Perfect Defender 2009

Perfect Defender 2009 is a fake antivirus software for Windows system. It will attempt to persuade users into obtaining the registered version by providing fake scan results on victim’s computer. This fake anti-virus software comes from a large group of malicious applications that has created various variants of it.

Perfect Defender 2009 is just a mimic of the other versions and only obvious change is its name. Graphical user interface and method of propagation remains the same. Usually, users can acquire Perfect Defender 2009 from web sites that disguise either online virus scanner or one that offers free videos. As for fake online scanner sites, it will automatically run a scan on visitor’s machine. Several threats will be identified on the said scan and prompt user to download Perfect Defender 2009 as a cleaner. While on bogus video sites, user will receive prompt stating that multimedia player is required to view online movies.

Innocent users may think that the endorsed program will help remove a threat that is why so many have fallen into the trick of Perfect Defender 2009. Right after it is installed; it will carry another local scan on the computer and detects dozens of threats. An advice to remove these infections follows but can only be performed if the licensed version of Perfect Defender 2009 is purchased. Users will be brought to an online payment web site where credit card account is needed to complete the transaction.

Perfect Defender 2009 also performs the following:
1. It will display warning messages to mislead computer users.

To help protect your computer, Windows Firewall has blocked activity of harmful software.
Do you want to block this suspicious software?
Name: Spyware.ISpynow
Risk Level: High
Description: iSpynow is a Spyware program that records keystrokes and takes screen shots of the computer, stealing personal financial information.

2. Infected computers internet browser will be redirected to the following websites:

  • order.instacheckout.com (Fraudulent payment page)
  • perfectd-review.com
  • defender-2009.com
  • defender-review.com
  • defender2009.com

Perfect Defender 2009

Signs and Symptoms of Perfect Defender 2009 Infection:

Browser is redirected to Perfect Defender 2009 web sites
Rogue program is coupled with web site that promotes the full version of it. Also, the same web sites are used for online payment if user has fallen into the trap of this malware.

Exhibits fake pop-ups and security alert
In order to deceive computer users, Perfect Defender 2009 will exhibit a bunch of fake security alerts and warning messages. It also intends to promote the malware as the sole remover for identified threats.

Perfect Defender 2009 will detect errors and threats that do not exists
Every rogue programs are made to mislead computer users. Thus, expect that Perfect Defender 2009 will show scan result that is full of errors and threats. This result is fictitious and you should not follow its recommendation.

Other Functions of Perfect Defender 2009:

  • Perfect Defender 2009 may come with another Trojan or virus
  • It can contact a remote server in order to download more malware
  • This threat will drop malicious files and make changes to the system registry
  • Perfect Defender 2009 can steal credit card information when you pay for it online
  • The threat can redirect search result link to a malicious web page

How to Remove Perfect Defender 2009

1. Download Malwarebytes' Anti-Malware from this link and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as default only.

4. Before the installation completes, check on the following prompts:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware

5. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the Show Results button.
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.

Note: Some malware may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.

106 Comments

  1. Rocky1016

    I have the Perfect Defender 2009 virus. I ran malwarebytes twice on my computer, and the pop-up bogus security allert still shows up on my desktop. Do I need to reboot after the scan? How do I get this off my computer? Any help would be greatly appreciated.

  2. Jonathan

    Same problem, NOTHING seems to work! Been working on this for 20 hours without sleep! Run malwarebytes many times, both normal and safe mode, over and over. Any help would be greatly appreciated. Trying everything I can find, and it’s been helpful to an extent, but the pop up continues. — Originally it would block all anti spyware/virus software, finally got rid of that from downloading programs on another computer, putting them on a flashdrive under different random names. Also it was blocking all websites related to anti spyware/antivirus.. and now that’s fixed.

    All that seems to be left is that annoying bogus security alert to Perfect Defender 2009, and the homepage of Firefox and IE being bogus. Any ideas? Thanks

  3. Tim

    I just found and deleted components the file was under c:/users/owner/appdata/roaming..
    the first 6 folders each contained a file that was associated with the same date of origin. I found this by going to msconfig and disabling all selections and then reapplying one by one until problem reoccured. the primary file was an application called wincore. it has a icon similar to windows defender (world behind firewall)
    It will not let you delete these files so you must reboot your machine in safemode (f8) and then delete these files.My wincore was located in C:/users/owner(you)/appdata/roaming/google. You also may look in “local” instead of roaming.

  4. B & H

    Tim’s instructions worked for us. Thank you.

  5. Alison

    I see that Tim’s instructions work but I don’t understand what to do. I’m obviously not very good with computers. Could you please explain step by step? I would really appreciate it. If I dont get a response soon I’ll have to take my computer to the shop to get this thing removed. I can’t find anywhere else online talking about this. Thanks.

  6. franklin

    Tim,

    For those of us that are computer illiterate, exactly where do I find the files you mentioned?

