Perfect Defender 2009
Perfect Defender 2009 misleads computer users to download this bogus security program by redirecting web browser to its website, issues alert messages about a threat and forced them to download and register the program. Perfect Defender 2009 should be remove from computers immediately before it pose additional harm.
Aliases:
-
Risk Level: Medium
File Size: Varies
Affected System: Windows
Common Symptoms:
1. It will display warning messages to mislead computer users.
To help protect your computer, Windows Firewall has blocked activity of harmful software.
Do you want to block this suspicious software?
Name: Spyware.ISpynow
Risk Level: High
Description: iSpynow is a Spyware program that records keystrokes and takes screen shots of the computer, stealing personal financial information.
2. Infected computers internet browser will be redirected to the following websites:
- perfectd-review.com
- defender-2009.com
- defender-review.com
- defender2009.com
1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as “default” only
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.
Note: Some malware may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.
I have the Perfect Defender 2009 virus. I ran malwarebytes twice on my computer, and the pop-up bogus security allert still shows up on my desktop. Do I need to reboot after the scan? How do I get this off my computer? Any help would be greatly appreciated.
Same problem, NOTHING seems to work! Been working on this for 20 hours without sleep! Run malwarebytes many times, both normal and safe mode, over and over. Any help would be greatly appreciated. Trying everything I can find, and it’s been helpful to an extent, but the pop up continues. — Originally it would block all anti spyware/virus software, finally got rid of that from downloading programs on another computer, putting them on a flashdrive under different random names. Also it was blocking all websites related to anti spyware/antivirus.. and now that’s fixed.
All that seems to be left is that annoying bogus security alert to Perfect Defender 2009, and the homepage of Firefox and IE being bogus. Any ideas? Thanks
I just found and deleted components the file was under c:/users/owner/appdata/roaming..
the first 6 folders each contained a file that was associated with the same date of origin. I found this by going to msconfig and disabling all selections and then reapplying one by one until problem reoccured. the primary file was an application called wincore. it has a icon similar to windows defender (world behind firewall)
It will not let you delete these files so you must reboot your machine in safemode (f8) and then delete these files.My wincore was located in C:/users/owner(you)/appdata/roaming/google. You also may look in “local” instead of roaming.
Tim’s instructions worked for us. Thank you.
I see that Tim’s instructions work but I don’t understand what to do. I’m obviously not very good with computers. Could you please explain step by step? I would really appreciate it. If I dont get a response soon I’ll have to take my computer to the shop to get this thing removed. I can’t find anywhere else online talking about this. Thanks.
Tim,
For those of us that are computer illiterate, exactly where do I find the files you mentioned?
This is how I got rid of mine:
Start your computer in safe mode (while the computer is booting up hit f8 (in xp it will ask you what operating system you want to load and at the bottom of the screen have instructions for opening in safe mode)
go to start/Run and type msconfig and then click ok.
click the start up tab and then look for a process whose file location is similar to the one tim posted (C:/users/owner(you)/appdata/roaming/google) mine was located in C:\Documents and Settings\Temi Giwa\Application Data\Google (note Temi Giwa is the user name it could be any name)
WRITE LOCATION DOWN!
deselect that process and restart your computer.
when your computer loads run internet explorer to check if it is the right process. if it is it should go directly to your regular home page.
If restart in safe mode and try another process until you find it.
WHen you find it go to the file location. NOTE: application data may be a hidden file. If you can not find it, on the file menu go to tools/ folder options and then select the view tab.
Make sure the show system files checkbox is selected and the show hidden files and folders radio button is selected.
Back out of the folder and then go back in. you should be able to see the application data folder now.
locate the bad file and delete it (remember to empty your recycle bin when you are done as well.)
NOTE some of these files are neccessary for your computer to run. Please do not delete a file unless you are ABSOLUTELY sure that it is not a neccessary file)
After all this your computer should be clean from this nasty virus!
Thanks for your help. I tried but couldn’t get it to work. I really don’t know what I’m doing and am so afraid I’ll mess it up. I think I’ll just take it to the shop. I couldn’t find the hidden folder thing. I don’t understand it and don’t know how to do it. I may try again. I’ll update you. Thanks again for taking the time to try to explain it. I’m slow…obviously :)
Okay. I got it!!!!! But I still have a ‘Perfect Defender 2009′ thing when I open programs. It gives me the option to uninstall it but I’m afraid to mess with it. I’ve got no more popups though.
