2u said...

I did like the post on January 1 suggested. I found the file and renamed it "piece of crap". Then I rebooted and was able to run malwarebyte and it cleaned it. I'm now scanning my computer to double check everything. Thanks for this page!

Anonymous said...

Stinky little bug! The virus wasn't allowing me to access internet or my processes through msconfig. Went into safe mode and found the defender.exe in my start up processes. Unchecked it. Then I was able to run my computer in normal mode, access the internet and download malwarebytes, which found the virus right away. Yay!

Anonymous said...

I've tried booting in both safe mode and safe mode with network. But the computer won't recognize the alt-ctl-del keystrokes. Any ideas what to do?

Admin said...

SL55J-T54YHJ61-YHG88 you can use this code (and any email) to register the rogue program. It then stops blocking other programs.

Also, you can go into C:\Documents and Settings\[UserName]\Application Data\ folder and locate defender.exe. Rename it to malware.exe. Then restart your computer and downaload malware removal tool.

Good luck!

Anonymous said...

selecting from start menu and locating then rename and deleting is very simple method & worked very well. Somebody told this, very good try , congrats & thanks- Sugu

Anonymous said...

Is there a way to prosecute the company which generates teh rogue program and make a profit from it?

Admin said...

The problem is that the cyber-criminals are mostly from Russia, Ukraine and China. They are not from the U.S. And that makes the prosecution almost impossible.

Anonymous said...

Thanks so much for the great help on the scam
spyware protection 2010. thanks to your help
I got rid of it. Your a life saver on my PC.
Thanks
Theo

Anonymous said...

Wow great help cite good job guys. the comment with the renaming the file to "pile of crap" worked for me. quick and east fix nice job.

Anonymous said...

Greetings from Gilroy, CA. Thank you for the instructions. They worked great and I'm very grateful.

Anonymous said...

Thanks alot!! This helped alot for removing that annoying spyware protection pop-up/scam. The malwarebytes recommendation worked great.

Linda said...

Thank you so much! I also once in safe mode renamed that file to PIECEOFCRAP and then deleted it from the recycle bin. I restarted my computer and all is fine now!!! Thank you!

el said...

grazie!!!!! thank you!!! =)

Anonymous said...

January 1st comment worked beautifully. THANK YOU!

Anonymous said...

Wonderful. Grazie

Anonymous said...

This post is a lifesaver! I got the malware at 1:10 PM, posting this, malware free at 1:30pm!!

Thanks!!

Anonymous said...

What I ended up doing after my wife got it, search your C: drive for defender.exe because in 7, it's not in the same place as in the directions (XP). Open regedit, and your entire registry for "Spyware Protection" because again, it was nowhere near close to what was described. It was buried all sorts of crazy deep in the registry. Delete both found files, and you should be good.

Anonymous said...

Brilliant! Thank you for your instructions! I downloaded MalwareBytes Anti-malware and I got rid of Spyware Protection. Thanks very much for your help! Thanks, Judy

Anonymous said...

Evil little bugger. Thanks for the help in getting rid of it. I just went down the route of finding the files in safe mode and deleting them as described above.

Anonymous said...

I'm running Vista. In Safe Mode, of course, I found the file name via my startup menu (Control Panel>Administrative Tools>System Configuration>Startup) There it was: Spyware Protection. Unclick that and get the address which is provided on that line (write it down). Mine was in my user file (c:user>me>AppData>Roaming)but from what I've read and tried, I think this thing keeps changing, so yours could be different. I have had the same thing before, I believe--many years ago, so it might be traded on the black market.

Woe to those who steal both money and life energy. The karma is doubly bad for both stealing and killing (2x2=4). May you be reborn lowlier than the worms that eat your mortal flesh when at last miserable death comes to take you. You will have countless eons to consider the actions that put you there. Perhaps you should consider them now.

Additionally and anyways: My McAfee expired 10 days b4 this infection and it would not let me access files needed to renew or to install listed above spyware killers.. .or my search functions or , or, or, I mean I had on handcuffs. I can't even imagine what this is like to other little old ladies my age who didn't have upper level computer training. I think prevention is best.

Anonymous said...

Thanks everyone for above comments. My daughter caught this awful problem - I was suspicious because I could not recall installing this so-called SPYWARE PROTECTION 2010 software. I simply
- logged in as a different user (no problem logging in).
- Ran vMalwareBytes Anti-malware using above link (scanned whole computer which took about 30 mins).
- Rebooted with my daughter's login. Problem gone.

