Malware Protection 2009
What is Malware Protection 2009?
Malware Protection 2009 is another fake antimalware application that pose as a legitimate program and encourage users to use it for their protections. When users are convinced to download Malware Protection 2009, it will run its own virus scanning and alarms users of a detected threats. This is the time where the program ask to purchase the registered version to be able to delete the infections.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What Malware Protection 2009 Does?
It will modify Windows Registry and add the following entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Uninstall\shcev9j0e1b1\”DisplayName” = “MProtector”
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run “Malware Protection 2009″
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ ”SMshcev9j0e1b1″ = “C:\Program Files\shcev9j0e1b1\shcev9j0e1b1.exe”
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ shcev9j0e1b1\”UninstallString” = “C:\Program Files\shcev9j0e1b1\uninstall.exe”
The threat will install the following malicious files:
- Malware Protection 2009.lnk
- Register Malware Protection 2009.lnk
- Uninstall.lnk
- shcev9j0e1b1.exe
- Uninstall.exe
- Database.dat
- MFC71.dll
- MFC71ENU.DLL
- msvcr71.dll
How to Remove Malware Protection 2009 Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the files shcev9j0e1b1.exe and
Uninstall.exe are running in the process. If it is, select the file and click End Process. Perform file delete again.
Automatic Removal of Malware Protection 2009
1. Print this procedure as we need to close all programs running later.
2. Download MalwareBytes’ Antimalware here and save it to your Desktop.
3. Close all open applications.
4. Double-Click on the downloaded mbam-setup.exe to start the installation. If unable to execute, infections on computer is preventing it from running, rename the file mbam-setup.exe to anything (like myfile.exe)
5. Run the installation on the default settings. No changes are necessary.
6. Just before completing the installation, make sure that the following are marked check.
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
7. MBAM will run and update itself after installation. Close MBAM after the update.
8. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
9. Click on the MBAM icon and start to Perform Full Scan to begin scanning your computer for Malware Protection 2009 related files.
10. After scanning, a message will appear stating that the scan is completed successfully. Click OK.
11. Click Show Results and detected threats will be displayed.
12. Make sure that all threats are marked check, then click Remove Selected to begin removal of the malicious files.
13. Exit MalwareBytes’ AntiMalware and restart your computer.
14. Malware Protection 2009 and all its files are now removed from your computer. To protect your computer from this threat and avoid future infections, you may want to obtain a Full Version of MalwareBytes’ AntiMalware.