I did it!!! It’s all gone and I’m so proud of myself. Thank you, thank you, thank you.
i got rid of the files, but i’m still getting the popups. i need help!!
HI HOW CAN I REMOVE PERFECT DEFENDER FIREWALL ALERT SOMEBODY CAN HELP ME
i’ve did what Tim said, and even looked for recent uploaded files, deleted them, and i still get this crap!! someone help me!!!
Tim,
Thanks to you I figured this out and removed it. I can’t believe how much trouble I was having with this, especially for a person with as much computer experience as me (and w/ a BS and MS in CompSci). I don’t know how I got this, I am extremely careful and I have never had a virus or spyware installed on my machine before (although I’ve removed both of these from friend’s computers on numerous occasions). I was amazed that I couldn’t even find a process running for this in the task manager, it is almost like a rootkit. Here are the files I needed to delete after booting into safemode:
C:\Documents and Settings\{username}\Application Data\Google\kjzna1562565.exe
C:\Documents and Settings\{username}\Application Data\Google\spcffwl.dll
C:\Documents and Settings\{username}\Application Data\Google\T-Scan\n.gif
C:\Documents and Settings\{username}\Application Data\Google\T-Scan\t.gif
C:\Documents and Settings\{username}\Application Data\Google\T-Scan\y.gif
C:\Documents and Settings\{username}\Application Data\Google\T-Scan
You will notice that these files will all have the same date stamps.
This just makes me happy that the rest of my computers are Macs and Linux boxes, and don’t have to worry about this crap.
Thanks,
-chris
Tim’s instructions (expanded by Temitayo) also helped me after Malwarebytes, SUPERAntySpyware, and a third security program (which I don’t remember) failed to get rid of that pesky popup. Thanks!
What can i say.. tried countless number of anti-spyware programs and anti-virus programs but nothing.. some manual labour and its just as easyy :)
GoodJob Tim and thanks Temitayo Giwa for making the step-by-step :D My problem is now gone :) Thanks.
Thanks Tim
Tried all the other advise with multiple spyware downloads. Your suggestion worked.
Thank you! I tried several spyware remover downloads and none of them got rid of the pesty pop-up. Tim’s suggestion worked beautifully. Thank you!
Thank you Tim and Temitayo Giwa with both of your help i was able to stop the problem after using Malwarebytes’ Anti-Malware and still having the pop up i really appreciate that.
Have to add my thanks to Tim and Temitayo Giwa. I used Giwa’s instructions and that killed this really nasty virus/trojan.
I feel sorry for anyone that doesn’t have two computers. There’s no way this virus would let me log into any internet sites long enough to get information on the infected computer. I had to use a second computer to find this site. There’s probably a large number of people really stuck and frustrated right now. Or, even worse buying “Perfect Defender” and installing it.
One thing I’m still puzzled by is how my computer got infected in the first place. I’m surprised that Symantec, Confidence Online, and Spyware Doctor failed to pick up on it.
Thank you so much Tim and Temitayo Giwa. I Got rid of the files successfully and I did it all by myself!!!! Temitayo Giwa your instructions were great and perfect for someone with little computer knowledge to understand. I wouldn’t have been able to have done it without you both. Thanks so much!!!
i have done everything tim and temitayo giwa said and my internet explorer still wont go to my homepage…any suggestions?
i followed tim and temitayo giwa’s instructions but i couldn’t find any startup process in my msconfig similar to their’s. i first got this annoying spyware in my guest account, not my normal administrative account, does that make a difference about whether or not the suspected files show up in msconfig? (i’m also running on vista.. unfortunately)
also tried logging into my guest account in safe mode, but to no avail. help pleeeease.
THANKS TO TIM & TEMI FOR THIS WONDERFULL SOLUTION!!! THEIR CLEAR, CONSICE AND EXPERT INSTRUCTIONS WORKED FOR ME (and just in time for the Christmas Hols too!)