Anonymous said...

just go to the folder that contain defender.exe and delete it,than delete the file at registry.

manisha said...

There is one more way i did is,, i logged off and logged in again... just when it is loading,, that time quickly opned task manager using Ctr+alt+delete (because the program is still not loaded,, i will be able to open task manager) remeber if you do little late opening task mang. Spywerer protector is going to activate and stop the task manager from opening so you have to be quick,,,, and as soon as u see the Defender is task pan, click End task button... and Tadddaa......... program will not load,,, and now you will be able to open MSCONFIG from run menu,, and go to startup tab and uncheck the Program Detector from the start menu,,, next time u start up its not going to load ! and then you can use free spywere remove software and Delete it !!

I wish i can file case on that kind of fake virus creating and antivirus scanning companies..........

well good luck

Manisha

Judith said...

I can't remember if I tried logging in as a diff user. Well, I won't go get it again so I can try that!!! I could NOT use search function from any way I tried; it was completely disabled. That is why I had to go into the Startup settings to find the file name as well as un-choose it.Install program also affected and no way to install malware (we can't always acquire something else to fix us LOL) That was on Vista, so who knows? I still think this virus has different versions running out there. Pretty scarey.

Stevo-sama said...

Eureka, this worked on Vista...I did NOT enter the registration code/email, just went straight to 'safe mode networking' and Malwarebytes worked on the first shot, as detailed above.

I am using McAfee, it does no good. After the reboot, Malware will be disable (which is fine) as MacAfee won't allow two systems to run simultaneously.

Don't try McAfee for help, they will charge you $90, even if you are a subscriber. Send your money to this guy instead.

Anonymous said...

malwarebytes worked

Anonymous said...

Eureka continued - by the way, spybot s&d did not recognize this, but malwarebytes fixed it no problem. Awesome advice.

Anonymous said...

Using System Restore from Safe Mode worked for me.
Thanks for all your help.

Anonymous said...

I FREAKING LOVE YOU!!!!!!!!!!!!!!!!!!

Anonymous said...

LIFESAVERRRRR!!

Anonymous said...

total life saver!! renamed defenfer.exe and deleted it! make sure you delete it out of regedit too!!

Anonymous said...

Thank you so much for posting this. I freaked out when the Spyware Protection thing popped up and closed all my applications. I rebooted but it came back and disabled nearly everything. I looked it up on another computer to see if it's a scam, and this blog post was one of the first hits. I followed the directions and am now malware-free. Malwarebytes will help me stay malware-free.

Anonymous said...

What irritated me the most about getting this... I was looking up PS3 game stuff for my husband using the second thing recommended in my Google

Trying out MalwareBytes with Spybot to hope for the best

alan said...

i tired all and it still doesn't work...seem software designer is getting smarter...can someone help please

Anonymous said...

Thank you so so much.

Anonymous said...

malwarebytes didnt help me!!!

Anonymous said...

I have GiPo@MoveOnBoot installed on my XP machine which got this virus. The defender.exe file couldn't be deleted normally as was in use. Using the shell gipo@fileutilites -> delete on next boot, I set it to delete defender.exe, which it did on reboot. Then using Spybot -> tools (in advanced mode) -> system startup I was able to remove associated Spyware Protection defender.exe startup registry value.

Anonymous said...

Thanks for taking the time to post this.

Anonymous said...

Oh man...its finally gone! I did it with the safe mode networking when you have to press F8. Because the other options were not accessible for me because spyware protector wouldnt let me use it! that thing is a scam!!!! Its thanks to this website that my computer is working normally now

Anonymous said...

hi , i need help please , i can't find defender.exe , and i tryed locating it but there was nothing , i dont know what to do please help me , heres my e-mail , ohmaid15@yahoo.com , and help from there , thank you for your time :).

Anonymous said...

what a freaking scare, I wast close to go to Walmart and buying another laptop.... I just would like to know how the hell this kind of virus get into the computer ?? is there any logic explanation??

Josh said...

Thank you for the detailed instructions. Isn't there a law against this kind of thing yet? Is there any way to block it. In theory Vista is supposed to tell me when a .exe program is being run but apparently not this time.

MikeGalenkamp said...

It was unnerving when it popped up, and it tries to look like a windows program too! I knew it wasn't, so I took a similar approach:rebooted in safe mode, and did a system restore.

Anonymous said...

I sat at my desktop for hours fighting with this monster. It took me a while to get my safe mode to work but it definitely did the trick!

