Free malware removal tool to remove Malware Defender 2009

Written by Administrator | Tuesday, 26 May 2009 06:27

Malware Defender 2009 is a rogue, ie malware that pretends to be an Antivirus when in reality it is a malware. It is a wolf in sheep's clothing. It conducts a fake scan of your system; you are warned by a fake alarm that there are more malwares on your system. It’s true indeed, there is really a malware in your system but I think the only malware on your system is Malware Defender 2009 (MalwareDefender 2009). It invites you to purchase a license to remove malware, do not, it's a scam, you need a license for a malware? This so-called Antivirus tries to scam you.

Malware-Defender-2009

To remove Malware Defender 2009

Download this free removal tool for Malware Defender 2009
Extract it
Launch
Click on the delete button

Malware Defender 2009 will be removed from your system in 10s. Restart your computer when it’s finished.

Processes :

malwaredef.exe

Files :

%DesktopDir%\Malware Defender 2009.lnk
%Programs%\Malware Defender 2009\Malware Defender 2009.lnk
%Programs%\Malware Defender 2009\Uninstall.lnk
%CommonAppData%\Microsoft\Media Index\Drivers\hdddriver.dll
%ProgramFiles%\Malware Defender 2009\conf.cfg
%ProgramFiles%\Malware Defender 2009\malwaredef.exe
%ProgramFiles%\Malware Defender 2009\mbase.vdb
%ProgramFiles%\Malware Defender 2009\quarantine.vdb
%ProgramFiles%\Malware Defender 2009\vbase.vdb
%ProgramFiles%\Malware Defender 2009\queue.vdb
%ProgramFiles%\Malware Defender 2009\uninstall.exe
%CommonAppData%\Microsoft\Media Index\Drivers
%Programs%\Malware Defender 2009
%ProgramFiles%\Malware Defender 2009
%ProgramFiles%\Malware Defender 2009\quarantine

Registry

Newly registry key created by the malware

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34357730-A110-4A31-AF65-8FE4805B5CB3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34357730-A110-4A31-AF65-8FE4805B5CB3}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72F3EE23-2C4E-42D4-BAE2-311372A59DF2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72F3EE23-2C4E-42D4-BAE2-311372A59DF2}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defender 2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defender 2009
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defender 2009\Lic

Newly registry values created byt the malware

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34357730-A110-4A31-AF65-8FE4805B5CB3}\InprocServer32
- (Default) = "%CommonAppData%\Microsoft\Media Index\Drivers\hdddriver.dll"
- ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72F3EE23-2C4E-42D4-BAE2-311372A59DF2}\InprocServer32
- (Default) = "%CommonAppData%\Microsoft\Media Index\Drivers\ffabzdxeva.dll"
- ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72F3EE23-2C4E-42D4-BAE2-311372A59DF2}
- (Default) = "DriversLoad"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- malwaredef = "%ProgramFiles%\Malware Defender 2009\malwaredef.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
- HardwareDrivers = "{34357730-A110-4A31-AF65-8FE4805B5CB3}"
- DriversLoad = "{72F3EE23-2C4E-42D4-BAE2-311372A59DF2}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defender 2009
- DisplayName = "Malware Defender 2009"
- UninstallString = "%ProgramFiles%\Malware Defender\uninstall.exe"
- InstallDate = "61165710590"