:o)
Thank you so much for all the help tim and temi..I followed the instructions exactly and it seems to have worked. The only thing I’m concerned about it even tho I have deleted the files it still shows up on my processes in msconfig. the file isnt checked or anything its just there. Is that something to worry about? I did delete4 or 5 files and emptied the recycle bin.
thanks
thank you so much tim and temitayo! i followed your instructions and i can now use the internet again and no more stupid pop ups so far!
thanks again
THANK YOU!
As above, but I found to get it completely clean I also had to remove the pre-fetch file for the kjzna1562565.exe . The prefetch was found here: C:\WINDOWS\Prefetch\KJZNA1562565.EXE-2C2626CD.pf .
Hope this helps,
Kurt
We have Comcast as our isp but were not using the McAfee security that comes with it. We had been using Avast for some reason. So we switched and uninstalled Avast and installed McAfee via comcast.net and it seems to have removed the “Perfect defender 2009″.
Guys it simple, had the same problem, sorted it out in minutes, juz follow these steps hope it helps;
1:) Turn off ur computer, start it up, hit f8 and go to safe mode, choose you operating system e.g XP.
2:) Once in safe mode click the start menu and u shold see run, click run and type in this msconfig, a window will pop up.
3:) On this window u will see several tabs, u will see the ’start up tab’, click this to show u all the start up excecution files, u will then see the BASTARD “kjzna1562565.exe” (thats the fool!) unmark this idiot and hit Ok, ur usytem will restart or u will be asked to restart
4:) Once ur sytem restarts go to the start menu and hit run again, type this C:\Documents and Settings\yourusername\Application Data\Google (please ensure u use your correct username e.g C:\Documents and Settings\alice\Application Data\Google) this will show u where the files responsible for the problem resides, u will have to delete these files ’spcffwl.dll’ and ‘kjzna1562565.exe’
Do all these and ur system will be sexy again. Hope this helps.
I go to documents and setting and to the username but I can’t find application data, could it be under something else?
I found the kjzna1562565.exe, spcffwl.dll and a couple other files in my c:\Documents and Settings\username\Application Data\google\ directory.
Of the four files I could delete two, but the kjzna1562565.exe and spcffwl.dll would delete because the were “being used by another process”. Rather than go into safe mode, if simply renamed the two troublesome files with another nonsensical extension (I changed their names to kjzna1562565.eere and spcffwl.eere). I then rebooted…and returned to the c:\Documents and Settings\username\Application Data\google\ directory. Now I was able to delete those two files…and that fixed it for me.
Matt,
Do you have visibility of your hidden folders?
Application Data is a hidden folder…In Windows XP you can make it visible by going into “My Computer”, “Folders” tab…”tools”…”Folder Options” ….”view”
Down in the advance settings window below you will see a radio button called Show hidden files and folders…make sure that radio button is marked.
“repeating my earlier post with some important edit changes”
I found the kjzna1562565.exe, spcffwl.dll and a couple other files in my c:\Documents and Settings\username\Application Data\google\ directory.
Of the four files I could delete two, but the kjzna1562565.exe and spcffwl.dll would NOT delete because the were “being used by another process”. Rather than go into safe mode, I simply renamed the two troublesome files with another nonsensical extension (I changed their names to kjzna1562565.eere and spcffwl.eere). I then rebooted…and returned to the c:\Documents and Settings\username\Application Data\google\ directory. Now I was able to delete those two files…and that fixed it for me.
I just had this problem and did what everyone said but the filename wasn’t kjzna********** it was ggq followed by a bunch of random numbers. But this file was in the google folder, had the windows defender icon, and was next to the T-Scan folder. I deleted all of these, deleted the prefetch file, and removed it from startup and it works perfectly.
So make sure you look for file names similar to that in the google folder, and find the corresponding file in msconfig start menu, and in the prefetch folder.
am trying like crazy to remove this defender mess from my pc! please i need some help
I have to truely compliment you guys on findind a solution that actually worked ! I spent the last day fighting this. After I did what was recommended I also discovered the registry key for kjzna1562565.exe with msconfig. So I then opened regedit , located and deleted that as well.
Thanks a lot guys, this was seriously giving me the irrits. It also got rid of around 20 other viruses I had no idea about.