Anonymous said...

GRACIAS, GRACIAS Y MIL GRACIAS. SE ME INSTALO EL SPYWARRE EN MI ORDENADOR. Y DESPUES DE ENTRAR EN UN MONTON DE PAGINAS PARA DESINSTALARLO, LO HE CONSEGUIDO CON SUS INSTRUCCIONES.
ENTRAR EN SAFE MODE CON LA TECLA F8 Y ME HE DESCARGADO EL MALWAREBYTES ANTI-MALWARE. REINICIO EJECUTAR EL PROGRAMA EN MODO NORMAL Y DESAPARECIO EL MALDITO VIRUS. YA PUEDO USAR TODOS LOS PROGRAMAS Q ESTABAN BLOQUEADOS. Y NO SOY UNA EXPERTA EN INFORMATICA, PERO LO SIGUIENDO ESTOS PASOS LO HE CONSEGUIDO. MUCHAS GRACIAS DE NUEVO

Anonymous said...

I got this 3 hours ago, 2 hours of stressing and not knowing what to do, then came across this website. I used malware bytes (via safe mode with networking) and it did the trick.

I'm 17 and was stressing more then I've ever stressed before. Thank you so much for this website, I'm going to add it to my favorites just in case for future needs :) haha!

Anonymous said...

Thxs for this post. I just entered the software code and registered. Put my netbook to factory settings to make sure it free from software. About time someone shut these people down that make life hell.

Anonymous said...

Thank you sooo much you have no idea how appreciative i am tht i found this thank you so much my laptop is actually funtionable tjis damn program wouldnt let me do anything even open my own antivirus so i couldnt get rid of it and now its gone and im allowed to go on my laptop like i was begfore thank you so much u have noooo idea thnx

Stephen said...

I just got this today. Never came up as Defender, only as Spyware Protection. The renaming thing seems to have worked though.

Anonymous said...

I Think it's over!, Thank you very much :). Only one thing, now windows blocked a startup program call ehTray.exe. I don't know what to do :S, i hope it is not a virus.

jk said...

i managed to get rid of the bloody thing on my windows 7 by going to the start button, clicking on properties of the damn thing, and after locating the defender.exe, i managed to delete it without any problems..all in safe mode of course. thanks to all those that contributed!

Admin said...

ehtray.exe is the tray bar process for the Microsoft Media Center. It gives you easy access to the digital media manager. It's not a virus.

Anonymous said...

I want to marry you! thanks bro! That worked great!

Thanks from Canada!

X said...

Thank you!!!! Thank you!!!! Thank you!!!!

I did the following:

START
Right clicked the Systems Defender Icon
Clicked Properties
Clicked go to Location
Change the name to fuckyou.exe
Shut my computer down
Booted back up
And deleted that piece of shit into the recycling bin.
*You must go to the 'target location' not just delete the shortcut!!

Thank you to the author and all of the comments! I've been battling with this piece of shit for 4 hours-- until I came across this beauty.

Thank you.

Anonymous said...

THANK YOU!!!!!!!
I was starting to get worried, until i saw some brilliant comments above. I did the following:

1. opened up the start menu (using Vista)
2. saw the icon for the damn spyware protection, right clicked on it and went to properties
3. changed the target location from defender.exe to pileofcrap.exe,(leave the other words there)
4. rebooted/restarted my laptop, when i logged back on, THE DAMN THING DIDN'T OPEN!!! :D
5. went back to start, right-clicked on spyware protection again, but the icon had changed
6. Sent it to the recycle bin, then went to the recycle bin and deleted the crap. Last step, i used my windows defender to clean up one last nasty trojan the virus dragged in.

THX to all helping me defeat the virus. Wasted 3 hours on the damn thing. If it ever comes back, i know what to do :)

Anonymous said...

It wasn't as straightforward as described above. First you need to download the Process Explorer (in my case, I had to download it to another machine and transfer it to my infected PC because this piece of crap virus wouldn't let me on the internet. Then, I finally figured out that I had to use the Process Explorer to kill the process called "Defender.exe". Once I killed it, I had to use the MalwareBytes Anti-malware download (again, I had to transfer it via a thumb drive from one machine to another) to clean up the machine. Whew! What a scare this has been.

begsnachin said...

ok so I already deleted the incon from my recyle bin before i ever saw this thread. soooo....i can't do what the last couple of people did. What should I do?? It's preventing me to run any program I download.

