Navigation section

Windows 7 Fake Windows Defender called Internet Protection?!

Q

Quizzious

New Member
Joined
Mar 17, 2011
Messages
6
Hi ya'll!

Yesterday I was looking for a bike on a buy and sell site, I found a nice one and I wanted to see a bigger picture. So I searched for that bike on Google Pictures and found a good pic.

I clicked on it and then Firefox said that this site wasn't secure and I might have gotten some viruses, and Firefox wanted me to download some kind of software to remove the viruses. I thought: Well it's firefox, right? It can't be anything bad. So I downloaded it and installed the program and suddenly it told me I had 18 viruses!

But this software was weird, it looks exactly like Windows Defender, but it's called "Internet Protection," and twice a minute I get a pop-up from this program telling me that I have to buy their serial key to remove these viruses.

I already have an anti-virus program installed, Panda Global Protection so I ran a big scan of the whole system and it found NOTHING!

I have the url from where I got this thing:
DON'T GO TO THIS WEBSITE! Link Removed - Invalid URL DON'T GO TO THIS WEBSITE!
Just in case this could be of any help...

Now for the real problem!
I CAN'T REMOVE IT! it's not listed as a program in "Add or Remove a Program" in the Control Panel. It has installed itself in C:\windows\system32\rundll32.exe

Please check my pictures!

So, in short, I have no viruses on my computer. But I have a fake Windows Defender called "Internet Protection" telling me that I have 18 of them. But I can't remove Internet Protection cause it's installed in C:\windows\system32\rundll32.exe

Thanks in advance!

Quizzious
 


Attachments

  • Real vs. Fake.webp
    Real vs. Fake.webp
    145.8 KB · Views: 806
  • Get url Link.webp
    Get url Link.webp
    162.9 KB · Views: 523
  • Rundll32.webp
    Rundll32.webp
    132.9 KB · Views: 484
  • The Site where I got it.webp
    The Site where I got it.webp
    57.6 KB · Views: 523
Last edited by a moderator:
Solution
MikeHawthorne
Hi

This is a virus.

Download and run Malwarebytes in safe mode with network support and it should remove the offending malware.

Link Removed - Invalid URL

I've seen this over and over in the last 6 months.

Here's some info about it.

To Fake Antivirus Information.

Link Removed


Mike
Sort by date Sort by votes
Hi

This is a virus.

Download and run Malwarebytes in safe mode with network support and it should remove the offending malware.

Link Removed - Invalid URL

I've seen this over and over in the last 6 months.

Here's some info about it.

To Fake Antivirus Information.

Link Removed


Mike
 


Last edited:
Upvote 0 Downvote
Solution
Quizzious said:
Hi ya'll!

Yesterday I was looking for a bike on a buy and sell site, I found a nice one and I wanted to see a bigger picture. So I searched for that bike on Google Pictures and found a good pic.

I clicked on it and then Firefox said that this site wasn't secure and I might have gotten some viruses, and Firefox wanted me to download some kind of software to remove the viruses. I thought: Well it's firefox, right? It can't be anything bad. So I downloaded it and installed the program and suddenly it told me I had 18 viruses!

But this software was weird, it looks exactly like Windows Defender, but it's called "Internet Protection," and twice a minute I get a pop-up from this program telling me that I have to buy their serial key to remove these viruses.

I already have an anti-virus program installed, Panda Global Protection so I ran a big scan of the whole system and it found NOTHING!

I have the url from where I got this thing:
DON'T GO TO THIS WEBSITE! Link Removed - Invalid URL DON'T GO TO THIS WEBSITE!
Just in case this could be of any help...

Now for the real problem!
I CAN'T REMOVE IT! it's not listed as a program in "Add or Remove a Program" in the Control Panel. It has installed itself in C:\windows\system32\rundll32.exe

Please check my pictures!

So, in short, I have no viruses on my computer. But I have a fake Windows Defender called "Internet Protection" telling me that I have 18 of them. But I can't remove Internet Protection cause it's installed in C:\windows\system32\rundll32.exe

Thanks in advance!

Quizzious
Click to expand...

Read the following you most likely got hit with this
ery interesting article by Fred Langa at Windows Secrets. He deliberately allowed LizaMoon to infect his system and gives us the details. Good screen captures, too.

Worth noting is that MSE didn't squawk at all. However, MSE did help with the final cleanup.

Link Removed due to 404 Error
 


Upvote 0 Downvote
Hi!
This is not a virus, it´s a spyware/malware.
The thing you should do is open msconfig and then start, there you will se an unknown startup item from an unknown manufacturer that looks like a regestry key, (at least it did for us).
Uncheck that program and restart, the pop-ups will not come again, but you´re not done yet...
Once restarted open msconfig again and copy the startup file name and then search the regestry (regedit).
Delete all values and folders that has the same name as the startup-item, (you need to search at least three times).
Restart again and the startup item should be removed from msconfig as well as the pop-ups.
Just to be shure scan your computer with antivirus or malwarebytes...
Hope it helps!

/Freddie
 


Upvote 0 Downvote
Thanks everyone!

I managed to get rid of the virus/spyware/malware some days ago by downloading Malwarebytes making a scan, it found two viruses and everything solved itself!

Thanks again!
 


Upvote 0 Downvote
One other thing with these damn programs don't click on anything not even the red X to close popup. Go into task manager and kill it there.
Joe
 


Upvote 0 Downvote
You must log in or register to reply here.
Back
Top