Hi, I’m also having trouble with this virus. When i open up internet explorer my home page opens up. But the two files inside application data/google called kjzna and spcffwl.dll I can’t remove because it says make sure it’s not write protected or in use. I was wondering how I get rid of those and get rid of this stupid virus? I followed the steps outlined previously by Tim and others but for some reason I delete these files.
Thanks so much for the tip on changing the extensions, helped me a great deal.
Couldn’t do the msconfig part, it crashed my comp for some reason :s But I’m hoping with one more reboot it’ll be back to normal. Thanks all for the help.
FAO: Matt - It seems to hide the application data folder - However, if you search for kjzna1562565.exe it will show you the folder. (Once the search has found the .exe, RIGHT click on it and select “Open containing folder”.)
Guys, don’t forget to kill the Pre-Fetch file too: C:\WINDOWS\Prefetch\KJZNA1562565.EXE-2C2626CD.pf
I ran some tests, and it’s possible to kill the attack and remove it without the need for safe mode / reboot, but only if you kill the Pre-Fetch.
Also, it seems the virus is polymorphic - At first, when I located the files, the Icon for the .exe was the same as the Windows Security icon, but once I began work on, it ’s icon changed to that of what looked to be a DVD - An icon for a DVD was in a folder alongside the fake “Google” folder, and it changed as I worked - So, either the attack is “Learning”, or just coincidence, but strange either way!
Kurt
FAO: Bal - Run the tool from: http://www.MalWareBytes.org - Once you have run it, the icons etc are still there; BUT, once the program has run (Program ID is: mbam-setup.exe), it will then “Unlock” the files and allow them to be deleted.
Kurt
FAO: Pyxx - Are you running msconfig in safe mode or normal? If running it in normal mode, the infection may stop you from successfully running msconfig, much in the same way that it stops browsers etc from functioning.
Kurt
Thank you all so much for all your help. Within 1 hour I had my computer fixed. Thank you, Thank you, Thank you!!
I feel bad for those who fall for this and download Perfect Defender on their computer.
Vanessa
Thanks to Tim and others - this solution works for the latest Trojan.Zlog.G popup problem where no internet connection works and repeated fake warnings to ‘activate’ Defender anti-virus program.
No use running any ant-virus/soyware programs, manual removal works perfect:
Start in safe mode (press F8 at startup)
Delete following:
kjzna1562565.exe
spcffwl.dll
T-Scan (entire folder)
their location would be C:\Documents and Settings\{username}\Application Data\Google\
It looks so simple in hindsight, entire day wasted in efforts.
Guys, dont’ forget to search your registry for the kjzna string and delete anything that you find.
I found 3 more entries even after running the programs listed above.
hi there, i have the same problem yesterday but solved it Temi’s and Tim’s way. but now my comp is worse than before?.. It was fine after i solved this problem but now I can’t even boot it up properly. Another problem or still the same?
p.s. i did install that malwarebyte program thru the link posted by webmaster before trying to delete the files in the apps folder.
Thanks so much. I’m back to normal.
In my computer the file name as:
KLNXV19819115 ………
I just want to say thanks to everyone that put up advice on this topic, you were all very helpful!!! I have been working on this thing for two days now, and was starting to lose hope. After trying a few of your suggestions I finally got rid of this annoyance!!!! It was in my google folder, there was a T-scan folder and a couple others all with the same date. I deleted all of them and now, no problems!!! Thanks so much!
If the files associeted with virus didn’t show up on the innitial scans what method did you employ at the start to identify the files associated with the Zlob.G and their location? I’m especially interested in what program Tim ran to find the date of origin of files loaded.This could very helpful in finding the latest files associated with any virus. Could that method be explained clearly? Thanks for your help?
TIM I LOVE YOU, BEERS ON ME.
My final exam is this monday(today saturday), a web based programming course. I was studying and all a sudden my computer went through shut down process. Turn computer back on and getting WIN32 Trojan errors, and hjacked browsers for this website perfect defender. Oh well no big deal run my upto date businesses antivirus and my windows defender. Nothing found!!! Try to research issue and all my web browsers are failing and crashing (chrome, ei, firfox) now Im trippin cause I wont be able to do this exam.
