February 7, 2011

Woke up this morning, got ready to do a little web surfing before work, and this happens.

Defender.exe bills itself to be anti-virus software, but (according to the Web) is a piece of junk software that tries to make you pony up some money in order to get to use your computer to get to the Web again.  It even looks like the AVG software I use for antivirus scans. Here’s what I did to get that motherloving exe off my machine…

The first problem is that Defender won’t let you look at Task Manager to try and shut it down, and it won’t give you a right-click option to shut it down either.  Very frustrating. But going to the “Start ->All Programs”, I found that there was indeed new software installed. Not sure HOW it got installed, but it was there.

Hovered over the new program (I think it was called “security-defender” or some such – it was very early in the morning) and that told me it had installed itself in “C:\Documents and Settings\(user name – I hear that it will also put itself into the Admin folder)\Application Data”.

Going there through “My Computer”, sure enough, it was there.  The next thing I did was to rename the program – I did “qwerty.exe”. I suppose I could have renamed the extension to make doubly sure it wouldn’t run, but I was a little leery about that.  Then I rebooted.

That seemed to have done the trick – I was able to track back to the folder it was in, delete it, then go to the Web to get further instructions to eradicate it – like here…


I have to give the programmers credit – they did a bang-up job creating a fake emergency!  The exe went through the files in my machine and randomly told me that worms and child porn proxys were on my machine, ultimately finding 56 of them.  It even popped up a window with a randomly generated IP address where it was supposedly coming from, and when that window opened, I sweartoGod they have a pig squeal play! If that wouldn’t convince a casual user to buy the fake program, I don’t know what would.

%d bloggers like this: