Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Tuesday, May 10, 2011

How to Remove "Malware Protection" (Uninstall Guide)

Tell your friends:
Malware Protection is a rogue anti-virus application that runs a fake system scan and then concludes that your computer has a malware infection or serious security/privacy issues. To fix the malware infection you must pay a fee, about $50. The rogue program copies user interface elements from real programs and it looks like a legitimate application. Plenty of people shell out $50 to register this fraud and that's a big problem because if you're transacting with these guys online you're offering them your credit card details. Cyber criminals can later user that information to their benefit. You should protect yourself with common sense and legitimate anti-virus software because such fake anti-virus applications as Malware Protection now represent about 20% of all malware in circulation. If you made a mistake and purchased it, please contact your credit card company and dispute the charges. And if you still have this fake AV on your computer, please follow the removal instructions below to remove Malware Protection and related malware for free.



Malware Protection 2011 is a re-branded version of Spyware Protection scareware. I'm pretty sure we'll see a whole new set of rogue applications like these two in the next few weeks. In a common scenario, Malware Protection is promoted via infected websites that redirect users to fake virus scanners claiming to sell antivirus software. Well, it's basically a pop-up message, alerting you that your computer is infected with viruses, Trojans or even spyware. Once installed, Malware Protection will pretend to scan your computer malicious software, virus and other security problems. As you can imagine, it will state that your computer is infected. It will block other programs on your computer and will close web browser if you try to download anti-malware or anti-virus software.





It claims that your web browser or any other problem really, was infected by some form of malware that may send your sensitive information to a remove computer or make your computer unusable, e.g., W32/Blaster.Worm.
iexplore.exe can not start
File iexplore.exe is infected by W32/Blaster.worm
Please activate Malware Protection to protect your computer.


This scam has been around for some time now, nothing new. After the fake scan, Malware Protection takes you to a web page where you can purchase it.

The good news is that Malware Protection "designed to protect" can be removed from your computer rather easily. You can reboot your computer in safe mode with networking and download anti-malware tool or you can delete Malware Protection files manually.

SL55J-T54YHJ61-YHG88 you can also use this code (and any email) to register the rogue program. This will stop the annoying security alerts. And the rogue program won't blog security related websites anymore. Then download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove the rogue virus from your computer. If you have any further questions, please leave a comment. Good luck and be safe online!


Manual Malware Protection removal instructions:

1. Right click on the "Malware Protection" icon, click Properties in the drop-down menu, then click the Shortcut tab.

The location of the malware is in the Target box.

NOTE: by default, Application Data folder is hidden. Malware files are hidden as well. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.

Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmark from the checkbox labeled:

- Hide extensions for known file types
- Hide protected operating system files

Click OK to save the changes. Now you will be able to see all files and folders in the Application Data/Program Data directory.

3. Rename malicious process.

File location, Windows XP:
C:\Documents and Settings\All Users\Application Data\defender.exe

File location, Windows Vista/7:
C:\ProgramData\defender.exe

Rename defender.exe to virus.exe or whatever you like.


4. Restart your computer. The malware should be inactive after the restart.

5. Open Internet Explorer and download TDSSKiller. This malware usually (but not always) comes bundled with TDSS rootkit. Removing this rootkit from your computer is very important (if exists). Run TDSSKiller and remove the rootkit.



6. And finally, download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove the rogue virus from your computer.


Malware Protection removal instructions in Safe Mode with Networking:

1. Please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.

Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Open Internet Explorer and download TDSSKiller. Run the utility.

3. Then download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove the rogue virus from your computer.


Malware Protection associated files and registry values:

Files:
  • C:\Documents and Settings\[UserName]\Application Data\defender.exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Malware Protection"
Share this information with other people:

165 comments:

Anonymous said...

THANK YOU so so soooo much! This post helped me remove the fake Malware Protection program quick and easily

Anonymous said...

which one did you use? ^

Chris said...

Worked for me too.

My old computer didn't support wireless in Safe+Networking (documented on MS [kb/305616] may depend on 802.11 version) so I transferred MalwareBytes' via flash drive. Wrinkle: get updated rules.ref (details from MB FAQ) copied too.

Thanks - nice clear instructs.

Anonymous said...

i cant find and of the places you've said there should be files as im using vista, how do i remove it from vista? theres no documents and settings or application files.

Anonymous said...

cannot fine any file called defender.exe

really struggling to make any progress here :-(

run anti malware spybot etc in safemode

Admin said...

Please download Hijackthis. Run it and safe the log file. If you can't run HijackThis.exe, please rename it to iexplore.exe or mspaint.exe.

http://www.trendmicro.com/ftp/products/hijackthis/beta/HijackThis.exe

Then copy/paste log file and send it to me: kaur.michael@gmail.com

Anonymous said...