I found same viruse/malware in “C:\Documents and Settings\(my name)\Application Data\Google” name of file fhexj6825097.exe same icon as windows firewall.
What I did?
start>run>msconfig>startup looked for file in statup, it was there unchecked it, preventing file from running on start up again.(this in fact could work and be the only step, on the next statup it would no run giving u no problems)
Then logged into safe mode and deleted. Cannot delete in regular mode it Is write protected or is already running since startup.
Both windows defender and Symantec Norton corporate edition could not detect this thing(even scan the .exe file) So this one u might actually have to do manually
My son picked it up when (we think) he had a message comming up saying he had to update firefox in order to continue to use it, he just pressed the button to go ahead and ended up with some form of this defender. I located the file by putting Norton on manual (so all programs had to check before connecting to the net) and clicked on the recommend software button when the warning box came up. The file name it gave itself in this instance was windpipe.exe (which is a windows folder) but it was in the roaming folder and had the windows defender logo as indicated in the above post. I knew it wasn’t a system file because its create date coincided with the first pop ups so I then ran a find all files created on this date and followed the time stamp. It had also installed 3 gif files and there were some registry entries with a Q at the start that I deleted as well. That seems to have nailed it.
Thx so much Temitayo, i followed all your instructions and it really work.
Thx again.
Thank you all for such wonderful advice and support. This problem is plaguing my computer, and while I followed the advice given here, I am still having some nuances with it when my system starts up. I’m not very computer-savvy so please bear with me. First, I found a weird fhexj6825097.exe file in my C:\Doc…..\Google directory and deleted that. I also deleted an odd mjkdpl.dll file located in the same place (but I had to delete this in safe mode since it told me it was already in use). I went to C:\WINDOWS\Prefetch and deleted the related FHEX…..pf file here. I searched the registry for anything Perfect Defender-related or fhexblahblah-related but nothing turned up. I went to msconfig and unchecked the fhex…exe file under Startup, hit ‘Apply’ and rebooted my system. Now my icons are all faded, I get a weird popup stating I’m missing a wmldusij.dll file and when I go to msconfig again the General tab by default has “Selective Startup” chosen. When I select ‘Normal Startup’ I noticed the goofy fhex….exe box gets checked under the Startup tab. When I uncheck it, my General tab no longer has ‘Normal Startup’ selected. I’m at my wits’ end here and would appreciate any help/advice you may offer. Thank you in advance for your help. Kind regards, Kristy
THANK YOU Tim and Temitayo!!!
I went to download.com and downloaded a trial version of stopzilla and did a full scan which found perfect defender 2009 and all it’s spyware/malware/trojan components etc…and deleted it…and the sign doesn’t pop up anymore. So maybe you should give that a try since stopzilla seemed to be able to find it.
Thanks Tim and Temitayo for your help it worked for me too!
I had all the symptoms mentioned here, but didn’t have any of the files in the google folder. The only browser I could get to work after a fashion was opera, and scan after scan either just wouldn’t load or would not update. Anyway, I went to snapfiles.com and downloaded 2 free malware removers that weren’t as well known to me as some of the others. My reasoning being if I didn’t know them maybe the idiot who wrote the malware didn’t either! The 1st was Norman malware cleaner and the other was Dr Web Cureit! I ran both, it found the malware and freed up everything else.
So if anyone is in the same situ give it a go, it worked for me!
please try “windows system restore” tool.
I just got it done, and everything seem alright now.
Good Luck!
Thank you guys!
I found the file in Google folder, and renamed it. Then I restarted the computer, and was able to delete the corrupted file.
Worked like a charm! :)
Thanks all
I read through all the comments but was locked up and would not allow me to try some of the advice. Mooncake suggested system restore and it worked.
I’ll go back and check if files are still in system but at least now I can go out and download some of the programs suggested to clean out this pain in the ass thing.
Much appreciated from a guy who know very little about this
Ralph
My PC showed a problem from yesterday; firstly Internet explorer crashed, then I downloaded Mozilla Firefox, which crashed within 1 or 2 use.
