Fake Windows Defender called Internet Protection?!

#1
Hi ya'll!

Yesterday I was looking for a bike on a buy and sell site, I found a nice one and I wanted to see a bigger picture. So I searched for that bike on Google Pictures and found a good pic.

I clicked on it and then Firefox said that this site wasn't secure and I might have gotten some viruses, and Firefox wanted me to download some kind of software to remove the viruses. I thought: Well it's firefox, right? It can't be anything bad. So I downloaded it and installed the program and suddenly it told me I had 18 viruses!

But this software was weird, it looks exactly like Windows Defender, but it's called "Internet Protection," and twice a minute I get a pop-up from this program telling me that I have to buy their serial key to remove these viruses.

I already have an anti-virus program installed, Panda Global Protection so I ran a big scan of the whole system and it found NOTHING!

I have the url from where I got this thing:
DON'T GO TO THIS WEBSITE! http://update82.goff.cz.cc/ DON'T GO TO THIS WEBSITE!
Just in case this could be of any help...

Now for the real problem!
I CAN'T REMOVE IT! it's not listed as a program in "Add or Remove a Program" in the Control Panel. It has installed itself in C:\windows\system32\rundll32.exe

Please check my pictures!

So, in short, I have no viruses on my computer. But I have a fake Windows Defender called "Internet Protection" telling me that I have 18 of them. But I can't remove Internet Protection cause it's installed in C:\windows\system32\rundll32.exe

Thanks in advance!

Quizzious
 


Attachments

Last edited by a moderator:

MikeHawthorne

Essential Member
Microsoft Community Contributor
#2
Hi

This is a virus.

Download and run Malwarebytes in safe mode with network support and it should remove the offending malware.

Malwarebytes' Anti-Malware: Malwarebytes

I've seen this over and over in the last 6 months.

Here's some info about it.

To Fake Antivirus Information.

Here’s a Super Simple Trick to Defeating Fake Anti-Virus Malware - How-To Geek


Mike
 


Last edited:
#3
Hi ya'll!

Yesterday I was looking for a bike on a buy and sell site, I found a nice one and I wanted to see a bigger picture. So I searched for that bike on Google Pictures and found a good pic.

I clicked on it and then Firefox said that this site wasn't secure and I might have gotten some viruses, and Firefox wanted me to download some kind of software to remove the viruses. I thought: Well it's firefox, right? It can't be anything bad. So I downloaded it and installed the program and suddenly it told me I had 18 viruses!

But this software was weird, it looks exactly like Windows Defender, but it's called "Internet Protection," and twice a minute I get a pop-up from this program telling me that I have to buy their serial key to remove these viruses.

I already have an anti-virus program installed, Panda Global Protection so I ran a big scan of the whole system and it found NOTHING!

I have the url from where I got this thing:
DON'T GO TO THIS WEBSITE! http://update82.goff.cz.cc/ DON'T GO TO THIS WEBSITE!
Just in case this could be of any help...

Now for the real problem!
I CAN'T REMOVE IT! it's not listed as a program in "Add or Remove a Program" in the Control Panel. It has installed itself in C:\windows\system32\rundll32.exe

Please check my pictures!

So, in short, I have no viruses on my computer. But I have a fake Windows Defender called "Internet Protection" telling me that I have 18 of them. But I can't remove Internet Protection cause it's installed in C:\windows\system32\rundll32.exe

Thanks in advance!

Quizzious
Read the following you most likely got hit with this
ery interesting article by Fred Langa at Windows Secrets. He deliberately allowed LizaMoon to infect his system and gives us the details. Good screen captures, too.

Worth noting is that MSE didn't squawk at all. However, MSE did help with the final cleanup.

LizaMoon infection: a blow-by-blow account
 


#4
Hi!
This is not a virus, it´s a spyware/malware.
The thing you should do is open msconfig and then start, there you will se an unknown startup item from an unknown manufacturer that looks like a regestry key, (at least it did for us).
Uncheck that program and restart, the pop-ups will not come again, but you´re not done yet...
Once restarted open msconfig again and copy the startup file name and then search the regestry (regedit).
Delete all values and folders that has the same name as the startup-item, (you need to search at least three times).
Restart again and the startup item should be removed from msconfig as well as the pop-ups.
Just to be shure scan your computer with antivirus or malwarebytes...
Hope it helps!

/Freddie
 


#5
Thanks everyone!

I managed to get rid of the virus/spyware/malware some days ago by downloading Malwarebytes making a scan, it found two viruses and everything solved itself!

Thanks again!
 


Joe S

Excellent Member
#7
One other thing with these damn programs don't click on anything not even the red X to close popup. Go into task manager and kill it there.
Joe
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.