Anonymous said...

safe mode and malware worked for me but the icon is still in the bottom right hand corner how do i get rid of that ??

Anonymous said...

Many many thanks - it was 'malware protection' I gotand this sorted it. Superb!.

Anonymous said...

YESSSSS!!!!!! I FINALLY KILLED THIS BEAST!!!!

THANKS EVERYONE!!!

Anonymous said...

I had to use my laptop to find this article because the malware disabled my PC in every way, no email, no internet, no programs and no way to do anything but after reading this on the laptop i put your solution into practice and it worked like a charm, thank you so much for a great way of moving this nightmare application.

Tom said...

I can't find anything in the registry, is there anywhere else it may be hiding? Or is there a program that could find it for me? I've followed all the instructions above but just can't see it.

Thanks for all the excellent advice everyone, was genuinely worrying that my laptop was about to crumble!

Anonymous said...

deleting it didnt work since it was never found. so what i tired next was system restore and i restored my system to a checkpoint the day before and it is gone now. so if deleting it didn't work i suggest using system restore.

Anonymous said...

After reading the instructions I tried an easier way. I clicked on start and saw the icon for Spyware Protection. Right click on the icon and then click properties then locate target. It found the program. It won't let you delete it, or drag it to the recycle bin. So I changed its name to "pile of crap". Then rebooted the computer. When it booted back up the Spyware did not open. I was then able to delete the pile of crap with no problem.

^^^^^^that guy's comment helped the most. Also, if you run a search through "my computer" you will find something with defender.exe in the name and you can see when it was last modified which should be when you last ran your computer not in safe mode. that might help

Anonymous said...

Boy was I lucky to get into F8 & System Recovery. I just happened to set a Restore point on my Windows 7 Ultimate. I've had never set one before, nor was there any earlier point for me to go to.
Gr8 input from u guys.

The Mistress said...

Thank YOU! Your instructions worked! Thank you . Thank you so much ! Will follow your amazing blog !Thank you again

Anonymous said...

thank you soooooo much!!! but i want to know which is a good FREE anti-virus???

Anonymous said...

Thank you guys so much! I tried everything before finding this site. This thing was hidden so well. I couldn't find it anywhere. This thing had almost completely shut my boyfriends laptop down. This safemode is what worked for us. I've now installed AVG free antivirus on his computer so we shouldn't have a future problems.

Anonymous said...

like a idiot i tried to buy the software and ended up putting my CC #, what do you think will happen.....

Admin said...

You should contact your credit card company they should know what to do in such situation. Please be advised, if you pay for this phony security software, you will subjected to monetary theft, or in a worst-case example, ID Theft. There is no guarantee that your credit card details aren't going to be sold to other third parties.

Anonymous said...

Would AVG free antivirus work as well to get rid of it?

lewisgoodnight said...

i got rid of it by when it came on i went onto task manager even though it usually doesnt let you on it and i stopped the program and it got deleted
I've had this twice now!!

Anonymous said...

hey. i won't be able to tackle the problem for a good few hours. so i've turn the computer off, will this stop the virus temperay from getting to my files. sorry im not very computer savvy.

Anonymous said...

i used the safe mode f8 and downloaded malwarebytes and it removed four trojan thingies, and now my computer is back to normal. thank you so much for your help. I hope it doesnt come back, what a bunch of stupido freakshows. i hope that whoever made that stupid virus program gets their share of karma, stupid idiots. I SPIT IN YOUR FACE!

Journeyer said...

It worked removing it manually.
I didn't even need to reboot on safe mode, I just needed to be really fast to open the task manager, select it and click "end task" before it shut down the task manager (it shuts down a lot of programs).
Once disabled I searched for defender.exe, renamed and deleted it.
Thanks for the help!

Anonymous said...

Hugely appreciate this advice. You have saved my night's sleep.

Anonymous said...

I'm not a computer person but I tried this and it actually worked. Thanks a million!

Anonymous said...

ARG >n< IT WONT WORK >:O I've tried it all D: WHAT DO I DO Im scared It keeps making this kinda chain saw noise Then it pops up saying Fire Wall Warning and saying that my files have leaked onto the internet .WTF And I deleted Files with the sam icon it has and I'm Not sure if that was right because when I did that it didnt do anything OMG I just want the load of crap gone and off my Labtop >:O When I went to safe mode I couldnt find any file with the name of "Defender.exe" and I HAVE THE STUPID FAKE "anti virus" D: ARGG please help me ..

Anonymous said...

Worked beautifully! Upboats for you!