Every opening of Internet explorer or Firefox says”Insecure Internet activity. Threat to Virus attack”
Then computer asked me to run Perfect Defender 2009, which found the followings 7 viruses:
THREAT NAME
Win32.zafi.B
Trojan.zlob.G
Spyware.cobraspy
Hacktool.Deeppenetration
Dialer.Lox
Packed.MassAccess
Spyware.Nod17
I have Free AVG antivirus, which did not detect any virus.
At this point I found that Perfect Defender itself is a problem, I heard deleting Perfect Defender does not work, it will reappear with another boot, so, before doing anything its good to scan computer with something to check viruses or delete it?? But with what???? And how??? Coz internet explorer or firefox does not work?? And I don’t have another computer
Thanks Tim and Temi, I seem to have cleared it from my computer using your advice - even if it did take two tries to get into safemode!
Thanks!
I got everything deleted files and reg entries. It got rid of the fake security warning and freed up my browsers. However something is still blocking all my attempts to run or download antivirus or antispy program. It won’t even let me on to Symantec.com. Any ideas how to fix this part?
Thanks,
Scott
Found a couple more reg entries. All fixed now. Thanks for all the help!
I found the *.exe and *.dll (different names than the one mentioned above) in the Google subdirectory. renamed them and now can now I can not get the system to boot up in safe mode or regular mode. I just hangs forever. I tried disconnecting the from ntework , reconnecting, etc.
Any ideas how I can get back in and get rid of this virus please. I have windows XP professional on the infected PC.
Thank you so much for this thread. My comp. got attacked by the perfect defender 2 wks ago. My norton and window defender managed to ‘detect’ and ’stop’ a so-called virus but then my computer shut down and restarted and was plagued by the perfect defender pop ups.
I followed all the advice on this thread and eventually and hopefully my poor computer is ok now. The hackers are obviously finding new ways to hijack the computer as the culprit exe. file was cij…..165, as well as other dodgy exe. files in the app data folder. As suggested on this thread I also found this culprit exe file in the registry, hidden files, google folder etc.
I have now downloaded and installed ’superantispyware’–so fingers cross all will be well for now! But any other ideas for protection would be appreciated.
Good luck to those who are experiencing the same problem–do try all the recommendations on this thread. Thank you to the contributors on this thread.
i downloaded this perfect defender but nothing seem to be happening to my computer…
no popups or anything
should i still uninstall it??
someone help!!
Just want to say thanks to all for these posts from which this great grandma was able to figure out how to get rid of this lovely gift from Russia.
[...] defender-2009.com is a security website that endorse “New Generation of Anti-Spyware Software” in the presence of Perfect Defender 2009. [...]
You should use Windows Defender.
It is an LEGIT program, and you can go to their website directly to download it. It is completely free, and I was able to remove this annoying virus with just a scan.
http://www.microsoft.com/windows/products/winfamily/defender/default.mspx
A couple of other things helped me - check EVERY user on your pc when you are looking around your google files in safe mode as I found the offending .exe file in one of my husbands profiles which he uses to access one of the places he works (which was not in use the day this ugly business started as he was out of town - go figure?). Also, if you know the date this started then it is easier to work out which .exe file looks suspicious as it seems to have a number of different names. I probably deleted a few extra google files but without any obvious damage and what the hey - Perfect Defender has been exterminated - YAY!
THANK YOU, THANK YOU, THANK YOU!!! Thanks so much for this thread. We almost downloaded Perfect defender, but then decided to google it first and found this thread. Thanks to Temitayo. We tried this and found the file really easy, deleted it, and everything seems to be working fine now. Thanks to everyone for adding to this thread to help out people like us who have no idea how to deal with this stuff.
Hey everyone,
This bugger wouldn’t let me even get into msconfig (the trojan would automatically restart my computer). Finally I just did a system restore at a day before I got the trojan and I don’t have the pop-up anymore. It seems simple but as I couldn’t do Tim’s suggestion this was the only thing I could do.
Thank you so much Tim and Temi … I can’t tell you how grateful I am to be able to use my computer safely again after three virus scans that have always worked for me systematically failed to find the source of the problem. =)
OK so here is my dilemma…I don’t need to post details because you all are familiar with this virus, but what happens when there IS NO GOOGLE FOLDER?! I have been fighting this bloody thing for about a week now because every single fix that people have posted anywhere has to do with a Google folder and it doesn’t exist on the laptop I am attempting to repair.
