Win32/matefender Removal Assistance

I usually leave my desk top on and have never had any issues until this morning when I found a pop up saying that I have an integrity issue . . . win32/matefender . . . whatever that is.
Any assitance in removing this woul dbe appreciated.

I have run SpyBot, Ad-Aware, Hijack This, and a few others but can’t seem to remove it.

Thanks you,

napamac

Sorry about your infection. I just googled to try and find some help and found a website saying McAfee and CA Anti Virus can detect and remove this. CA has a Free online scanner. This should detect it and remove it. http://www.ca.com/us/securityadvisor/virusinfo/scan.aspx Also it uses Internet Explorer to scan. Hope this helps.

Thanks for the referral but it would’nt work . . .
I used IE . . . but it kept saying must use IE and would not start the scan.
Any suggestions?

napamac

Are you using IE 7? or IE 6? I’ll try and test it myself to see if it works for me.

Edit: Do you run ActiveX like it asks?

I check out the site and found a scan that worked . . . Pest Patrol Antispy but it did’nt get the win32/matefender.

Anything other suggestions?
I will chekc back in the morning . . .

Thanks again for your help.

napamac (:SAD)

Hm I’m not sure why it’s not working for you. Sorry bout that though. But also maybe try a-squared free it had about 904,000 Signatures in it’s database so maybe it could find it? Here is the link: http://www.emsisoft.com/en/software/free/

I am downloading it now but it appears to be just the scanner not removal . . .
I will let you know.

Thanks again,

napamac

Have you tried BOClean?

BDO did not detect matefender . . .

I called Symantec and they sadi they would do it to $99.99.
there has got to be a better way!

I would buy a program if I could fin one that has this malware listed but,
none that I have found even list it.

CA Anti Virus will detect and remove it IF you purchase their Anti Virus. Not sure if you want to. But it will remove it i read.

Tanks Goose . . .
I just may have to as I have no other choice but to reformat.

napamac :THNK

Well CA AV may remove it but… That only way to know you are 100% clean is a reformat. Sadly I’ve had to reformat 3 times in 4 months.

BDO?

That one is what I refer to as “bogusware” known as “UltimateDefender” … it SHOULD appear in your “add/remove programs” on the control panel. If so, that should get rid of it right there. Doesn’t help that AV’s often change the name of bogusware so that the association isn’t obvious. :frowning:

To do it manually:
Step 1 : Use Windows File Search Tool to Find Ultimate Defender Path

  1. Go to Start > Search > All Files or Folders.
  2. In the “All or part of the the file name” section, type in “Ultimate Defender” file name(s).
  3. To get better results, select “Look in: Local Hard Drives” or “Look in: My Computer” and then click “Search” button.
  4. When Windows finishes your search, hover over the “In Folder” of “Ultimate Defender”, highlight the file and copy/paste the path into the address bar. Save the file’s path on your clipboard because you’ll need the file path to delete Ultimate Defender in the following manual removal steps.

Step 2 : Use Windows Task Manager to Remove Ultimate Defender Processes

  1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
  2. Click on the “Image Name” button to search for “Ultimate Defender” process by name.
  3. Select the “Ultimate Defender” process and click on the “End Process” button to kill it.
  4. Remove the “Ultimate Defender” processes files:
    tmpwisc2.exe
    udefender_installer.exe
    update.exe
    uninstall.exe
    iesafe.exe
    update.exeapp.exe
    udefender_installer.exe
    update.exe
    uninstall.exe
    iesafe.exe
    app.exe

You should now be able to remove the remainder of that folder’s contents and be solved. You have either an ancient version of the Java running, and should uninstall all existing Java and then download the latest from the Sun Java site and that should stop it from getting back in …

Thank you Kevin for shining a little light on the situation.
This is the second thread where I’ve seen win32/matefender discussed.
It looked to be a fairly well know piece of fraud-ware.
Do you know if we detect or remove it?

Thanks Kevin, Cat and all . . .
I will follow your instructions as soon as I complete all the ■■■■ I started in SAFE mode.
And will check back with you in the morning to give you an update . . .

napamac

Kevin and all . . .

I disabled sys restore and followed your instructions, plus a few more that I had available.
Then restarted and enabled sys restore.

Appears to have worked . . . So Far . . . So Good . . . no signs of win32.matefender!
Thank you again for all the assistance.

I will keep you posted . . .

napamac :BNC

Thank you Kevin !

I disabled sys restore, went to SAFE mode and followed your instructions . . .
Appears to have worked . . . Yeah!
I will keep you posted .

Truly thankfull,

napamac :BNC