Hello,I have also been attempting to delete Malware Protection "designed to protect" but to no avail.

I tried running the Anti-Malware programs however nothing seems to be working. I read somewhere that this is a rogue and is only posing as W32/blaster.worm. Any suggestions?
thanks ed

Anonymous said...

I found the easiest way to stop 'malware protection' is to spam click open it's pages on the toolbar, than windows explorer will cause it to crash and shut down.

Than without opening any thing else, open your virus scanner and run it.

DO NOT open and web browsers until your scanner is completed and threats removed, as opening web browsers will restart the virus processes.

Anonymous said...

I was so stupid, i registered 'cause i was desperate to finish an online class. Anyway, I was given the exact same registration key. Wanted to call their support/billing hotline but they don't even give it. Thanks for this info, although it was too late. I'm definitely disputing the charges.

Anonymous said...

It worked for me, using Malwarebytes. Muchos gracias.

Just do as instructions say and nothing else. I didnt fnd any reg values or .exe files as mentioned in above article though.

Now to backup files and reinstall OS.

Anonymous said...

I need help finding the defender.exe file. If I open task manager quick enough I can close the process, but I cant find the actual file to delete. Im using Windows XP.

Admin said...

There should be an icon on your desktop related to this rogue AV. Right-click it and choose properties, look for file location. Or you can simply search your computer for defender.exe You can also use this serial SL55J-T54YHJ61-YHG88 to register "Malware Protection" in order to stop the fake security alerts that are really annoying. Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.

Anonymous said...

Worked well for me also. Thank you!

Dang said...

Didn't need the anti spyware as listed, went into safe mode and removed .exe file and typed in regedit using the run feature of XP to remove the registry line as listed.

My Trend Anti virus recognized this bastard of a program and is blocking it.

Anonymous said...

Thanks so much! I used Hitman and had to rename the file as you suggested. Saved me a huge headache!

Anonymous said...

Thanks to the poster who suggested spam clicking the app to make it crash. I just spam clicked the 'Activate Now' button until it said (Not Responding) in the toolbar. As soon as it said that, I quickly clicked the X in the top right to force close it.

Also once the app crashed I was able to delete the registry key and the defender.exe file, however my .exe was under the All Users folder.

Anonymous said...

This worked very well, thank you!

To anyone who cant find the documents and settings folder: do a search in (c:) for defender.exe and your computer should find it :)

Anonymous said...

thanks mate ! I was really struggling before to run EXEs. Highly appreciate your clear solution.

Warna

Anonymous said...

The Registry Key you suggested worked, and the annoying popups stopped so I could download MalwareBytes. My Computer is all good now, thanks.

Anonymous said...

Hmm, downloading extra junk seems like a waste of time. Try just doing a system restore using the last restore point. Then check for existing files associated with the malware virus. Worked for me.

Anonymous said...

You can also immediately end the operation of the virus by holding Ctrl, Alt, Del and select task manager. After that organize the "user name" tab so that your user name processes are at the top. Look down through there for a 3 or 4 letter .exe program running. Check everything line by line until you get to "local service". If you're in doubt as to which file you need to close you can right click and select properties to view more information. You should recognize all of the processes that are active and the one that doesn't belong should stick out like a sore thumb.

Anonymous said...

Thanks, Used MalwareBytes Anti-Malware, OS - Vista.

Anonymous said...

I'm having a problem with this virus. I've found and renamed defender so it no longer runs. However it's disabled my ability to install anything, I get system admin does not allow installations error, event id 1008 in events log. I've tried searching the registry for the problem but can't see it there. This is becoming a real pain.

Anonymous said...

I used SuperAntiSpyware, hijackThis, and combofix. Although I highly suggest you ONLY USE COMBOFIX if you know what your doing. I mean really know. My boss is an IT guy and he messed up a computer with it.

Anonymous said...

Since this showed up on my wife's computer she is unable to connect to the Internet using any browser, so downloading doesn't seem to be an option. Are there manual fixes for this virus?

Anonymous said...

Will AVG delete it?

Misti said...

This is what I did. I opened the file location. And renamed the file my name, because it wouldnt let me delete it with the given defender.exe name. Restarted my computer opened the filet location again and deleted the file (''myname'') & it seems to be working good. I hope it dont come back. I have avg 2011 on my computer currently to protect my laptop! I guesss these things happen sometimes!! :(

Shadow21 said...

Thanks for this advice!!!

I HIGHLY RECOMMENDED USING STOP ZILLA Microsoft scecrituy enntiels the best COMBO FIX!!!!!.

islanderx said...

THANKS! Power to computer Geeks! You guys are awesome

Anonymous said...

god bless you for the providing the solution. lost 6hrs of productivity at work today because of this issue.

Anonymous said...

well i think it worked. malwarebytes didn't get rid of it for me for some reason so i went to the file location and deleted it hope it works

j123nk said...

