Windows 7 Fake Windows Defender called Internet Protection?!

Q

Quizzious

New Member
Hi ya'll!

Yesterday I was looking for a bike on a buy and sell site, I found a nice one and I wanted to see a bigger picture. So I searched for that bike on Google Pictures and found a good pic.

I clicked on it and then Firefox said that this site wasn't secure and I might have gotten some viruses, and Firefox wanted me to download some kind of software to remove the viruses. I thought: Well it's firefox, right? It can't be anything bad. So I downloaded it and installed the program and suddenly it told me I had 18 viruses!

But this software was weird, it looks exactly like Windows Defender, but it's called "Internet Protection," and twice a minute I get a pop-up from this program telling me that I have to buy their serial key to remove these viruses.

I already have an anti-virus program installed, Panda Global Protection so I ran a big scan of the whole system and it found NOTHING!

I have the url from where I got this thing:
DON'T GO TO THIS WEBSITE! Link Removed - Invalid URL DON'T GO TO THIS WEBSITE!
Just in case this could be of any help...

Now for the real problem!
I CAN'T REMOVE IT! it's not listed as a program in "Add or Remove a Program" in the Control Panel. It has installed itself in C:\windows\system32\rundll32.exe

Please check my pictures!

So, in short, I have no viruses on my computer. But I have a fake Windows Defender called "Internet Protection" telling me that I have 18 of them. But I can't remove Internet Protection cause it's installed in C:\windows\system32\rundll32.exe

Thanks in advance!

Quizzious
 

Attachments

  • Real vs. Fake.png
    Real vs. Fake.png
    595.4 KB · Views: 806
  • Get url Link.png
    Get url Link.png
    743.1 KB · Views: 523
  • Rundll32.jpg
    Rundll32.jpg
    121.9 KB · Views: 484
  • The Site where I got it.png
    The Site where I got it.png
    164.2 KB · Views: 523
Last edited by a moderator:
Quizzious said:
Hi ya'll!

Yesterday I was looking for a bike on a buy and sell site, I found a nice one and I wanted to see a bigger picture. So I searched for that bike on Google Pictures and found a good pic.

I clicked on it and then Firefox said that this site wasn't secure and I might have gotten some viruses, and Firefox wanted me to download some kind of software to remove the viruses. I thought: Well it's firefox, right? It can't be anything bad. So I downloaded it and installed the program and suddenly it told me I had 18 viruses!

But this software was weird, it looks exactly like Windows Defender, but it's called "Internet Protection," and twice a minute I get a pop-up from this program telling me that I have to buy their serial key to remove these viruses.

I already have an anti-virus program installed, Panda Global Protection so I ran a big scan of the whole system and it found NOTHING!

I have the url from where I got this thing:
DON'T GO TO THIS WEBSITE! Link Removed - Invalid URL DON'T GO TO THIS WEBSITE!
Just in case this could be of any help...

Now for the real problem!
I CAN'T REMOVE IT! it's not listed as a program in "Add or Remove a Program" in the Control Panel. It has installed itself in C:\windows\system32\rundll32.exe

Please check my pictures!

So, in short, I have no viruses on my computer. But I have a fake Windows Defender called "Internet Protection" telling me that I have 18 of them. But I can't remove Internet Protection cause it's installed in C:\windows\system32\rundll32.exe

Thanks in advance!

Quizzious
Click to expand...

Read the following you most likely got hit with this
ery interesting article by Fred Langa at Windows Secrets. He deliberately allowed LizaMoon to infect his system and gives us the details. Good screen captures, too.

Worth noting is that MSE didn't squawk at all. However, MSE did help with the final cleanup.

Link Removed due to 404 Error
 
Hi!
This is not a virus, it´s a spyware/malware.
The thing you should do is open msconfig and then start, there you will se an unknown startup item from an unknown manufacturer that looks like a regestry key, (at least it did for us).
Uncheck that program and restart, the pop-ups will not come again, but you´re not done yet...
Once restarted open msconfig again and copy the startup file name and then search the regestry (regedit).
Delete all values and folders that has the same name as the startup-item, (you need to search at least three times).
Restart again and the startup item should be removed from msconfig as well as the pop-ups.
Just to be shure scan your computer with antivirus or malwarebytes...
Hope it helps!

/Freddie
 
Thanks everyone!

I managed to get rid of the virus/spyware/malware some days ago by downloading Malwarebytes making a scan, it found two viruses and everything solved itself!

Thanks again!
 
One other thing with these damn programs don't click on anything not even the red X to close popup. Go into task manager and kill it there.
Joe
 
You must log in or register to reply here.

Similar threads

J
Ease of access popup at each startup
Replies
4
Views
458
JCash
J
E
How to prevent "Microsoft defender SmartScreen prevented an unrecognised app" warning for my own python based app
Replies
3
Views
176
ussnorway
ussnorway
D
New Windows 10 install: Flickering issue
Replies
2
Views
107
duceduc
D
MikeHawthorne
Question about, VirTool:Win32/DefenderTamperingRestore
Replies
7
Views
2K
MikeHawthorne
MikeHawthorne
K
user account name confusion
Replies
1
Views
242
ChatGPT
ChatGPT
Back
Top