So two days ago, i got this stupid trojan and i thought it was nothing but i kept having this bad feeling that i should get rid of it. so i googled the perfect defender 2009 and found this website and it was very helpful. Now i dont get that annoying pop-up! i managed to completely delete the file containing the trojan but then it seemed too easy to be true that it is fully gone from my computer. What i did was take Derek’s advice (box #32) but i wasnt able to do step 4 until later on because i couldnt find the application folder in my folder so if you’re having the same problem just open your MY COMPUTER or any folder and under BACK there’s an ADDRESS box so type in ” C:\Documents and Settings\(username)\Application Data ” you’ll definitely see the GOOGLE file and the trojan is in there so just delete whatever you have to. It’s also a good idea to download Malwarebytes Anti-Malware (download.com) and do a full scan to make sure you’re free from the virus :) hope this helps!
P.S. my trojan file wasnt kjzna1562565.exe it was PFYSW721318.EXE
I FREAKING LOVE YOU TIM AND TEMITAYO. OMG I love you. My computer has been infected for like 4days. And the scans and this super long guide did not help me whatsoever nothing was working. And i stupidly downloaded and installed perfect defender. And I was like oph man when i found out what it was. Then I followed those steps and in less than 5 minutes, I could use my computer internet again! I was able to delete the module causing it and everything. Omgosh, thank you so much. I was trying for hours before this to fix my computer. Thank you!!
Hi
Thank you so much. i was about to download when I googled to check it out & reading ur blog I just averted the problem.
-Sanjana
Thanks to Tim and Temitayo, I found and deleted the files in the Application Data directory, beware there is one in each of the first six folders, but the big exe file seems to be in the Google folder. The names of my files were different than almost all of the above, but I could spot them by the create date, they all coincided with the moment of the attack. Beware, they can be named anything. I still haven’t found the reg file, but having deleted the six files in each of the first six folders of the App Data folder, the pop up is gone. Why doesn’t Symantec have a solution, why doesn’t Norton protect us??? without Tim and Temitayo, I’d still be struggling.
The virus file is in the folder mentioned the previous post, namely:
C:\Documents and Settings\(username)\Application Data\google
There is another way to delete those files without reboot. After you identify the exe file, which it is the folder above and has a logo likes windows defender. For me, the file name is Wcscxx.exe.
Open “Windows Task Manager”, select the “Process” tab, find the process with the same name and click “End Process”. After the process died, you can then delete the exe file.
thats was incredable help from Temitayo Giwa. Off topic question, when you go under tools/view and show hidden files, why are there hidden files in the first place. why not show all everytime, why hide them?
Guys, thanks for the help. The file names were different (wcwdo16814728.exe) but there it was in the appdata\google folder.
Guys, I downloaded the thing and did the scan, but i stopped it and it told me to buy it, I didn’t instead I unistalled it and restarted. Its not in my C drive anymore, BUT, the install thing is still there when i type perfect proctection in my files, How do I get rid of that? Should I just delete it? Thanks.
They got me- I bought Perfect Defender, and am only now realizing it’s the problem! I was running Spybot Search & Destroy, and it was informing me that PD is a fraud.
Does anyone know if they will actually keep their promise to give your money back within 30 days, or am I just out of luck on that front? (Thank you for the tips on how to uninstall- I will do that ASAP!)
Anyone fixed this in Vista? No sign of any files remotely like those described. Even the directories are different. Regedit gives no clues either. Crashes Outlook/IE/Chrome/Windows Explorer, even Word when trying to connect to net. All other symptoms the same as described.
What about Catalyst Control Center? Is that a related virus threat?
Thank you so much TIM AND TEMITAYO for helping me get rid this stupid perfect defender! If it wasn’t for you guys, I would still be working on how to removed it and get really paranoid. So once again, Thanks!! Ya a genius!!
Kim
nice, really nice!
Thanks so much for this, just got that crap off of my computer!!! :)
This is what I did and it worked.
Wait until the bastard alert pops up with the Task manager already open, when it shows up, go to Applications tab, select the bastard, right click “go to Process”, once you are on the process, kill it clicking on End Process button. Then go to it’s directory, app data.. google… select the bastard and hit SHIFT + DEL.