Thank you so much man! awesome solutions!

Anonymous said...

I'm using Windows XP. I ran Malware Bytes' Anti-Malware in Safe mode as suggested. It found 5 problems and removed them in safe mode. After it restarted this program is finding nothing in regular mode. The virus seems inactive, but the icon is still showing on my desktop. It says location is defender.exe, but I'm not finding that when I search my computer. Any suggestions?

Shadow21 said...

maybe the virus[malware proticen] installed it on your coumpter

Anonymous said...

When the UI popped up, I recognized it as a rogue and manually shut off my computer. Now, I repeatedly tap F8 during start up, but it does nothing and instead goes to a blank screen with nothing but a blinking underscore. How do I kill this virus when I can't start in safe mode (or any mode, for that matter.)

Anonymous said...

I tried Malwarebytes, but it was going to charge me to fix problem. Wasn't it suppose to be free?

spiny said...

...Windows 7 doesn't start with f8?
Thanks for the code.:)
Spiny

Anonymous said...

Hello,
I followed the instructions but when I went into safemode with networking, my web browsers weren't opening. What else can I do?

Anonymous said...

Thanks so much. I just deleted the defender.exe through "find" in safe mode and deleted "malware protection" under Run in CurrentVersion under windows, microsoft, software, HKey_current_user. problem fixed. Thanks and God Bless.

Anonymous said...

Unable to delete defender.exe in Windows, so rebooted, then hit F8 to get to the startup options. Selected command prompt. Was able to delete defender.exe from there no problem.

The file is in the c:\program data folder.

Anonymous said...

it keeps coming back! :(

Anonymous said...

I recently encountered this problem just a couple days ago and I found a solution nobody else has, of course this wasn't my idea, this was a video on Youtube. Here's what you do:
1. Go into C:\WINDOWS\system32 and copy/paste tskmngr.exe to your desktop.
2. Rename the tskmngr.exe that you copied to the desktop 'explorer.exe'
3. Double click on the explorer.exe file and it should open the task manager and end defender.exe
4. Go into Search and look for defender.exe and there should be another defender.exe with a bunch of letters and numbers added (Something like DEFENDER.EXE382aD7t)
5. If you can't find the file, my virus files were in C:\Documents and Settings\All Users\Application Data and then C:\WINDOWS\Prefetch
6. Delete both files into the recycle bin and empty the recycle bin.
After that my dad had me download something called SpyBot Search and Destroy.
If you have any questions or comments please let me know.
-Doommaster1994

Anonymous said...

Hi,
When I first turned on my laptop it kept on popping up. My battery went out and when I plugged it in (an hour 1/2 later) it stopped and now I don't get pop ups. I will say this. I spent about 3 hours trying to find the program and uninstalling things that looked like it. Should I expect to see it again? I didn't even find the defender.exe when I looked it up.

Anonymous said...

Hey there,
When the virus was active and I tried searching for Defender.exe it wouldn't find it, but it did find it after I got the virus to close. Renaming the tskmngr.exe to explorer.exe should work because explorer.exe is what lets you open the windows.
-Doom master1994

Anonymous said...

any idea on how to restore internet functionality after the removal of this? I am on Win XP SP3 still and tried the winsock fix but it is still not working.

Anonymous said...

After trying to get rid of this bug for 2 night, I tried your method and it worked like a charm. Much appreciated. P.S. I love AVG but, the scan I ran with it never even picked it up.

potsy said...

Thanks so much. I just booted in safe mode and deleted defender.exe and all is good!

Anonymous said...

it worked!!!! thanks so so so much!!!!!!

Anonymous said...

it worked. Thanks so much

Anonymous said...

I think it worked for me too.. I used Hitman free Trial version to scan my computer .... Thanks a lot

Anonymous said...

Seems the location of defender.exe can change slightly depending on which Windows you have. On my wife's Vista Home Basic, it was not in the location listed in this guide.

I found it by opening REGEDIT.EXE (in Safe mode) and reading what the value of that key is. It said "C:\Users\\AppData\Roaming\defender.exe". I went to C:\Users\\AppData\Roaming. Even though I could not list the file (even with dir /ah or dir /as), I did delete it successfully (no error). Then I removed the key as instructed. It seems to have gone away now.

Anonymous said...

Thanks man. I fixed it using the fake password. And sombody, please sue Malware that sons of pooches please.

Anonymous said...

Thanks really did help. I still used the recovery disk but this allowed the pc to actually read the disk as it was being stopped by the virus. Thanks sooo much!

Anonymous said...

I'm having problems getting into safemode after being attacked with this malware protection malarky...

I'll F8 on boot and get select Safe with Networking - the boot then begins and then stops and doesn't let me progress...

Any suggestions why it's freezing?

Thanks in advance for your help...

Admin said...

