Malware Defense
Malware Defense virus will keep on spreading over the Internet pretending to be legitimate antivirus software. Its goal is to deceive people with its protection features. When installed on computer, Malware Defense attempts to make changes on computer settings and tries to embed malicious codes on to legitimate system files. This will make Malware Defense undetectable to existing security programs. Once it has done necessary modifications, it will proceed with the promotion stage. A constant reminder and security alerts pop-up will come very timely from Malware Defense prompting users to buy the registered version of this useless program.
Malware Defense has no add/remove components included during installation so it is impossible to get rid of it automatically via Windows control panel. Don’t forget to remove Malware Defense associated virus and malicious files hiding inside the system. These remnants have a tendency to connect to a remote location and download the threat again. You last resort is to scan with a combination of antivirus and antimalware programs. To properly guide you with the removal of Malware Defense, please refer to procedure on this page.
Screen Shot Image:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Malware Defense Removal Procedures
1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) and save it on your Desktop.
2. After downloading, double-click on the file to install the application.
3. Follow the prompts and install as “default” only
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished, click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart Windows.
Technical Details and Additional Information:
Malicious Files Added by Malware Defense
%UserProfile%\Desktop\Malware Defense Support.lnk
%UserProfile%\Desktop\Malware Defense.lnk
%UserProfile%\Start Menu\Programs\Malware Defense\Malware Defense Support.lnk
%UserProfile%\Start Menu\Programs\Malware Defense\Malware Defense.lnk
%UserProfile%\Start Menu\Programs\Malware Defense\Uninstall Malware Defense.lnk
c:\Program Files\Malware Defense\help.ico
c:\Program Files\Malware Defense\md.db
c:\Program Files\Malware Defense\mdefense.exe
c:\Program Files\Malware Defense\mdext.dll
c:\Program Files\Malware Defense\uninstall.exe
File Location for Windows Versions:
- %UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
Malware Defense Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Malware Defense”
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
robin
Dec 21, 2009 @ 10:07:32
the problem many people face is that malware defense is disabling these programs that you recommend – so if you have any alternative ideas – that would be great.
nh
Dec 22, 2009 @ 04:44:19
you can download the Avast anti virus software and scan your pc. It’s free for home users. it might not down load at first but you need to keep on trying. Save it on your pc before running it. Once you scan the pc and clean it you can also download the microsoft security essentials and run another scan. This should fix it. good luck.
Brian
Dec 22, 2009 @ 15:21:39
Robin,
I am having the exact same problem. Have you had any luck?
Caitlin
Dec 24, 2009 @ 01:41:32
I got rid of this virus today. It disabled my anti-virus software and even system restore. I downloaded Malwarebytes’ Anti-malware but malware defense was disabling that too. I kept tinkering w/ my computer for hours trying to get rid of this thing!
Finally, I followed all the steps on this page (hxxp://www.bleepingcomputer.com/virus-removal/remove-malware-defense). that rkill download helped stop the annoying pop ups while i finally used the Malwarebytes’ Anti-malware to scan and remove the virus off my computer. (Scan took a few hours for me)
Brian
Dec 29, 2009 @ 13:50:46
The Avast anti-virus program worked for me. That removed the trojan and allowed me to run the malwarebytes program.
Melvin Pratt
Dec 30, 2009 @ 03:20:24
The Avast anti-virus program is a scam as well. It claims to be free, but after scanning your system and identifying a bunch of threats, it says you have to “register” before it will remove the threats. Of course, registration costs $27. Then when you try to uninstall the program it gives you a pop-up offering a “free” version if you sign up with their “partners”–like Netflix. They’re almost as shady as MalwareDefense, itself!
Hammie
Jan 03, 2010 @ 23:17:30
Caitlin, your bleepingcomputer.com link was great! I’ve been struggling with this virus for a couple of agonizing days now, but I just followed those step-by-step instructions and POOF! No more Virus!
Thanks a million!! :)
travis
Jan 04, 2010 @ 19:24:33
Caitlin
The link you suggested appears to be doing the trick! Thank you very much (as well as everyone else on here for their thoughts and suggestions). I don’t know what I’d do without these helpful sites. My computer has crashed 3 times and now this virus thing (and it’s a new computer AND I don’t download strange things or visit strange sites) but sites like this have helped me through it all. Thanks again!
Jonnathan
Jan 05, 2010 @ 14:53:17
hola amigos, soy de paraguay, y lo que me paso a mi, fue orrible, un niño uso sin permiso mi pc y entro en paginas porno, y ahora tengo el maldito virus ese!!que puedo hacer para eliminarlo sin formatear??porque no lo encuentro ni en archivos de programas como para eliminarlo!!!
daN
Jan 13, 2010 @ 07:53:07
Had this annoying virus on my PC. Bothered me for 3 days. Followed Caitlin’s instructions and removed this successfully. If only these loser hackers put as much effort into getting laid instead of writing this crap, the world would be a better place. And then they could move out of grandmom’s basement.
sudip
Jan 18, 2010 @ 16:24:30
*** I REMOVED IT ***
I had several administrator accounts on my wife’s WINDOWS XP and this malware got through as my spouse let it in because of her mal choice of clicks!
I downloaded rkill.exe and mbam-setup.exe and transferred it via burning it into a CD and booting the affected computer by Norton Ghost. The changing name to “explorer” parts did not work for me as it was prompting that setup file is corrected
I deleted her account by going to Control Panel -> User Accounts and chose keep the files.
Then I re-created the account again with the same name and transferred the kept files.
This is probably the fastest and easiest way to get back to work!
So the moral of the story is, keep some extra admin accounts, and surf through your delete-able “restricted” accounts (which can be wiped off if the computer is affected).
It worked!
:)
Tallred
Jan 27, 2010 @ 21:19:45
Melvin Prat is wrong! I’ve been using Avast Home version for free for over 6 years now. Every year I have to register again and that’s free every time. Try reading all of the instructions before you defame a great product.