MalwareCleaner 2009 – How to remove/delete/get rid of this nasty fake software
// April 22nd, 2009 // Custom descriptions of malware, Malware Related
Late this evening I got news that a new rogue threat from the same branch of “Fake anti-virus” malware such as Personal AntiVirus and Antivirus 360 had just been seen in the wild.
I decided to take a close look at the software touting itself as “MalwareCleaner 2009″.
Straight away upon visiting their website, malwarecleaner2009.com, it was apparent that something was seriously wrong. The website claimed to have approval from a well known and respected pc magazine in the UK- Pc Pro, however this is a complete and blatant lie- with the Pc Pro website making no mention of such a product. ever.
The next thing that came to my attention was the wording on their website- it seemed suspiciously familiar…almost like it had been copied and pasted from somwhere else…surely not?
Have a look at the wording on the the malwarecleaner2009 website (click the image for bigger version):
….and now compare it to description for a well known (real) antivirus, Eset NOD32:
I think me and you know where this is going, right?
With my malware senses already on high alert due to the deceptive nature of their website, I then decided to install MalwareCleaner 2009 on my computer in order to see what it would do once installed on a computer.
The installer started off quite civilised even with options asking about “automatic updates” and “threat detection” (click images for bigger size):
However, after the installer had finished I was not at all surprised that the dirty tricks were just beginning…. a quick check showed me that the installer, apart from putting malwarecleaner 2009 on my machine- had also ladened it with a shedload of fake malware- dropped into different folders on my computer:
This is the full list of locations where fake “infected” files were dropped on my test computer:
C:\Program Files\Acronis\upxbei.exe
C:\Program Files\Bonjour\rkmvnwtq.dll
C:\Program Files\FileZilla FTP Client\ojvceq.scr
C:\Program Files\Kaspersky Lab\usjkeulr.com
C:\Program Files\Microsoft Works\qornq.com
C:\Program Files\Nokia\bcaumiqw.exe
C:\Program Files\Reference Assemblies\toiqqpd.scr
C:\Program Files\Synaptics\pidekwim.com
C:\Program Files\Windows Defender\killkr.exe
C:\Program Files\Windows Photo Gallery\pqsgeijl.scr
C:\Windows\Debug\rndwvgl.com
C:\Windows\IME\mysfoxc.exe
C:\Windows\Minidump\peimbj.exe
C:\Windows\Performance\rkvxcdcn.com
C:\Windows\Resources\wtadnnyj.scr
C:\Windows\Setup\gybdxtog.dll
C:\Windows\tapi\mwhbmksa.com
C:\Windows\WindowsMobile\heqsjbv.exe
C:\Windows\System32\CodeIntegrity\gappbmks.com
C:\Windows\System32\en-US\lised.dll
C:\Windows\System32\hr-HR\lujogyl.scr
C:\Windows\System32\LogFiles\qrpsv.scr
C:\Windows\System32\NDF\seedp.exe
C:\Windows\System32\ras\pdfdlcox.scr
C:\Windows\System32\SMI\uysfwa.exe
C:\Windows\System32\wbem\wtgfuvbd.dll
….and the main infection itself being dropped onto the computer as C:\Grubxp\571613.exe
You may be wondering why they would go to all this trouble and make all of those fake files on a computer, well the answer is very simple- they want to scare you as much as possible and make the fake scan results of malware cleaner 2009 more plausible- notice how the scan screen is flagging up the items it itself has just put on your computer!
As with every fake anitvirus type software, it has it’s fair share of scary warnings to goad a victim into purchasing into this scam:
And also accompanying this malware was a very convincing windows security center mockup…clicking the “find a program” button would only lead straight back to the malwarecleaner 2009 website.
Now we will get onto how to remove and delete malwarecleaner 2009 from your computer:
To remove MalwareCleaner 2009 and all of it’s traces, Malwarebytes’ Anti-Malware is currently the best tool for the job that can remove MalwareCleaner 2009 completely. Malwarebytes’ is completely FREE for personal use (without realtime protection) and can be downloaded from the Malwarebytes’ website by clicking here:
http://www.malwarebytes.org/mbam.php
Download it, install it, remember to update it first and then perform a scan which will find and remove MalwareCleaner 2009 and any other nasties lurking on your system.