Well, I don't know why it's freezing. Reboot your computer in normal mode, then search your computer for defender.exe. File location in Windows XP:

C:\Documents and Settings\[UserName]\Application Data\defender.exe

Then just rename defender.exe to defender.vir and restart your computer. Once you're back, the Malware Protection should be inactive. Scan your computer with antimalware software to remove the remains. Good luck!

Anonymous said...

thank you for the key !

Anonymous said...

I ran my commputer in safe mode with network, but when i ran the malwarebytes scan, it said it could not find any malware.

Do you know what else i could do?

Anonymous said...

So just got the virus today... came across this blog. When i go to restart in Safe Mode with Networking, it "freezes" on the screen and says "Please wait... Checking the status of the embedded security chip...)
I have a lenova thinkpad T60 with windows xp... and this screen usually shows up when im booting up, but only for a few seconds.

I even tried renaming the file as indicated above, but no luck. Any ideas on how to fix this?

julianbeckensall said...

DON'T PAY ANYTHING TO ANYONE.

Just do this: -

An icon for "Malware Protection" has appeared on your desktop.

Right click on it and copy the "Target" without the file name (you just want the folder). In other words, only copy everything to the left of the last "/".

Click on "Start", "Run" and right click "Paste" the target folder you've copied.

In that folder you'll see a file called "Malware Protection.exe" - or something similar.

You probably can't delete it, so just "Cut" it - using your right mouse button.

Create a new folder and paste it into it.

What you've done is move the problem file to somewhere it can't find on startup.

Restart your computer. Everything should be fine now. Install some anti-virus software. I used Free AVG - which although it tries to persuade you to pay for it at very step is free..

Anonymous said...

Thanks this helped a lot, but i am curious how could I have possibly gotten it? Can I get it from visiting certain websites? Prehaps one about shaq's sex tape? Because thats where I was when this happened. I am serious btw, really want to know the answer

Anonymous said...

Instructions worked for me perfectly. I then went and renamed the shortcuts left behind and then deleted them. Did a search for the defender.exe file and was not found.

I have an HP Mini 110 netbook running Windows 7 Basic and used the first program, Malwarebytes.

Anonymous said...

Instructions worked perfectly to get rid of Malware Protection. Thanks very much!!

Anonymous said...

WOW!!!!! I will recommend this site to all my friends!!! Thank you so much!! We thought all hope was lost on our old pc, due to the malware protection virus. 5 minutes later we were back up and running! Thank you ever so much!

Anonymous said...

An easier way that I deleted it was I searched in my computer for defender.exe as the original file name, sent it to my recycle bin, opened it from there highlighted it and pressed shift delete. Seems to be gone, Im not sure if this will work for everyone its worth a shot though. I did this from safe mode with networking. Hope this will help someone.

Anonymous said...

Thanks for this. Registered malware protection w/ serial from above, then deleted defender.exe and removed the run key from registry. worked great.

Anonymous said...

Thank you for this wonderful blog. My work laptop was infected last year. I rebooted the laptop in safe mode but then the screen turned into blank and I lost everything saved in the computer (our helpdesk had to reformat the computer). Then my personal computer got infected once. I immediately turned off the computer and the malware failed to fully load. Last night, the virus infected my computer again. I deleted the defender.exe in normal mode, it did not help. But the registration code you provided is magic. Using MalwareByte, I was able to solve the problem in a couple of hours in total (last year it took me days and still the computer was reformated). Thank you!!!

Anonymous said...

Hey ppl! I got the same problem for my own. Now there were no way which helped me... Spybot had no success and the other ones either...

So if you don't find the defender.exe you have to use hijackthis ! Easy to download (free!!) and it kills safely the bad boy ;)

lg

Anonymous said...

works fine :)

Anonymous said...

Thank you soo much,I was not able to open anything on my computer at all couldnt even run it in safe mode,after searching online on another computer in the household..I came across this..I used the fake e-mail and Key code method..It got rid of the annoying pop ups and allowed me to bring up my web browser but it will not connect to the internet in order for me to install malwarebytes..Is there a way to fix this? The maleware protection is still in the task bar and shortcut on my desktop.

Anonymous said...

Yessss buy a USB key copy it to the USB, put it in computer drop on desktop install.

Anonymous said...

i found the application 'defender' and permanently deleted it. I also ran a full scan and removed 2 infections using MalwareBytes. Is this all you do to permanently remove the virus? Any help appreciated.

Anonymous said...

Thank you so much!!!!!! worked perfect

Anonymous said...

This works and was very helpful, I used hitman .5 HOWEVER, the main thing was starting in safemode which allowed me to delete the defender.exe file. Hitman found one other file which it said was a possible trojan which I also deleted. POint being you may be able to accomplish this without downloading anything just restating in safe mode an deleting the defender.exe

Anonymous said...