  7. Temitayo Giwa

    This is how I got rid of mine:
    Start your computer in safe mode (while the computer is booting up hit f8 (in xp it will ask you what operating system you want to load and at the bottom of the screen have instructions for opening in safe mode)
    go to start/Run and type msconfig and then click ok.
    click the start up tab and then look for a process whose file location is similar to the one tim posted (C:/users/owner(you)/appdata/roaming/google) mine was located in C:Documents and SettingsTemi GiwaApplication DataGoogle (note Temi Giwa is the user name it could be any name)
    WRITE LOCATION DOWN!
    deselect that process and restart your computer.
    when your computer loads run internet explorer to check if it is the right process. if it is it should go directly to your regular home page.
    If restart in safe mode and try another process until you find it.
    WHen you find it go to the file location. NOTE: application data may be a hidden file. If you can not find it, on the file menu go to tools/ folder options and then select the view tab.
    Make sure the show system files checkbox is selected and the show hidden files and folders radio button is selected.
    Back out of the folder and then go back in. you should be able to see the application data folder now.
    locate the bad file and delete it (remember to empty your recycle bin when you are done as well.)
    NOTE some of these files are neccessary for your computer to run. Please do not delete a file unless you are ABSOLUTELY sure that it is not a neccessary file)

    After all this your computer should be clean from this nasty virus!

  8. Alison

    Thanks for your help. I tried but couldn’t get it to work. I really don’t know what I’m doing and am so afraid I’ll mess it up. I think I’ll just take it to the shop. I couldn’t find the hidden folder thing. I don’t understand it and don’t know how to do it. I may try again. I’ll update you. Thanks again for taking the time to try to explain it. I’m slow…obviously :)

  9. Alison

    Okay. I got it!!!!! But I still have a ‘Perfect Defender 2009’ thing when I open programs. It gives me the option to uninstall it but I’m afraid to mess with it. I’ve got no more popups though.

  10. Alison

    I did it!!! It’s all gone and I’m so proud of myself. Thank you, thank you, thank you.

  11. George

    i got rid of the files, but i’m still getting the popups. i need help!!

  12. VANESSA

    HI HOW CAN I REMOVE PERFECT DEFENDER FIREWALL ALERT SOMEBODY CAN HELP ME

  13. George

    i’ve did what Tim said, and even looked for recent uploaded files, deleted them, and i still get this crap!! someone help me!!!

  14. Chris

    Tim,

    Thanks to you I figured this out and removed it. I can’t believe how much trouble I was having with this, especially for a person with as much computer experience as me (and w/ a BS and MS in CompSci). I don’t know how I got this, I am extremely careful and I have never had a virus or spyware installed on my machine before (although I’ve removed both of these from friend’s computers on numerous occasions). I was amazed that I couldn’t even find a process running for this in the task manager, it is almost like a rootkit. Here are the files I needed to delete after booting into safemode:
    C:Documents and Settings{username}Application DataGooglekjzna1562565.exe
    C:Documents and Settings{username}Application DataGooglespcffwl.dll
    C:Documents and Settings{username}Application DataGoogleT-Scann.gif
    C:Documents and Settings{username}Application DataGoogleT-Scant.gif
    C:Documents and Settings{username}Application DataGoogleT-Scany.gif
    C:Documents and Settings{username}Application DataGoogleT-Scan

    You will notice that these files will all have the same date stamps.

    This just makes me happy that the rest of my computers are Macs and Linux boxes, and don’t have to worry about this crap.

    Thanks,

    -chris

  15. Paul

    Tim’s instructions (expanded by Temitayo) also helped me after Malwarebytes, SUPERAntySpyware, and a third security program (which I don’t remember) failed to get rid of that pesky popup. Thanks!

  16. Josh

    What can i say.. tried countless number of anti-spyware programs and anti-virus programs but nothing.. some manual labour and its just as easyy :)
    GoodJob Tim and thanks Temitayo Giwa for making the step-by-step :D My problem is now gone :) Thanks.

  17. john

    Thanks Tim

    Tried all the other advise with multiple spyware downloads. Your suggestion worked.

  18. VV

    Thank you! I tried several spyware remover downloads and none of them got rid of the pesty pop-up. Tim’s suggestion worked beautifully. Thank you!

  19. John

    Thank you Tim and Temitayo Giwa with both of your help i was able to stop the problem after using Malwarebytes’ Anti-Malware and still having the pop up i really appreciate that.

  20. Don

    Have to add my thanks to Tim and Temitayo Giwa. I used Giwa’s instructions and that killed this really nasty virus/trojan.

    I feel sorry for anyone that doesn’t have two computers. There’s no way this virus would let me log into any internet sites long enough to get information on the infected computer. I had to use a second computer to find this site. There’s probably a large number of people really stuck and frustrated right now. Or, even worse buying “Perfect Defender” and installing it.

