Posts Comments

Antimalware Defender Removal

By admin on February 8, 2010 Leave a Comment

Description: Antimalware Defender is a fake anti-spyware related to the well-known rogue software, Virus Doctor. It uses scare tactics to try and convince the user to buy a license for the software. It gets downloaded via Trojan viruses that enter the user’s computer and then display authentic-looking Windows alerts asking the user to agree to an update of the Windows malware database. If the user agrees to this, Antimalware Defender gets installed. Once established on the system, this rogue software will proceed to perform fake system scans every so often and return results stating that the computer is under threats from malware. It will also install a browser helper object which will redirect the user’s web browser to websites that promote similar rogue software programs. Furthermore, Antimalware Defender will display fake pop-ups from the Windows taskbar stating that the computer is under threat from various viruses. It will then claim that the currently installed ‘trial’ version of the software is not adequate to remove the detected false ‘threats’ and advise the user to purchase a license for the ‘full’ version of Antimalware Defender. However, as Antimalware Defender is a fake program, none of its versions can scan or clean your computer.

Antimalware Defender

Antimalware Defender

» Download Antimalware Defender Removal Software

As soon as you find a copy of Antimalware Defender on your system, you should take steps to remove it. This involves unregistering its DLL files, removing its files and folders and deleting its registry entries.

File Removal Procedures

The first step needed to remove Antimalware Defender is to unregister the following DLL file: Because the below file name is random you will need to run a virus scan to nail down the exact file name. However it will be close or similar in nature to the below files. ( Learn how to terminate a running process )

  • ca467c83-a655-2231-562f-n56361e56f43c_3.avi (random named AVI file in C:\WINDOWS\system32\ )

The next step is to remove the following files and folders:

  • c:\Documents and Settings\All Users\Application Data\random named AVI
  • c:\Documents and Settings\All Users\Application Data\random named AVI
  • c:\Documents and Settings\All Users\Application Data\random named .mkv
  • c:\Documents and Settings\All Users\Start Menu\Programs\Antimalware Defender
  • c:\Documents and Settings\All Users\Start Menu\Programs\Antimalware Defender\Antimalware Defender.lnk
  • c:\Documents and Settings\All Users\Start Menu\Programs\Startup\ca84c702-c758-4421-974e-b02662e76d7c_6.lnk c:\Program Files\Antimalware Defender
  • c:\Program Files\Antimalware Defender\Antimalware Defender.dll
  • c:\WINDOWS\system32\random named AVI
  • c:\WINDOWS\system32\random named .ico
  • %UserProfile%\Local Settings\Application Data\random named AVI
  • %UserProfile%\Application Data\random named AVI
  • %UserProfile%\Application Data\random named AVI
  • %UserProfile%\Application Data\random named AVI
  • %UserProfile%\Application Data\random named .mkv
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Defender.lnk
  • %UserProfile%\Desktop\Antimalware Defender.lnk
  • %UserProfile%\Local Settings\Application Data\random named AVI
  • %UserProfile%\Local Settings\Application Data\random named ico
  • %UserProfile%\Local Settings\Application Data\random named .mkv
  • %UserProfile%\Start Menu\Programs\Antimalware Defender
  • %UserProfile%\Start Menu\Programs\Antimalware Defender\Antimalware Defender.lnk
  • %UserProfile%\Start Menu\Programs\Startup\random named .lnk

Once these steps have been completed, your hard disk no longer contains any instances of Antimalware Defender. However, in order to ensure the fact that no further malicious files are left behind on the system it is recommended to scan the entire computer using Spyware Doctor with Antivirus.

Registry Removal Procedures

After file removal has been completed, the following keys and settings should be removed from the Windows Registry in order to ensure that you completely remove Antimalware Defender: (How to Edit Registry Here)

  • HKEY_CLASSES_ROOT\CLSID\{random named}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{random named}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “random named”

Once these steps have all been completed, your computer is safe from Antimalware Defender.

Outside Resources:

http://www.bleepingcomputer.com/virus-removal/remove-antimalware-defender

http://www.411-spyware.com/remove-antimalware-defender

Filed Under: Virus Removal Tagged With: , , , , , ,

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.