Thank you so much. I was able to remove manually and run a virus scan to get the rest.

mt said...

I can't seem to find defender anywhere? Any suggestions? I've gone to the web pages to download and even changed the names but it still doesn't work? Help please

Anonymous said...

What I did was I pressed Shift+Ctrl+Esc to bring up Task Manager, went to the "Processes" tab, and ended two processes with random names. This stopped the pop-ups and allowed me to access the internet. Then I downloaded Malwarebytes and ran a full scan, which found 3 infected items. Then I restarted my computer in safe mode and ran another full scan. My computer seems to be clean now.

Anonymous said...

After I opened was in safe networking mode and tried to download malwarebytes, the virus just opened up and stopped me. I'm not sure what to do.

Anonymous said...

Super big thank you...safe mode with networking followed by malwarebytes worked for me

Anonymous said...

I followed the suggestions here, and found out that the easy way were to just rename Defender.exe to Defender.vir. This file I found in C:\Documents and Settings\All Users\Application Data and then C:\WINDOWS\Prefetch. After re:boot I could access internet again, and download SpyBot search and Destroy. Big thanks everyone for good hints.

Anonymous said...

The help files in this 'software' lead back to the domain 'mww-protection.com'. Not much info on the web, but domain records point to:


Registrar: Regtime Ltd.
Creation date: 2011-05-26
Expiration date: 2012-05-26

Registrant:
Eduard Aleksandrov
Email: crisissmula@gmail.com
Organization: Private person
Address: Latishskih-Strelkov 1-48
City: Kazan
State: RU
ZIP: 420087
Country: RU
Phone: +7.8432964725

Anyone know where to take this information, or is this truly the new wild west?

Anonymous said...

U r simply a GENIUS!!!!! Thank u sooooooooooo much for info. I cannot begin to describe how thankful I am and how IMPORTANT it was to fix this. Infinity kisses to u darling!

Anonymous said...

Thank you sooooo much! I found this very useful! I HAVE to tell all of my friends about this!!

Jane said...

So, I turned my computer on in Safe Mode with Networking and then I pulled the icon on my desktop to the recycling bin and then emptied it. Does this mean my computer is clean? The reason I did it this way is because Malwarebytes anti Malware didn't pick up anything.. :/
Please help.

Anonymous said...

If you are quick enough you can run task manager and try to find "defender.exe". Click on it and press delete then enter, this will stop the program from letting you run browsers etc to download anti malware programs.

Anonymous said...

julianbeckensall said...

DON'T PAY ANYTHING TO ANYONE.

Just do this: -

An icon for "Malware Protection" has appeared on your desktop.

Right click on it and copy the "Target" without the file name (you just want the folder). In other words, only copy everything to the left of the last "/".

Click on "Start", "Run" and right click "Paste" the target folder you've copied.

In that folder you'll see a file called "Malware Protection.exe" - or something similar.

You probably can't delete it, so just "Cut" it - using your right mouse button.

Create a new folder and paste it into it.

What you've done is move the problem file to somewhere it can't find on startup.

Restart your computer. Everything should be fine now. Install some anti-virus software. I used Free AVG - which although it tries to persuade you to pay for it at very step is free..
--------------------------------

Thank you Julian. This was simple and straightforward. Worked for me. What a insidious program that "Malware Protection".
Downloaded and scanned with Malwarebytes and found 1 more infected object. Not sure if it was related.

Anonymous said...

cheers guys worked well first time!

Anonymous said...

I've got you guys bookmarked. Thanks for the help. It's good to know there are some honest people still in the world.

Anonymous said...

My son got this on his computer. When I removed it, he got it again - probably in his browsing habits since he likes watching videos he finds on search engines. Since I couldn't find what site it was coming from, I came up with another way to disable it, and make sure he couldn't get it again. The instructions are for Windows 7, but the principle will work with any version of Windows anybody is still running.

In my case, when I started messing with it, the program died and gave me control of the computer back, but if it doesn't do that, you can probably just go into safe mode (with networking) and start up with an administrative account. Go to c:\ProgramData, and find defender.exe. Right click on it and go to properties. Click the properties tab. For system, and for users, deny all privileges to the file. For administrators, deny read and execute permissions for the file. To test this, I restarted the computer, and, as expected, the program could not restart.

After the restart, I went into regedit and searched for c:\ProgramData\Defender, which, of course, led me to the entry in the "Run" key which lists all programs to run automatically at startup. I removed the entry in the registry. With nobody having permissions to execute the file it can't start even if you don't remove it from the registry, but I just wanted it to be clean.

I also removed the shortcut it put on the desktop (which is how I located the program) and the shortcut it put into the start menu.

If it recurs for anyone else, maybe you can have better luck preventing it from coming back by denying privileges.

Anonymous said...

I used Doommaster1994's advice and it worked perfectly. Thank you!