    One thing I’m still puzzled by is how my computer got infected in the first place. I’m surprised that Symantec, Confidence Online, and Spyware Doctor failed to pick up on it.

  21. Chelsea

    Thank you so much Tim and Temitayo Giwa. I Got rid of the files successfully and I did it all by myself!!!! Temitayo Giwa your instructions were great and perfect for someone with little computer knowledge to understand. I wouldn’t have been able to have done it without you both. Thanks so much!!!

  22. Patrick

    i have done everything tim and temitayo giwa said and my internet explorer still wont go to my homepage…any suggestions?

  23. Jeffrey

    i followed tim and temitayo giwa’s instructions but i couldn’t find any startup process in my msconfig similar to their’s. i first got this annoying spyware in my guest account, not my normal administrative account, does that make a difference about whether or not the suspected files show up in msconfig? (i’m also running on vista.. unfortunately)

    also tried logging into my guest account in safe mode, but to no avail. help pleeeease.

  24. Mickell Akins

    THANKS TO TIM & TEMI FOR THIS WONDERFULL SOLUTION!!! THEIR CLEAR, CONSICE AND EXPERT INSTRUCTIONS WORKED FOR ME (and just in time for the Christmas Hols too!)

    :o)

  25. Debbie

    Thank you so much for all the help tim and temi..I followed the instructions exactly and it seems to have worked. The only thing I’m concerned about it even tho I have deleted the files it still shows up on my processes in msconfig. the file isnt checked or anything its just there. Is that something to worry about? I did delete4 or 5 files and emptied the recycle bin.
    thanks

  26. Katie

    thank you so much tim and temitayo! i followed your instructions and i can now use the internet again and no more stupid pop ups so far!
    thanks again

  27. Jon

    THANK YOU!

  28. Kurt

    As above, but I found to get it completely clean I also had to remove the pre-fetch file for the kjzna1562565.exe . The prefetch was found here: C:WINDOWSPrefetchKJZNA1562565.EXE-2C2626CD.pf .

    Hope this helps,

    Kurt

  29. Jill

    We have Comcast as our isp but were not using the McAfee security that comes with it. We had been using Avast for some reason. So we switched and uninstalled Avast and installed McAfee via comcast.net and it seems to have removed the “Perfect defender 2009”.

  30. Derek

    Guys it simple, had the same problem, sorted it out in minutes, just follow these steps hope it helps;

    1:) Turn off ur computer, start it up, hit f8 and go to safe mode, choose you operating system e.g XP.

    2:) Once in safe mode click the start menu and u should see run, click run and type in this msconfig, a window will pop up.

    3:) On this window u will see several tabs, u will see the ‘start up tab’, click this to show u all the start up execution files, u will then see the virus “kjzna1562565.exe” (that’s the fool!) unmark this virus and hit Ok, your system will restart or u will be asked to restart

    4:) Once your system restarts go to the start menu and hit run again, type this C:Documents and SettingsyourusernameApplication DataGoogle (please ensure u use your correct username e.g C:Documents and SettingsaliceApplication DataGoogle) this will show u where the files responsible for the problem resides, u will have to delete these files ‘spcffwl.dll’ and ‘kjzna1562565.exe’
    Do all these and your system will be OK again. Hope this helps.

  31. Matt

    I go to documents and setting and to the username but I can’t find application data, could it be under something else?

  32. Steve

    I found the kjzna1562565.exe, spcffwl.dll and a couple other files in my c:Documents and SettingsusernameApplication Datagoogle directory.

    Of the four files I could delete two, but the kjzna1562565.exe and spcffwl.dll would delete because the were “being used by another process”. Rather than go into safe mode, if simply renamed the two troublesome files with another nonsensical extension (I changed their names to kjzna1562565.eere and spcffwl.eere). I then rebooted…and returned to the c:Documents and SettingsusernameApplication Datagoogle directory. Now I was able to delete those two files…and that fixed it for me.

  33. Steve

    Matt,
    Do you have visibility of your hidden folders?

    Application Data is a hidden folder…In Windows XP you can make it visible by going into “My Computer”, “Folders” tab…”tools”…”Folder Options” ….”view”

    Down in the advance settings window below you will see a radio button called Show hidden files and folders…make sure that radio button is marked.

  34. Steve

    “repeating my earlier post with some important edit changes”

    I found the kjzna1562565.exe, spcffwl.dll and a couple other files in my c:Documents and SettingsusernameApplication Datagoogle directory.

    Of the four files I could delete two, but the kjzna1562565.exe and spcffwl.dll would NOT delete because the were “being used by another process”. Rather than go into safe mode, I simply renamed the two troublesome files with another nonsensical extension (I changed their names to kjzna1562565.eere and spcffwl.eere). I then rebooted…and returned to the c:Documents and SettingsusernameApplication Datagoogle directory. Now I was able to delete those two files…and that fixed it for me.