Anonymous said...

I tried a few of the suggestions but it seemed as though the thinjg was cutting power to the computer when I tried a fix i.e. running Malwarebytes. This even happened in safe mode.

I then managed to end the process "defense.exe" in task manager by opening it as soon as the computer started in normal mode. After that, I could run Malwarebytes and also manually delete the defense.exe program. Hopefully this is the end of it all. Thanks for the advice.

Anonymous said...

Hi I need HELP ASAP! I just purchased that piece of crap. How do I get my $60 back and how do I get rid of this virus? It doesn't say Spyware Protection as the title on the scan, it says Malware Protection. I believe it's the same thing though. Looks exactly the same.

alexn said...

READ ME

patience is a virtue, indeed

i have windows xp,

all you have to do is reboot to safemode

search for ' defender.exe '

find it and delete it

then to confirm that it is deleted do the following in the order written!

1 - download and install CCleaner from Piriform, http://www.piriform.com/ccleaner/download/standard

2 - download and install Malwarebytes from Malwarebytes.org

3 - download and install Spybot Search and Destroy from http://www.safer-networking.org/en/download/index.html

4 - download and install Avast Antivirus from http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

after downloading and installing all software, run each in the order written and scan your system

first, with ccleaner, analyze and clean everything, run the registry cleaner, and in tools under startup remove everything

following this, run malwarebytes, scan entire system

following this, run spybot, scan entire system

lastly, run avast, scan entire system

in conclusion, stop visiting bad sites, i was looking to tweak my xp and instead got this nasty thing

always have the fantastic four apps running!

also this is why i truly despise windoze overall, hence i stick to Ubuntu, not to mention ubuntu can fix anything that goes wrong with windoze

long.live.linux

Anonymous said...

I rebooted in SM w/Networking, already had Malwarebytes, ran it, it found the rogue software and deleted it. THANK YOU so much for your help.

Guido said...

All attempts to remove Spyware Protections is being stop. Please can someone help me!!!

Anonymous said...

"Process explorer" is the only thing that would allow me to end defender.exe. Thanks so much. What a NASTY NASTY bug. Very evil.

Anonymous said...

Thanks a lot! All was lost until I found this page. Thanks again!

Anonymous said...

THANK YOU SOOOOOOOOOOOOOOOO MUCH!!!!!!!!!!!! Finally....get rid of that nasty thing........

Anonymous said...

Thank you so much I am grateful may God bless you

Anonymous said...

Started in Safe Mode with Networking then installed Malwarebytes. Ran Quick Scan which removed part of infection. This allowed me to restart in full mode. Then ran full scan which removed rest. Sloved problem. Many thanks to you & Malwarebytes

Nikka said...

There's a reason it's called scareware... because it really can be scary!!!

Appreciate this post and the comments so much. Did the safe mode + search (defender) + delete + empty recycle bin + regedit tip. when i restarted in normal mode, it seems to have done the trick. Scanning with antivirus software right now, just to make sure.

Thanks, guys.

Anonymous said...

On Vista, the Defender.exe file hides in C:\Program Data\Defender.exe Program data is a hidden file so you have to enable hidden files in your "Folder View" options to find it. This tricky little bug also likes to place the "Everyone" group on to the security ACL's on your important syslem folders. This will not allow you (even if you are the system admin) to view those folders. Simply rempove the "Everyone" group and you will be all set.

Anonymous said...

Spybot failed but Malwarebytes did the trick.

Anonymous said...

thanks!! renaming it is very useful!!!

Anonymous said...

Thank you so much!!!!! Your instructions were so helpful and easy to follow. I was unable to do anything - even start in safe mode - until I entered the product registry code you listed. Once I did that I followed your instructions and rebooted in safe mode with networking and downloaded Malwarebytes. I had Spybot already and it didn't fix the problem. Malware Bytes totally removed it, then I deleted the shortcuts by looking in the start menu for the icon like suggested in comments above. Phew!

Anonymous said...

Thanks much! Also ended up deleting the .pf files in the Windows-->Prefetch folder that were created when stupid defender.exe downloaded itself. Very annoying now that Google searches/image search is being attacked by these annoying pricks. Can't even do a decent image search anymore =____="

Anonymous said...

I'm running Vista and doing the Safe Mode w/ command prompts Boot up with the Malware, but the laptop keeps shutting down minutes into the scan. I have tried doing the same under a different user account and same. How can I keep the laptop from shutting down? Any advice is appreciated.

justme said...