Anonymous said...

Spybot S & D did not work... also can't find the file itself...

Anonymous said...

Malware Bytes worked for me. Thank you so much

Anonymous said...

Wow. Thank's for all the help I thought I was doomed. Vista. I tried to find the easiest way. First I used the key then the email, the product registered. Right after that I did as a comment said to just restore Ur C: drive to a earlier point. That worked great. I can just tell it was a scam. Damn bastard's!

Anonymous said...

thanks!

Anonymous said...

Copy taskmgr.exe, rename to 'explored.exe'
Run, End Process 'defender.exe'
Search for defender on C:, delete 'DEFENDER.xjsjbdblahblahblah'
Now run anti-malware program.

Thanks to everyone running this site and everyone's comments!

Anonymous said...

Thanks for the help. It worked a treat. Hopefully this will be the last time I see ''Malware Protection''

Anonymous said...

Good Advised

Anonymous said...

Worked amazing !!!!

Anonymous said...

hope the bastards rot in hell! thanks for the help, just restarted in safe mode and manually deleted defender.ext and the registry one with regedit.

Anonymous said...

Thank you so much I am not a computer person but with your extremely helpful post and comments I have been able to get rid of this programme from my computer - I used the Malware Bytes software in safe mode and then found the old icon on the desktop which I have put in the waste bin and emptied - I hope we will be OK now

Anonymous said...

Okay, all you have to do really is the first step in these instructions. Start your computer in safemode when you press F8 while restarting. Then simply restore your computer from a previous date. Takes 2 minutes tops.

Anonymous said...

WoW! Thank you to everyone for all the different ways to delete this virus! It even shut down my system restore so I was unable to run that. I used Ctrl, Alt, Del and had to hold the del to get rid of the pop up box. then i was able to use my my system restore. My computer is back to normal. Thanks again!

Anonymous said...

The following really worked. Thank You.

An icon for "Malware Protection" has appeared on your desktop.

Right click on it and copy the "Target" without the file name (you just want the folder). In other words, only copy everything to the left of the last "/".

Click on "Start", "Run" and right click "Paste" the target folder you've copied.

In that folder you'll see a file called "Malware Protection.exe" - or something similar.

You probably can't delete it, so just "Cut" it - using your right mouse button.

Create a new folder and paste it into it.

What you've done is move the problem file to somewhere it can't find on startup.

Restart your computer. Everything should be fine now. Install some anti-virus software. I used Free AVG - which although it tries to persuade you to pay for it at very step is free

Remote pc said...

I'm glad to visit your blog.. Great job!!!

Anonymous said...

Amazing.....thank you so much....within minutes I got rid of it........One thing positive came out of it....I backed up my hard disk before I messed around wid the prog. Anyhow thank you sooooooo much.......

Anonymous said...

"That was easy"; I'm glad I read all of the advice on this page, thank you!. Last night this thing showed up on my computer, couldn't open AVG, couldn't do anything. I looked this subject up on my blackberry and found this page, thank God. Heres what I did: I thought I would try booting up the PC normally and typing in the code given here to register this "Malware Protection" and then try to delete the file as instructed; after typing in the email then the code, not 2 seconds passed and AVG identity protection found it and I quarantied it, it was that easy; my assumption is that by registering, it let AVG finally open to detect it and the rest is history...thank you again

Anonymous said...

Thank you so much! GREAT ADVICE!!!!! Really made my day better.

Anonymous said...

Thanks so much for this helpful post,may the authors of this worm meet a rotten end.The anti-viruses would'nt work for me cos of active x controls but if you right click on the malwre protection icon and go into properties the location of the defender software is there then just delete that sucker.
Thanks again was in a bit of a tizzy over this for a while. :)

Anonymous said...

superspyware detected it when malwarebytes did not. Worked fine for vista home basic. Thanks.

Anonymous said...

cheers!!!! great stuff! i would have jumped off a cliff if i never had seen this post! GO HITMAN PRO!!

Janelle Alexander said...

Thank you!! It worked great!! :o)

Anonymous said...

i dont understand this!

Anonymous said...

Thanks so much for your help. My OH's work laptop got infected by this. I have been warning him for years that it was only a matter of time!

But, I followed the main instructions, and went into safe mode, downloaded Malwarebytes Anti-Malware. I then found defender.exe, which had a stack of numbers after it. I changed the end, after defender to vir, as suggested by Admin on June 12th. I then updated the software and did a full scan and came out of safe mode and rebooted. It looks fine now, so hopefully it should be okay. But...if my OH dares to look at those sites on the work laptop again!!!!!

Ryan said...

malawarebytes or whatever its called i forgot lol
Worked Aweswomely , I Did a flash scan , it scanned all my registreys And found 3 of the bastards so i got rid of them aswell as some otherr malware
Thank you so much for this simple and easy to understand tutorial

Anonymous said...