  35. Kyle

    I just had this problem and did what everyone said but the filename wasn’t kjzna********** it was ggq followed by a bunch of random numbers. But this file was in the google folder, had the windows defender icon, and was next to the T-Scan folder. I deleted all of these, deleted the prefetch file, and removed it from startup and it works perfectly.

    So make sure you look for file names similar to that in the google folder, and find the corresponding file in msconfig start menu, and in the prefetch folder.

  36. sara

    am trying like crazy to remove this defender mess from my pc! please i need some help

  37. Rob

    I have to truely compliment you guys on findind a solution that actually worked ! I spent the last day fighting this. After I did what was recommended I also discovered the registry key for kjzna1562565.exe with msconfig. So I then opened regedit , located and deleted that as well.

  38. Shane

    Thanks a lot guys, this was seriously giving me the irrits. It also got rid of around 20 other viruses I had no idea about.

  39. Bal

    Hi, I’m also having trouble with this virus. When i open up internet explorer my home page opens up. But the two files inside application data/google called kjzna and spcffwl.dll I can’t remove because it says make sure it’s not write protected or in use. I was wondering how I get rid of those and get rid of this stupid virus? I followed the steps outlined previously by Tim and others but for some reason I delete these files.

  40. Pyxx

    Thanks so much for the tip on changing the extensions, helped me a great deal.

    Couldn’t do the msconfig part, it crashed my comp for some reason :s But I’m hoping with one more reboot it’ll be back to normal. Thanks all for the help.

  41. Kurt

    FAO: Matt – It seems to hide the application data folder – However, if you search for kjzna1562565.exe it will show you the folder. (Once the search has found the .exe, RIGHT click on it and select “Open containing folder”.)

    Guys, don’t forget to kill the Pre-Fetch file too: C:WINDOWSPrefetchKJZNA1562565.EXE-2C2626CD.pf

    I ran some tests, and it’s possible to kill the attack and remove it without the need for safe mode / reboot, but only if you kill the Pre-Fetch.

    Also, it seems the virus is polymorphic – At first, when I located the files, the Icon for the .exe was the same as the Windows Security icon, but once I began work on, it ‘s icon changed to that of what looked to be a DVD – An icon for a DVD was in a folder alongside the fake “Google” folder, and it changed as I worked – So, either the attack is “Learning”, or just coincidence, but strange either way!

    Kurt

  42. Kurt

    FAO: Pyxx – Are you running msconfig in safe mode or normal? If running it in normal mode, the infection may stop you from successfully running msconfig, much in the same way that it stops browsers etc from functioning.

    Kurt

  43. Vanessa

    Thank you all so much for all your help. Within 1 hour I had my computer fixed. Thank you, Thank you, Thank you!!

    I feel bad for those who fall for this and download Perfect Defender on their computer.

    Vanessa

  44. Hemant

    Thanks to Tim and others – this solution works for the latest Trojan.Zlog.G popup problem where no internet connection works and repeated fake warnings to ‘activate’ Defender anti-virus program.

    No use running any ant-virus/soyware programs, manual removal works perfect:

    Start in safe mode (press F8 at startup)
    Delete following:

    kjzna1562565.exe
    spcffwl.dll
    T-Scan (entire folder)

    their location would be C:Documents and Settings{username}Application DataGoogle

    It looks so simple in hindsight, entire day wasted in efforts.

  45. Agent Smith

    Guys, dont’ forget to search your registry for the kjzna string and delete anything that you find.

    I found 3 more entries even after running the programs listed above.

  46. Anna

    hi there, i have the same problem yesterday but solved it Temi’s and Tim’s way. but now my comp is worse than before?.. It was fine after i solved this problem but now I can’t even boot it up properly. Another problem or still the same?

    p.s. i did install that malwarebyte program thru the link posted by webmaster before trying to delete the files in the apps folder.

  47. Thurman

    Thanks so much. I’m back to normal.

  48. baldomp

    In my computer the file name as:

    KLNXV19819115 ………

  49. Bo

    I just want to say thanks to everyone that put up advice on this topic, you were all very helpful!!! I have been working on this thing for two days now, and was starting to lose hope. After trying a few of your suggestions I finally got rid of this annoyance!!!! It was in my google folder, there was a T-scan folder and a couple others all with the same date. I deleted all of them and now, no problems!!! Thanks so much!

  50. Timm

    If the files associeted with virus didn’t show up on the innitial scans what method did you employ at the start to identify the files associated with the Zlob.G and their location? I’m especially interested in what program Tim ran to find the date of origin of files loaded.This could very helpful in finding the latest files associated with any virus. Could that method be explained clearly? Thanks for your help?

