WinDefender2009 / WinDefender 2023 Removal Help

WinDefender 2023, also known as WinDefender2009, is a fake application whose goal is to trick the user into purchasing their fake application. A majority of the viruses or all the viruses it finds tend to not be on the user’s computer. Purchasing the software will not remove any spyware from your computer.

Type: Rogue Security Application (Click Here To Learn More)
Threat Level: 4/5

Below is our recommended removal tool for WinDefender 2023. It is PC Magazines editors’ choice of 2008, has been featured on Dr. Phil, and is from a Microsoft Certified Partner. It detects, removes, and blocks all types of Spyware and has been download 125 Million Times. Feel free to download it below.

WinDefender 2023 Manual Removal -

Stop Windefender 2023 Processes (Learn How To Do This)
windef.exe

Remove WinDefender 2023 Files (Learn How To Do This)
C:/Program Files/WinDefender/
C:/Program Files/WinDefender/ekrn
C:/Program Files/WinDefender/windef.exe
C:/Program Files/WinDefender/windefender.s1
C:/Program Files/WinDefender/windefender.s2
C:/Program Files/WinDefender/windefender.s3
C:/Program Files/WinDefender/windefender.s4
C:/Program Files/WinDefender/windefender.s5
C:/Program Files/WinDefender/windefender.s6

Remove WinDefender 2023 Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER/Software/WinDefender
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run “WinDefender”

If you have any questions or comments, please don’t hesitate to comment below. We recommend that you follow our safety tips so that you can keep your computer clean Please click here to view our safety tips.

Your feedback is very highly valued by others so please feel free to comment.

Tags: ,

This entry was posted on Thursday, January 29th, 2024 at 2:00 am and is filed under Rogue Application Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “WinDefender2009 / WinDefender 2023 Removal Help”

dhofozr.dll - Trojan Virus Removal Guide | Virus Removal Guru December 24th, 2023 at 4:00 pm

[...] webpage above has the Windefender 2023 virus. If you have the Windefender 2023, please click HERE to view our guide to remove [...]

Jeremy January 3rd, 2024 at 3:34 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:54 PM, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Jerm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
D:\oldstuff\Garena\Garena.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\Jerm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jerm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jerm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jerm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jerm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jerm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jerm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jerm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jerm\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:\Program Files\AVG\AVG8\avgssie.dll
O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre6\bin\ssv.dll
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: AVG Security Toolbar – {A057A204-BACC-4D26-9990-79A187E2698E} – C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 – BHO: PolMaker – {EAA3FD3B-107B-4944-8139-B6D57E0358A5} – C:\WINDOWS\system32\kdz32.dll (file missing)
O3 – Toolbar: AVG Security Toolbar – {A057A204-BACC-4D26-9990-79A187E2698E} – C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 – HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 – HKLM\..\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [Calendar] C:\Program Files\Desksware\Calendar.exe
O4 – HKLM\..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 – HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 – HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 – HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 – HKCU\..\Run: [Google Update] “C:\Documents and Settings\Jerm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O15 – ESC Trusted Zone: https://*.update.microsoft.com
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230263351750
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Program Files\AVG\AVG8\avgpp.dll
O20 – AppInit_DLLs: avgrsstx.dll
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AVG Free8 E-mail Scanner (avg8emc) – AVG Technologies CZ, s.r.o. – C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 – Service: AVG Free8 WatchDog (avg8wd) – AVG Technologies CZ, s.r.o. – C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: TuneUp Drive Defrag Service (TuneUp.Defrag) – TuneUp Software GmbH – C:\WINDOWS\System32\TuneUpDefragService.exe


End of file – 6087 bytes

This is my log file of hijackthis, I’ve followed the above steps but I can’t perform any because I’m did not install it yet, I’m only hijacked. Whenever I access windows explorer, i get pop ups.

—–
Attention, Andrew Dehnart!
Some Dangerous viruses detected in your system. Microsoft Windows XP files corrupted. This may lead to the

destruction of important files in C:\WINDOWS. Download protection software now! Click OK to download the

antispyware. (recommended)
—–
——
Click yes or no and it will try to bring me here:
https://www.systemerroronline.com/id/4912933/1/1/
I believe the free version of AVG is blocking the web address.

I can then continue to try opening folders and sub folders but this will come up:

——
—–
You’ve downloaded “horse_*******_girl.avi” – do you want to watch this movie now?
—–

Please help me on this, I’ve tried to analyze myself, there is this suspicious .dll named kdz32.dll, when I try to remove, it says its protected. Help?!

Fkinjzg.dll - Trojan Virus Removal Guide | Virus Removal Guru January 6th, 2024 at 5:17 am

[...] for fake antivirus programs such as Windefender 2023. If you have the Windefender 2023, please click HERE to view our guide to remove [...]

Frapsen January 25th, 2024 at 6:32 am

Thx!!! U rly helped me

IE-Security / IESecurity Virus Removal Guide | Virus Removal Guru January 27th, 2024 at 12:30 pm

[...] IE-Security is one of the many fake antivirus applications on the web. The program itself is completely fake. It is a clone of WinDefender 2023. [...]

Leave a Reply