Whoever posted this solution is an absolute legend :) Thanks so much! I actually can't thank you enough.. You saved me from paying a massive bill to my local 'IT expert' And I feel very satisfied with myself for fighting the virus on my own! May good things come your way in return :)

abhishek said...

It worked for me.. thank you so much... :-)

Anonymous said...

Wow i am truly grateful for your advice. Thanks

Tiggerlilly said...

Okay, so I installed SuperAntiSpyware and so far I haven't had any problems with the pop up HOWEVER, I can't find most of my files on my computer anymore. I don't know how to find my files, as they are hidden. I know they're there because when I put in my Sims cd the game will run and my old files are on the computer, however, when I go through my program files the folders are empty. Any help would be a blessing. Thanks!

Anonymous said...

Thanku so much .Bless you !!

Anonymous said...

I ran spy bot and a few others, but they didnt work. Finally right clicked on the shortcut, and found the 'defender.exe' file. Make sure you have 'show hidden files and folders' clicked in you folder options/view, or you wont see it.
I used 'Shredder' to delete it. Half Saturday Gone over this virus, but now I have my PC back.
Good Luck, I hope this HELPS.

Anonymous said...

It helped me too...just searched the defender.exe in C:...found 2 files which I deleted with pleasure...then cleared the registry entries and TADAAAA...

lingo said...

wont boot in safe mode and wont let me do anything whatsoever while turned on just says .exe can not start infected by blaster worm. any ideas?

Anonymous said...

i did all steps up to the free malware download because i have norton 360 on my computer and am using it to run the full system scan instead. Is that ok?

Anonymous said...

You da Admin! Thanks... it's GONE!!

Anonymous said...

Thank you so much this really worked for me! Keep up the help.

Anonymous said...

Thanks for the info! It worked for me, although my McAfee didnt detect it during scan i removed it manually.. what about registry, if we wont clear it from there?

Anonymous said...

Thanks for this great solution, and leading me into the right direction to clear up the problem. I found an easier way for windows vista that I used. Problem wouldn't allow me to do anything on my computer. I solved it by restarting my computer, hit f11 before lo in screen appears, this will take you into system recovery mode. Select system restore. I restored my system back to the day before I got the malware virus.. This worked perfectly for me on windows vista.

Anonymous said...

Thank you so much I really don't know what I would have done without your advice maybe spend the $50 bucks or worse...again thank you!

mario said...

Hey everyone,
S I got this virus and followed the instructions to delete it. Great. But now I have a huge problem. I have been getting the blue screen of death when I login normally. I can't go more than 3 minutes without my computer crashing. I have ran a quite a few scans with malwarebytes and mrc but cannot find anything else. Luckily I can work just fine in safemode with networking. ANy advice to fix this problem? Here is the image of the BSOD http://img96.imageshack.us/img96/8664/dscf5840h.jpg

Admin said...

Sorry Mario, I really don't know how to fix this BSOD error. You should ask the same question here:
http://answers.microsoft.com/en-us

Anonymous said...

using the registration key allowed me to kill it .When it started AVG11 detected it but could not kill it. INstalled malware bytes scanned 3 times and now I am showing clean.
On reboot searches from Firefox and IE were being redirected. Check connections and turn off any proxies FIxxed firefox but IE will not start now reinstalling IE8 for the Family. I am the firefox fan

Anonymous said...

BRILLIANT!!!!!

Anonymous said...

Thank you so much!!!!!!

Anonymous said...

Thank you so much! You helped me at the right moment!

Anonymous said...

I tried starting in safe mode with networking and doing a ctrl alt delete to see the processes, I immediately saw defender.exe running but before I can delete it, the process box disappears, I am not that computer savvy and want to attempt removal again, but wonder what is easiest?

Anonymous said...

Thanks for the help. I've been working on this for three days. I am currently running Superantispyware now and it has found 3 viruses so far. I hope this gets it done. Again, thanks for the advice!

Anonymous said...

i have removed spyware protection virus multiple times using mbam but i keep getting it again. what is the permanent fix for this

los said...

I deleted everyrhing, but cant get on the internet. Wonder if i deleted something i shouldnot have

Anonymous said...

WOW! Worked perfectly! Thank you SOOOOO much!

Anonymous said...

My viista system seems to be restored back to normal by using method posted Aug 15 at 7:12 am: using system restore f11 before booting up.

Anonymous said...

Hey your a life savor!!! Thank you so much!!!

Anonymous said...

Thank you so much! I am clueless when it comes to computers and such, but I actually did all this without my brother's help :D. I deleted the malware and my computer had restarted, I don't know what to do next, but it's working fine right now. Thank you again!

Anonymous said...

Thank you for your superb instructions! It was all the information I needed to be assured I got rid of that bumhole malware, especially when I was extremely frustrated when I couldn't even F8 my way to restarting my computer into safe mode.