  51. Dan

    TIM I LOVE YOU, BEERS ON ME.
    My final exam is this monday(today saturday), a web based programming course. I was studying and all a sudden my computer went through shut down process. Turn computer back on and getting WIN32 Trojan errors, and hjacked browsers for this website perfect defender. Oh well no big deal run my upto date businesses antivirus and my windows defender. Nothing found!!! Try to research issue and all my web browsers are failing and crashing (chrome, ei, firfox) now Im trippin cause I wont be able to do this exam.
    I found same viruse/malware in “C:Documents and Settings(my name)Application DataGoogle” name of file fhexj6825097.exe same icon as windows firewall.
    What I did?
    start>run>msconfig>startup looked for file in statup, it was there unchecked it, preventing file from running on start up again.(this in fact could work and be the only step, on the next statup it would no run giving u no problems)
    Then logged into safe mode and deleted. Cannot delete in regular mode it Is write protected or is already running since startup.
    Both windows defender and Symantec Norton corporate edition could not detect this thing(even scan the .exe file) So this one u might actually have to do manually

  52. Linda

    My son picked it up when (we think) he had a message comming up saying he had to update firefox in order to continue to use it, he just pressed the button to go ahead and ended up with some form of this defender. I located the file by putting Norton on manual (so all programs had to check before connecting to the net) and clicked on the recommend software button when the warning box came up. The file name it gave itself in this instance was windpipe.exe (which is a windows folder) but it was in the roaming folder and had the windows defender logo as indicated in the above post. I knew it wasn’t a system file because its create date coincided with the first pop ups so I then ran a find all files created on this date and followed the time stamp. It had also installed 3 gif files and there were some registry entries with a Q at the start that I deleted as well. That seems to have nailed it.

  53. Cartman

    Thx so much Temitayo, i followed all your instructions and it really work.
    Thx again.

  54. Kristy

    Thank you all for such wonderful advice and support. This problem is plaguing my computer, and while I followed the advice given here, I am still having some nuances with it when my system starts up. I’m not very computer-savvy so please bear with me. First, I found a weird fhexj6825097.exe file in my C:Doc…..Google directory and deleted that. I also deleted an odd mjkdpl.dll file located in the same place (but I had to delete this in safe mode since it told me it was already in use). I went to C:WINDOWSPrefetch and deleted the related FHEX…..pf file here. I searched the registry for anything Perfect Defender-related or fhexblahblah-related but nothing turned up. I went to msconfig and unchecked the fhex…exe file under Startup, hit ‘Apply’ and rebooted my system. Now my icons are all faded, I get a weird popup stating I’m missing a wmldusij.dll file and when I go to msconfig again the General tab by default has “Selective Startup” chosen. When I select ‘Normal Startup’ I noticed the goofy fhex….exe box gets checked under the Startup tab. When I uncheck it, my General tab no longer has ‘Normal Startup’ selected. I’m at my wits’ end here and would appreciate any help/advice you may offer. Thank you in advance for your help. Kind regards, Kristy

  55. Allison

    THANK YOU Tim and Temitayo!!!

  56. trucee

    I went to download.com and downloaded a trial version of stopzilla and did a full scan which found perfect defender 2009 and all it’s spyware/malware/trojan components etc…and deleted it…and the sign doesn’t pop up anymore. So maybe you should give that a try since stopzilla seemed to be able to find it.

  57. Brandon

    Thanks Tim and Temitayo for your help it worked for me too!

  58. airliebird58

    I had all the symptoms mentioned here, but didn’t have any of the files in the google folder. The only browser I could get to work after a fashion was opera, and scan after scan either just wouldn’t load or would not update. Anyway, I went to snapfiles and downloaded 2 free malware removers that weren’t as well known to me as some of the others. My reasoning being if I didn’t know them maybe the guy who wrote the malware didn’t either! The 1st was Norman malware cleaner and the other was Dr Web Cureit! I ran both, it found the malware and freed up everything else.

    So if anyone is in the same situation, give it a go, it worked for me!

  59. mooncake

    please try “windows system restore” tool.
    I just got it done, and everything seem alright now.
    Good Luck!

  60. Boris

    Thank you guys!
    I found the file in Google folder, and renamed it. Then I restarted the computer, and was able to delete the corrupted file.
    Worked like a charm! :)

  61. Ralph

    Thanks all

    I read through all the comments but was locked up and would not allow me to try some of the advice. Mooncake suggested system restore and it worked.
    I’ll go back and check if files are still in system but at least now I can go out and download some of the programs suggested to clean out this pain in the a– thing.

    Much appreciated from a guy who know very little about this
    Ralph

  62. San

    My PC showed a problem from yesterday; firstly Internet explorer crashed, then I downloaded Mozilla Firefox, which crashed within 1 or 2 use.

    Every opening of Internet explorer or Firefox says”Insecure Internet activity. Threat to Virus attack”

    Then computer asked me to run Perfect Defender 2009, which found the followings 7 viruses:

    THREAT NAME
    Win32.zafi.B
    Trojan.zlob.G
    Spyware.cobraspy
    Hacktool.Deeppenetration
    Dialer.Lox
    Packed.MassAccess
    Spyware.Nod17

    I have Free AVG antivirus, which did not detect any virus.