If Malwarebytes Anti-Malware has helped you remove personal anti virus, please consider buying a license to say thanks and support me and the Malwarebytes’ fight against malware- you can securely purchase a license by clicking here:
https://store.malwarebytes.org/342/?affiliate=4568&cart=29945&scope=cart – please note that this is completely optional and not a requirement for it to scan and remove malwarecleaner 2009, but you will benefit in future from real time protection that will prevent infections like this and many others installing themselves on your system!
If you want a second opinion on your system after running Malwarebytes’, then AVPTool by Kaspersky is an excellent (free) choice, which you can download here:
ftp://ftp.kaspersky.com/devbuilds/AVPTool/index.html
Just download it, install it and run a scan to see if there are any other viruses lurking on your system.
If you have trouble removing MalwareCleaner 2009, please leave a comment and I will do my best to help- likewise if I helped you remove it just leave a comment to let me know 
9 Responses to “MalwareCleaner 2009 – How to remove/delete/get rid of this nasty fake software”
Leave a Reply
- Praveen said: I also have the same problem. But the thing is now...
- Woody said: okguy i had the exact same problem as jordanna abo...
- Rika-chan said: For those who can't open the Internet I had the sa...
- Capricorn Logan said: thank god for telling me this but im glad i got th...
- kristina said: I installed it, tried to start it, the virus said ...
- Kali said: I already have Malwarebytes' Anti-Malware, but I c...
- my_virtual_c facebook application. Self propagating spam/worm?
- IOBit accused of stealing proprietary Malwarebytes database
- How to remove/delete Secure Keeper virus/malware
- How to remove/delete Security Tool virus/malware
downloaded malware remover for viruses on laptop and desktop. worked great on laptop. it will not run on desktop (which is infected with the PAV virus). Laptop just had mini-viruses.
i can see that removal software is downloaded, but it won’t start not even when i click it. it started automatically on laptop.
what to do?
hiya…ive downloaded the ‘Malwarebytes Anti-Malware’and installed it. I run the scan and viruses have been detected…however when i go to ‘fix this problem’ it needs me to register and asks for a serial number…what do i do??? PLEASE HELP!!!! this pav thing is freakin me out!!!!
Hi,
Are you sure thats malwarebytes?
It will not ask you for registration!
This is the link for MBAM: http://www.malwarebytes.org/mbam.php
Alternatively from my server: http://www.malwarecrawler.com/msetup.exe
You well tell me your phone number or I’ll keep e-mailing you until
you give it to me? You product S***. And If this doesn’t work I have a team of Lawyers who well make you F***ing remove in-forced products
Like your Personal Antiware.
Mr. Forest-nymph,
I think you are slightly confused- I did not create any of the fake antivirus software like MalwareCleaner 2009 or Personal Anti-Virus….. I write about how to remove it, using free tools. I would appreciate it if you calm your tone and stop leaving such dribble on my blog.
I’ve herd of MalwareBytes from another website and its done wonders i’ve recently got tangled in this other trojan or whatever that malware i guess cant delete and my bit defender reconizes but cant delete so im pretty sure if i go in manually it wont delete ether bitDefender 2009 calls it Gen:trojan.heur.P6050AFBFBF and something thing else and when i look at the file extentsion its Duuq97uuu4.exe which from knowing past experiences i know what exe files my laptop runs so i can spot the random trojan virus i get had one that was F.exe lol so that was a huge insta stop and scan but i recently got it and i cant seem to find anything on it and i was wondering if you could help out in any way thanks a ton
I have downloaded, updated and scanned my PC. I have removed found and listed items. But now when I go to Internet Explorer and “surf” pages…I get the same old pop-up overide screen of an impending threat. It is obvously a fake out by the virus, and it will not let me continue. So what am I to do to rid my PC of this PAV infection?
I have done all as required, yet Internet Explorer is still being hijacked…what now?
two words (well a word and a letter, lmao )…..NOD32……the meanest anti-virus in existence in my opinion (and many others)…i’ll put it this way, i have over half a MILLION “pics” on my main system ,…i surf ..” ISprime , trojan infested” -the warning that firefox gives– servers…..download with impunity……do not worry AT ALL..on the RARE occasion that one even gets ON my system (99% of the time you will see a ” connection terminated , file deleted” pop-up so it is very difficult to even GET a virus) it is found and deleted (or the file is cleaned) easily…..30 day fully functional trial…..60 bucks to buy….but WELL worth it virus , spyware, malware, none stands a chance (and no i do not work for them, i just love having the SCUM that do these things fail )