I'm so thankful to have found this site. Fortunately, I have more than one computer, so I was able to hop online and Google my problem. Kudos to yo!

Anonymous said...

Hey all. PLEASE PLEASE can someone help me. I can't run Safe Mode on my netbook for some reason, it's just not an option no matter how much I press f8, it offers tech guys recovery or normal set up. Like everyone else I can't get onto the internet to download anything. I stupidly deleted the icon off my desktop before seeing this thread so can't rename and then delete. I'm really getting upset, I have so much work that would be lost if I can't get rid of this bloody thing. Does anyone have any suggestions???

Anonymous said...

I'm confused. Too many instructions.

Klinc said...

OMG THANKYOU SO MUCH >_<

I was so scared when I had this problem but decided to look for a way to get rid of it myself before taking it to a shop for help.
Then I came across this site and managed to get rid of it following your instructions :D

Seriously thankyou so much XD

Anonymous said...

Have been working on my daughter's netbook which runs Win7 for the past few hrs as it seems it has this very ugly and nasty thing. What worked (I hope): restart computer in SAFE mode (no networking). Then I was able to use the system restore and selected the earliest date. The computer restarted itself and I was able to finally download antimalware. Running it now, fingers crossed!!!!!

Anonymous said...

OMG i'm not even sure if i even deleted the thing
HELPPPPP i quarntined everything but i cant post log because of the letter limit.... HELPPP!!!!!!!!!!!!!!!!!!!!!!

Anonymous said...

The little gits who wrote this need to be extracted from their selfish little lives and strung up by the short-and-curlies. Evil nasty little vermin they are. They are probably making a fortune out of running this 'protection racket' and those things are illegal. Where are the governments in tracking them down and locking them up?

I eventually found defender.exe in the C:\Documents and Settings\All Users\Application Data. I renamed it as suggested.
I also found a "defender.exe-0E5F80C9.pf" in the windows prefetch folder so I shot that as well.
Then I went to the start/run and ran REGEDIT and did a search for defender.exe and, sure enough, it identified itself as malware protection so I deleted that key.

To get to this stage (as I couldn't find it in safe mode) ... I booted normally and repeatedy did Ctl-Alt-Del until I could ge TASK MANAGER running ... then hovering one finger over the delete key ... I kept pressing the D key until defender.exe appeared and was selected and quickly hit delete with my other hand. That killed the process and allowed me to track down the files mentioned above in my leisure. Running virus program now.

Still angry that little gits with such talent don't have the morale fibre, backbone, and decency to put their talent to productive use.

Anonymous said...

I just rebooted and logged in as Administrator in Safe Mode. Staring me in the face (right on the Desktop) was a shortcut to Defender, so I rightclicked and found out where the program was. Rename or delete defender.exe, and the nightmare was over except for the cleanup.

Normally I'm against Capital Punishment, but I'd be in favour of using people convicted of scams like this for painful and unnecessary medical experiments in teaching hospitals.

Anonymous said...

Easy solution for Windows 7 (tried it today)

Defender.exe was in C:/users/myname/appdata/roaming

I could rename and move the file, so i did both, but could not delete it, because the resident in ram virus had it

So, after raname and move immediately reset the PC, next time you open the virus wont be active, delete the file and is over

Anonymous said...

I have a quick and simple question. Instead of spending so much time coming up with ways to remove and repair damage caused by these people why not physically locate them and publish some names and addresses. When they are six feet under they will not infect anyone's computer.

Anonymous said...

Ok so when I deleted defender.exe and used Malwarebytes. After I rebooted my computer an logged as the administrator, I can only see the icons but I don't see any FONTS. I also can use the start menu.....PLEASE TELL WHAT TO DO!!!

Anonymous said...

I followed the advice of jase renaming it pileofcrap etc and it worked!!! Its best to do it all in safe mode with networking. Thanks to everyone who has posted helpful info. i freaked and then realised this is not a windows program.

Anonymous said...

You guys are great, I managed to kick this nasty critter off my laptop, using the safe mode and rename technique. Running full scans now

The people that create these malicious programs should be removed from society.

Anonymous said...

Hi guys NONE these steps worked for me. I ran malware and spybot. I could not find defender exe to delete. After hours of trying I searched "internet security" sure enough I found the program. I renamed it to f this, got into safe mode and deleted, I then emptied the recycling bin.

Restarted and voila no more annoying program. Looks like they just changed the file name, keep trying don't give up until u remove this crap!