    At this point I found that Perfect Defender itself is a problem, I heard deleting Perfect Defender does not work, it will reappear with another boot, so, before doing anything its good to scan computer with something to check viruses or delete it?? But with what???? And how??? Coz internet explorer or firefox does not work?? And I don’t have another computer

  63. Liz

    Thanks Tim and Temi, I seem to have cleared it from my computer using your advice – even if it did take two tries to get into safemode!
    Thanks!

  64. Scott S

    I got everything deleted files and reg entries. It got rid of the fake security warning and freed up my browsers. However something is still blocking all my attempts to run or download antivirus or antispy program. It won’t even let me on to Symantec.com. Any ideas how to fix this part?

    Thanks,
    Scott

  65. Scott S

    Found a couple more reg entries. All fixed now. Thanks for all the help!

  66. sherv

    I found the *.exe and *.dll (different names than the one mentioned above) in the Google subdirectory. renamed them and now can now I can not get the system to boot up in safe mode or regular mode. I just hangs forever. I tried disconnecting the from ntework , reconnecting, etc.

    Any ideas how I can get back in and get rid of this virus please. I have windows XP professional on the infected PC.

  67. sarah

    Thank you so much for this thread. My comp. got attacked by the perfect defender 2 wks ago. My norton and window defender managed to ‘detect’ and ‘stop’ a so-called virus but then my computer shut down and restarted and was plagued by the perfect defender pop ups.

    I followed all the advice on this thread and eventually and hopefully my poor computer is ok now. The hackers are obviously finding new ways to hijack the computer as the culprit exe. file was cij…..165, as well as other dodgy exe. files in the app data folder. As suggested on this thread I also found this culprit exe file in the registry, hidden files, google folder etc.

    I have now downloaded and installed ‘superantispyware’–so fingers cross all will be well for now! But any other ideas for protection would be appreciated.

    Good luck to those who are experiencing the same problem–do try all the recommendations on this thread. Thank you to the contributors on this thread.

  68. Jasmine

    i downloaded this perfect defender but nothing seem to be happening to my computer…
    no popups or anything
    should i still uninstall it??
    someone help!!

  69. lobo

    Just want to say thanks to all for these posts from which this great grandma was able to figure out how to get rid of this lovely gift from Russia.

  70. Jeremy

    You should use Windows Defender.
    It is an LEGIT program, and you can go to their website directly to download it. It is completely free, and I was able to remove this annoying virus with just a scan.

  71. Karen

    A couple of other things helped me – check EVERY user on your pc when you are looking around your google files in safe mode as I found the offending .exe file in one of my husbands profiles which he uses to access one of the places he works (which was not in use the day this ugly business started as he was out of town – go figure?). Also, if you know the date this started then it is easier to work out which .exe file looks suspicious as it seems to have a number of different names. I probably deleted a few extra google files but without any obvious damage and what the hey – Perfect Defender has been exterminated – YAY!

  72. Ben & Crystal

    THANK YOU, THANK YOU, THANK YOU!!! Thanks so much for this thread. We almost downloaded Perfect defender, but then decided to google it first and found this thread. Thanks to Temitayo. We tried this and found the file really easy, deleted it, and everything seems to be working fine now. Thanks to everyone for adding to this thread to help out people like us who have no idea how to deal with this stuff.

  73. Cory Wainscott

    Hey everyone,

    This virus wouldn’t let me even get into msconfig (the Trojan would automatically restart my computer). Finally I just did a system restore at a day before I got the Trojan and I don’t have the pop-up anymore. It seems simple but as I couldn’t do Tim’s suggestion this was the only thing I could do.

  74. Alex

    Thank you so much Tim and Temi … I can’t tell you how grateful I am to be able to use my computer safely again after three virus scans that have always worked for me systematically failed to find the source of the problem. =)

  75. Joseph Braun

    OK so here is my dilemma…I don’t need to post details because you all are familiar with this virus, but what happens when there IS NO GOOGLE FOLDER?! I have been fighting this bloody thing for about a week now because every single fix that people have posted anywhere has to do with a Google folder and it doesn’t exist on the laptop I am attempting to repair.

  76. tina

    So two days ago, i got this stupid trojan and i thought it was nothing but i kept having this bad feeling that i should get rid of it. so i googled the perfect defender 2009 and found this website and it was very helpful. Now i dont get that annoying pop-up! i managed to completely delete the file containing the trojan but then it seemed too easy to be true that it is fully gone from my computer. What i did was take Derek’s advice (box #32) but i wasnt able to do step 4 until later on because i couldnt find the application folder in my folder so if you’re having the same problem just open your MY COMPUTER or any folder and under BACK there’s an ADDRESS box so type in ” C:Documents and Settings(username)Application Data ” you’ll definitely see the GOOGLE file and the trojan is in there so just delete whatever you have to. It’s also a good idea to download Malwarebytes Anti-Malware (download.com) and do a full scan to make sure you’re free from the virus :) hope this helps!