All without rebooting.
Also make sure you search the filename in the registry and delete it. To do so, process “regedit” from the command line and use the registry search to find the bastard in the registry and delete it.
Thanks a lot guys. Getting rid of it was super easy. Mine was just one file, and it had a different name: Jaeio234556. I think maybe the name and/or number are randomly generated, but it was right where it was supposed to be. Fixed in under 10 minutes after 1/2 an hour of frustration. Thanks again.
I finally KILLED the creepy thing is I got it the same day as :
” Mike says:
May 11, 2009 at 3:06 am
Thanks a lot guys. Getting rid of it was super easy. Mine was just one file, and it had a different name: Jaeio234556. I think maybe the name and/or number are randomly generated, but it was right where it was supposed to be. Fixed in under 10 minutes after 1/2 an hour of frustration. Thanks again.”
I also found it under the file name “jaeio234556″ so i agree with Mike, the name and number will vary. WHAT HELPED ME IS THAT IT HAS THE FIREWALL SYMBOL. I read that in a previous comment, then Mike’s comment confirmed that i had found the file to delete. So, go to C:\Documents and Settings\username\Application Data\google\ and search for a file with the firewall symbol. ALSO, find the prefetch like the posts say. (easy to find, just use the “search” feature, delete it, then start safe mode and delete the file you found in the google folder)
Hope it helps ;D. I was working on this crap from 5pm till now, 1am, straight….piece of crap kept closing by browsers, i have no idea how i managed to keep it open.
I feel like kissing someone from joy now xD
Thanks everyone for the thread.
Basically you find the google folder under ‘application data’. Copy the name of the exe that has been put there (mine was jaeio234556).
Find and remove any instances of this filename from the prefetch folder and from the registry.
Rename the google folder. Reboot. Job done.
Gotta give the bastards credit though - it’s a pretty clever one. I run a fully patched up-to-date machine and like to think I know what I’m doing. They obviously know just a little bit more!
That said - their wording and over-the-top scary warning rang alarms bells as soon as I saw it. However I bet a lot of people do hit that ‘download now’ button to ‘fix’ their machine. I wonder how much they actually make - how much do they charge if you actually go ahead and buy it?
There’s gonna be plenty more of these type of attacks over the coming years - that is for sure…
Thank you, Thank you, Thank you. I love good people like everyone here. I have VISTA and the only thing I had to do extra to get rid of this virus was to rename one of the files it wouldn’t let me delete, then reboot and it let me delete it.
P.S. Someone should call the Attny General, FBI, Homeland Security, and FTC to turn these people in ASAP! I was searching for anti-virus for cell phones and clicked on some link that gave me this virus!!
Oh yeah…..I’m not 100% sure, however I think at least one of the people involved in this scam is:
http:www.perfectd-review.com.
This is where both my Firefox and IE took me to and said if I didn’t download the software my computer would not work.
Thanks everyone.
Just finished cleaning up my friends computer.
Deleted Google folder with 2 files (exe & dll) and 4 files with same date stamp under Application Data (3 graphic files and 1 bat file)
Fo far seems to be working fine.
Thanks one more time!
thank you all so much. 10 minutes have now passed popup free. this bloody thing has been winding me up so much!!!!!
thank you thank thank you
Okay, looks like I finally defeated my own attack from this SOB. I don’t know how, where or why it appeared on my system but I swear to God that if I ever find them. I’m going to roast every person responsible slowly over a nice mesquite flame.
It wouldn’t let me reboot into safe mode so I deleted the prefetch file, then renamed the EXE file in the Google folder. After a reboot, it let me delete that file and then another reboot showed that, so far, the little bastard is gone. Thanks for all the help! It was so much more useful than all the various programs!
One more big THANK YOU! This thing was driving me nuts - not affecting my machine as badly as some others were (get Firefox 3!) but generating a pop-up window every few minutes. It was only a single file on my computer (at least that I could find), but still in the …\Google\ folder.
I think i’ve seen this somewhere before…
heyy it worked for me but I still have that nasty trojan that send me in the fisrt place to have the perfect defender ¬¬ and I don’t know how to get rid of it Help please :)