Anonymous said...

thank u , renaming the taskmgr to explorer.exe and then cleaning up all the files, really worked...much appriciated.

Anonymous said...

I installed StopZilla and the malware software is now gone and everything else is available for access again. Does this meant that the stopzilla has removed the defender.exe?

I'm currently doing a full scan with microsoft security essentials and stopzilla, is my computer clear after that?

Thanks in advance!

Admin said...

Stopzilla stops the malicious process first, then completes full system scan and reports infected files. You need to click "Remove" to remove the infected files after the scan is finished.

Anonymous said...

none of this this works! I can't get anything to work.

Anonymous said...

HELPPPPPPPPPPPPPPPP Needed.
Hey there, I need serious help plz. I have this worm and basically at first when the program ran I just left it to do its thing thinking its really scanning my laptop and finding virusses. Now all I am left with on my desktop is My Computor and Rescycle Bin. I am connected to the internet but cant get to it. Pressing on start it has nothing but solitaire and a calculator. And going into all programs there is just system restore program that doesnt work. According to to my c drive space all my stuff is still on my computor i just cant see or do anything can anyone be so kind to take me threw what to do plz.

Anonymous said...

PRIVACY.EXE in c:\programdata is another name if you can't find defender.exe

Anonymous said...

thank You! your directions were very clear, and removed using malwarebyte anti-malware

Anonymous said...

The key does not work anymore.. I tried to use it but it says wrong acivation code what to do???

Anonymous said...

when i turn on my laptop(windows vista) the malware virus starts up and doesnt let me access any programs but after a while it disapears and lets me onto the internet, i find this website and download STOPzilla it allows me to download it fully but when i launch STOPzilla its says the following...
STOPzilla was unable to start!
Error code:2001
Extended error code 2
Please try launching STOPzilla again.
If you see this message again please contact STOPzilla Customer Support at 1-877-877-9944

HELP MUCH APPRECIATED

Admin said...

Did you run TDSSKiller?

Anonymous said...

Safe mode_Local Disk C_Users_James (my name folder)_AppData_Roaming_Privacy (The name it is going by now not Defender) It even has the stupid fake windows shield.

Anonymous said...

Admin,
Thank you so much for your help. And your response is also great. Please keep helping people.

Cheers

Anonymous said...

Thank you very much...you guys are awesome :)!

Anonymous said...

Hi sweet people, Check this out, I had an XP and a Vista with this lie of a problem, here is all I had to do. This worked on both XP and Vista. place your computer in safe mode with networking.Next do a system restore. That is all it took. I hope this works for everyone else. Don't forget to restore to a date before this treachery started. P.S. I love you fools so effin much. Peace Out my little jees?!@"@!)

Anonymous said...

AHAHAH to repeat THE EASIEST step...

- you right click the icon on your desktop
- you click ''open containing folder''
- you right click the icon name privacy or so...
- you simply ''cut'' it using the right click
- you create a new folder
- you paste this shit/malware in
- you rename it as fu*** nice name you can think of
- you delete this motherf***
- you enjoy a cold glass of iced tea while downloading any protection programm

THANKS TO YOU!

Anonymous said...

You guys are awesome. Could not find defender.exe on our Windows Vista so I used
"Malware Protection removal instructions in Safe Mode with Networking:" I ran the TDSSKiller utility and then used the freeware MalwareBytes anti-malware. Ran windows update, backed up and I am up and running. THANK YOU! Happy Holidays!

Anonymous said...

I did it a really simple way. make sure "show hidden files" is on, right click the shortcut for the b*st*rd thing, click properties, show file locations, delete the shortcut and application files that come up.

i did this on safe mode aswell just in case yaknow.

uh oh said...

I got this about a month ago and when the scan ran it just went away so I did the steps to remove it and it was good.

Now its back though all of a sudden and I can't get rid of it with any of these steps. I can't open the computer in safe mode of any kind because it tells me, "windows could not connect to the Sens service"... So I click OK and it sends me back to choose a user. So I can only log on in normal mode. I tried to use that registration key to make it go away but it didn't work. I can't run anything to make it go away until the scanner is gone. Help?!

Anonymous said...

THIS WORKS! Just take your time and follow instructions. The defender could be named anything. Search "protection"

Anonymous said...

Found file under isecurity.exe

Just deleted now. Will let you know!

Anonymous said...

Virus Gone!! great instructions..you're amazing..thanks for sharing your knowledge. People like you ROCK!

Anonymous said...

ty

Anonymous said...

when i downloaded spydoctor it scanned and found threats but wouldn't remove them saying i needed to purchase full software. did i do something wrong?

it also recommended starting in regular mode not safe, is that necessary?

finally while in regular mode and scanning, additional threats were posted is this just the rogue malware?

thanks in advance