    P.S. my trojan file wasnt kjzna1562565.exe it was PFYSW721318.EXE

  77. Sable

    I LOVE YOU TIM AND TEMITAYO. OMG I love you. My computer has been infected for like 4 days. And the scans and this super long guide did not help me whatsoever nothing was working. And i stupidly downloaded and installed perfect defender. And I was like ‘oh man’ when I found out what it was. Then I followed those steps and in less than 5 minutes, I could use my computer internet again! I was able to delete the module causing it and everything. Thank you so much. I was trying for hours before this to fix my computer. Thank you!

  78. sanjana

    Hi
    Thank you so much. i was about to download when I googled to check it out & reading ur blog I just averted the problem.
    -Sanjana

  79. Peter

    Thanks to Tim and Temitayo, I found and deleted the files in the Application Data directory, beware there is one in each of the first six folders, but the big exe file seems to be in the Google folder. The names of my files were different than almost all of the above, but I could spot them by the create date, they all coincided with the moment of the attack. Beware, they can be named anything. I still haven’t found the reg file, but having deleted the six files in each of the first six folders of the App Data folder, the pop up is gone. Why doesn’t Symantec have a solution, why doesn’t Norton protect us??? without Tim and Temitayo, I’d still be struggling.

  80. charles

    The virus file is in the folder mentioned the previous post, namely:
    C:Documents and Settings(username)Application Datagoogle
    There is another way to delete those files without reboot. After you identify the exe file, which it is the folder above and has a logo likes windows defender. For me, the file name is Wcscxx.exe.
    Open “Windows Task Manager”, select the “Process” tab, find the process with the same name and click “End Process”. After the process died, you can then delete the exe file.

  81. Sam

    thats was incredable help from Temitayo Giwa. Off topic question, when you go under tools/view and show hidden files, why are there hidden files in the first place. why not show all everytime, why hide them?

  82. Joey

    Guys, thanks for the help. The file names were different (wcwdo16814728.exe) but there it was in the appdatagoogle folder.

  83. T

    Guys, I downloaded the thing and did the scan, but i stopped it and it told me to buy it, I didn’t instead I unistalled it and restarted. Its not in my C drive anymore, BUT, the install thing is still there when i type perfect proctection in my files, How do I get rid of that? Should I just delete it? Thanks.

  84. Melissa

    They got me- I bought Perfect Defender, and am only now realizing it’s the problem! I was running Spybot Search & Destroy, and it was informing me that PD is a fraud.

    Does anyone know if they will actually keep their promise to give your money back within 30 days, or am I just out of luck on that front? (Thank you for the tips on how to uninstall- I will do that ASAP!)

  85. Jerry

    Anyone fixed this in Vista? No sign of any files remotely like those described. Even the directories are different. Regedit gives no clues either. Crashes Outlook/IE/Chrome/Windows Explorer, even Word when trying to connect to net. All other symptoms the same as described.

  86. Ange

    What about Catalyst Control Center? Is that a related virus threat?

  87. Kim

    Thank you so much TIM AND TEMITAYO for helping me get rid this stupid perfect defender! If it wasn’t for you guys, I would still be working on how to removed it and get really paranoid. So once again, Thanks!! Ya a genius!!

    Kim

  88. KeceSeeriaVeN

    nice, really nice!

  89. Dante

    Thanks so much for this, just got that crap off of my computer!!! :)

  90. Mike

    Thanks a lot guys. Getting rid of it was super easy. Mine was just one file, and it had a different name: Jaeio234556. I think maybe the name and/or number are randomly generated, but it was right where it was supposed to be. Fixed in under 10 minutes after 1/2 an hour of frustration. Thanks again.

  91. Bogdan

    I finally KILLED the creepy thing is I got it the same day as :

    ” Mike says:
    May 11, 2009 at 3:06 am

    Thanks a lot guys. Getting rid of it was super easy. Mine was just one file, and it had a different name: Jaeio234556. I think maybe the name and/or number are randomly generated, but it was right where it was supposed to be. Fixed in under 10 minutes after 1/2 an hour of frustration. Thanks again.”

    I also found it under the file name “jaeio234556” so i agree with Mike, the name and number will vary. WHAT HELPED ME IS THAT IT HAS THE FIREWALL SYMBOL. I read that in a previous comment, then Mike’s comment confirmed that i had found the file to delete. So, go to C:Documents and SettingsusernameApplication Datagoogle and search for a file with the firewall symbol. ALSO, find the prefetch like the posts say. (easy to find, just use the “search” feature, delete it, then start safe mode and delete the file you found in the google folder)

    Hope it helps ;D. I was working on this crap from 5pm till now, 1am, straight….piece of crap kept closing by browsers, i have no idea how i managed to keep it open.

