Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Facebook malware/perfect defender virus


  • Please log in to reply
4 replies to this topic

#1 soalivetoday

soalivetoday

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 04 December 2008 - 08:33 PM

Hey all...I just got one of the new Facebook viruses as well...stupid. I got a YouTube link from a friend that actually looked pretty legit, and when you click on it, it says you need to update your flash driver before it will play...usually I never fall for this stuff, but sure enough...

The initial problem was the Perfect Defender virus scan pop up, as well as the fact that I was unable to open Firefox, IE, Outlook, etc. and none of the virus scan programs on my computer already would either detect anything, or would not work at all (Spybot especially would not load).

Last night I went on the Facebook site and did a few things, most notably deleting a file called bolivar27.eve from the C:/windows/prefetch folder. Didn't do much of anything.

Today I followed the instructions on here and installed the Malwarebytes progam, and it removed the Perfect Defender pop ups, but I still am unable to open Firefox, IE, etc. (I am using another computer to access the net while I fix mine).

Any ideas/suggestions? Much thanks!

I am glad I remembered this site as I got some great help here a few years ago with another virus.

BC AdBot (Login to Remove)

 


#2 soalivetoday

soalivetoday
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 04 December 2008 - 09:48 PM

As an aside to this, I am now able to open Firefox with my Internet connection DISCONNECTED from the computer, but with it connected, it will not open. I changed the proxy setting on Firefox when opened, but then tried to re-establish the Internet connection and load a page, and it would not work properly. Still having some big issues.

#3 soalivetoday

soalivetoday
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 05 December 2008 - 10:30 PM

Still looking for some assistance please...thank you very much...

#4 IM-A-PC

IM-A-PC

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 07 December 2008 - 12:31 AM

I DEFEATED PERFECT DEFENDER 2009!

I DEFEATED PERFECT DEFENDER 2009!

It was an all day 6 hour battle!... but i finally WON with out doing a major wipe and restore of my hard drive.
Some important notes
Mcafee - Wont detect it if you've already clicked on the Windows Firewall Security look a like application popup CREATED BY Perfect Defender!
AVG 8.0 - Wont detect it after its installed itself
Malwarebytes' Anti-Malware 1.31 - Removes only SOME of the program but i recommend this in the 1st step of removal because McAfee and AVG surprisingly don't know how to handle this initial attack and as of this time of this posting do not really talk about it on their website.

Perfect Defender 2009 It appears to self-install from online gaming sites as well.
Once infected it HI-JACKS both your I.E. Browsers and FIREFOX browsers.
The Hi-Jack is so intensive that if you manage to get either Firefox or I.E. running long enough to visit anti-virus websites such as Mcafee the MALWAR Pefect Defender takes you to a FAKE McAfee website overseas to try to get you to click on BUY NOW and get a credit card number!
BEWARE DON'T DO IT! DON'T PURCHASE ANYTHING ONLINE IF YOU'RE INFECTED! DON'T LOGIN TO ANYTHING!!!

But interestingly, ITS WEAKNESS WAS Safari and Opera browsers.
Fortunately i already had those browsers on my system so i browsed and googled the problem using my Safari Browser on my PC.

Here is what i did
I did download Malwarebytes' Anti-Malware 1.31 and run it as it got rid of 70% of the problem...
But i still got those BLASTED POP UP ALERTS! Created by Pefect Defender MALWARE AND MY I.E and Firefox Browser was still HI-JACKED.
Next
After letting Mcafee and AVG do its scans.(maybe some hope that they might just do SOMETHING)
Next

Remove Perfect Defender 2009 files and dll’s
dbbase.div
pd.dll
pdfndr.exe
pdmonitor.exe
UnInstall.exe
Perfect Defender 2009.lnk
Uninstall Perfect Defender 2009.lnk

I went into the registry and deleted a key called PDefender.
Unregister Perfect Defender 2009 registry values or delete the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Perfect Defender 2009″

Next
My last resort was to restore my registry from a previous windows recovery point after rebooting into safe mode by hitting F8 repeatedly.
When the Safe Mode Alert shows up you'll be given a choice to either click "OK" to continue on to Safe mode or click "No" to initiate the "Windows Registry Recovery point" sequence.
You'll be asked to select a Date. I suggest trying a date one week prior to your infection. NOTE:DON'T WORRY THIS WILL NOT ERASE YOUR HARD DRIVE!...
Next
Let the recovery point while in safe mode do its work. This may take 1 or 2 attempts... so be prepared to run again if it could not restore from a date you may have selected.
Next after all is done and after your PC is rebooted after the recovery point runs and completes
You will get an alert window that tells you if the restore was successful.
If Yes? JUMP OUT OF YOUR CHAIR AND YELL "YES!" I AM INVINCIBLE!
If No? say bad things about McAfee as to why it didn't catch this the 1st time and reboot into safe mode again and pick another recovery point date.

Next let the PC Reboot normally into windows
IF Truly Successful, everything should come up quietly and NO MORE FAKE POPUPS!
Run your virus scans such as AVG or Malwarebytes again just to make sure.
Open I.E. and if I.E. doesn't crash you're CLEAN!
Open Firefox and if Firefox doesn't crash you're CLEAN!
Open Safari and just say "Thank You!"
THAT FAKE APPLICATION POP UP SHOULD BE GONE AND PERFECT DEFENDER 2009 SHOULD BE GONE AS WELL!

Your PC has just been Resurrected!

What saved me was the registry restore point. If the Hackers had screwed that up... i would have been TOAST!

If none of the suggestions i provided for you work, I recommend you do some more googling or go to the following link
http://removal-tool.com/perfect-defender-2009/

Interestingly as i was browsing with my safari browser during the attack and found some disturbing details about Perfect Defender 2009
its actually an attack MALWARE virus acting as ANTIVIRUS Software originating from the RUSSIAN FEDERATION!

Finally i'm just glad to say...
I'm STILL GLAD TO BE A P.C.!!

IM A PC AND PROUD OF IT...

#5 IM-A-PC

IM-A-PC

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 07 December 2008 - 12:38 AM

Before i go, I just thought i'd share with you some more info on the MALWARE virsus from Russia

If your family occasionally play ON LINE GAMES - you'll need to watch for this!
Google it and you'll see whats happening!

Perfect Defender 2009Perfect Defender 2009 otherwise known as PerfectDefender2009, PerfectDefender 2009, is a renegade application that hails from the Zlob.Trojan group of infections. Some experts are of the opinion that Perfect Defender 2009 is in fact a replica of the infamous PersonalDefender2009, Personal Defender 2009 and its many variants. Perfect Defender 2009 tends to be installed without the knowledge or consent of the system user. Perfect Defender 2009 runs in the background where it is able to display annoying pop-up messages and alert messages. Usually Perfect Defender 2009’s pop-ups state that the system is infected with some type of parasite – a claim which is totally bogus. Perfect Defender 2009 implements this tactic so as to force computer users into purchasing the full Perfect Defender 2009 program. Should a user come across black bugs appearing on their monitor, like a screen saver that is eating away at your desktop image, this is proof that the system in question is in fact carrying a spyware infection or the rogue anti-spyware program Perfect Defender 2009 has been installed.

IF INSTALLED THIS PROGRAM EVEN PUTS UP A FAKE MCAFEE WEBSITE WITH BUY NOW ICONS!!!

THIS GOT PAST BOTH AVG 8.0 AND MCAFEE INTERNET SECURITY!!!

TELL EVERYONE! PASS THIS AROUND!!!!

TIP
Delete from registry
If you only have 1 Computer, Use Safari Browser to do your research while infected. I.E. and FIREFOX CRASH while infected!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users