    I feel like kissing someone from joy now xD

  92. Matt

    Thanks everyone for the thread.

    Basically you find the google folder under ‘application data’. Copy the name of the exe that has been put there (mine was jaeio234556).

    Find and remove any instances of this filename from the prefetch folder and from the registry.

    Rename the google folder. Reboot. Job done.

    Gotta give the hacker credit though – it’s a pretty clever one. I run a fully patched up-to-date machine and like to think I know what I’m doing. They obviously know just a little bit more!

    That said – their wording and over-the-top scary warning rang alarms bells as soon as I saw it. However I bet a lot of people do hit that ‘download now’ button to ‘fix’ their machine. I wonder how much they actually make – how much do they charge if you actually go ahead and buy it?

    There’s gonna be plenty more of these type of attacks over the coming years – that is for sure…

  93. You are all Good People!

    Thank you, Thank you, Thank you. I love good people like everyone here. I have VISTA and the only thing I had to do extra to get rid of this virus was to rename one of the files it wouldn’t let me delete, then reboot and it let me delete it.

    P.S. Someone should call the Attny General, FBI, Homeland Security, and FTC to turn these people in ASAP! I was searching for anti-virus for cell phones and clicked on some link that gave me this virus!!

  94. You are all Good People!

    Oh yeah…..I’m not 100% sure, however I think at least one of the people involved in this scam is:

    http:www.perfectd-review.com.

    This is where both my Firefox and IE took me to and said if I didn’t download the software my computer would not work.

  95. Alex

    Thanks everyone.
    Just finished cleaning up my friends computer.
    Deleted Google folder with 2 files (exe & dll) and 4 files with same date stamp under Application Data (3 graphic files and 1 bat file)
    Fo far seems to be working fine.
    Thanks one more time!

  96. jon

    thank you all so much. 10 minutes have now passed popup free. this bloody thing has been winding me up so much!!!!!

    thank you thank thank you

  97. KJB

    Okay, looks like I finally defeated my own attack from this SOB. I don’t know how, where or why it appeared on my system but I swear to God that if I ever find them. I’m going to roast every person responsible slowly over a nice mesquite flame.

    It wouldn’t let me reboot into safe mode so I deleted the prefetch file, then renamed the EXE file in the Google folder. After a reboot, it let me delete that file and then another reboot showed that, so far, the virus is gone. Thanks for all the help! It was so much more useful than all the various programs!

  98. RSR

    One more big THANK YOU! This thing was driving me nuts – not affecting my machine as badly as some others were (get Firefox 3!) but generating a pop-up window every few minutes. It was only a single file on my computer (at least that I could find), but still in the …Google folder.

  99. Derek

    I think i’ve seen this somewhere before…

  100. paola

    heyy it worked for me but I still have that nasty trojan that send me in the fisrt place to have the perfect defender ¬¬ and I don’t know how to get rid of it Help please :)

  101. different one

    hey everyone, i know perfect defender 2009 is just a spyware or malware whatever….and i already get rid of it…all u have to do is download malware bytes anti malware, and super antispyware…trust me u need this..

    and if it still show the spyware, just look where its located on the scan list…this require u to delete it manually by urself…ive done it…thank god its gone now…

  102. kevin

    hey guys, this really did help me a lot, i finally got that thing removed :D, just like the “different one” has said, you really do need the super anti spyware AND the anti malware to get rid of it.

    When you open anti malware, click on “quick scan” then scan took me about 10 minutes, it told me i had to reboot after that, so just reboot your PC.

    The problem ended for me here, but if that virus still happens to appear, just go to

    C:/ Documents and settings/ Your username (mine is kevin) / Appdata / Google

    delete the file there and it will be all over
    Good luck guys

  103. Sam9821

    If you have followed all the instructions listed above but still can not fix the issue I must recommend using the system restore point (XP) you can access this through Start>All Programs>Accessories>System Tools>System Restore from there you must simply select a date on the calender before you suspect you were targeted by this virus and Windows will do the rest.

  104. Sen

    Hi,
    Thanks for the suggestions. cos of this i was able to able to get rid of this soon..i found it in my sys by the name “cqvgl19623160.exe” firewall icon, in C:/Documents And Settings/Username/Application Data/Google/
    SAFE MODE.

    thanks a lot.

  105. Anna

    Guys,i don’t even have a Google folder in my Apps data and i this Malwarebytes’ Anti-Malware wouldn’t run on my PC either…Someone,please,help!!!

  106. Dana

    I have the Perfect Defender virus. I have shut my computer off and I already bought another computer (needed a new one anyhow). I’m not sure that I can even get on the internet to download the necessary program to get rid of the Perfect Defender thing. I try to access the internet, and it says the system has been stopped due to a serious threat. How do you start computer in safe mode? Any help would be great, thanks!!

Comments are closed.