safesoft defender 2009 malware

Has anyone figured out how to remove this safesoft defender 2009 program? No browser is safe from it. I got it downloading and installing the new Firefox 3.04 browser from their website. I have tried antivirus programs, malware, even Microsoft malicious software removal tool will not work. I even deleted the registry key pertaining to it. “local machine\software\xpre” and that didn’t work. I cannot browse on my main computer because of this safesoft defender 2009. I am ready to wipe it clean and start over.

11 Responses

  1. timothy says:

    I just found and deleted components the file was under c:/users/owner/appdata/roaming..
    the first 6 folders each contained a file that was associated with the same date of origin. I found this by going to msconfig and disabling all selections and then reapplying one by one until problem reoccur ed. the primary file was an application called wincore. it has a icon similar to windows defender (world behind firewall)
    It will not let you delete these files so you must reboot your machine in safemode (f8) and then delete these files.My wincore was located in C:/users/owner(you)/appdata/roaming/google. You also may look in “local” instead of roaming.

  2. Mike says:

    this program hijacked my Internet when i was watching a video. After a long search i found the files i needed to delete. my were hidden in the applications data (a hidden folder) to see this you must go to advanced search in your searches. look for the file that has been modified on the date the problem occurred. in this file look for google and again the files changed on this date. some of the files might say in use so they can’t be deleted. move the to your desktop and restart your computer. when it restarts quickly delete the files you moved. this should take care of your problem, it worked for me

  3. Sharif says:

    I just got this virus on Dec 13, 2008. It has completely taken over the browsers and most vital functionality on the computer. When I access msconfig, I get an error prompt saying “MSConfig has caused a system failure” – clicking OK causes the system to reboot. Antivirus and antispyware is not helping. I can’t find wincore anywhere in the appdata folders. Advanced search for wincore returns nothing.

  4. Batman says:

    Any update out there to combat the safe -soft infection?Its taken over and no male ware I have or that I am able to download can get rid of it, I tried to reconfigure back to a previous date but that did not work.

  5. herscel says:

    it is a vicious program, anything new in the month since the above last post?

  6. Harry says:

    If you are looking for a solution to remove a malware product from your computer called Personal Defender 2009, be advised that it is not ours and we cannot help you.

    If you google “defender-review”, you will find explanations and help. SafeSoft is a registered mark of Safety Software, but we have nothing to do with this situation. We are victims here also.

    We have sent cease and desist notices to the hosting ISP, onlinenic.com, and the individual believed to own defender-review.com, so far with no results. We have also notified Microsoft Legal Department as their marks are being exploited also (Microsoft Gold Certified Partner). We have received no feed back from from anyone other than those of you who have been effected by this malware. We suggest you also fax Microsoft Legal at 425-936-7329 about this problem. Maybe Bill will care then. They have more resources than we. We would appreciate it if you would email us at support@safesoft.com with your contact info relating to this problem. Together we can make these folks and their malware go away.

  7. Mari says:

    What number 2 Mike said, works like magic, you have to drag it to your desktop and then restart and delete!

    Thank You!

  8. Michael says:

    The other Mike hit it on the head (App data/ Google) .However might I also suggest not only manually deleting this but using anti virus software.My best luck was with Avast which whacked this bastard file completely.I had AVG the newest version it it just bypassed it like it was a safe file.Also some programs that didn’t work are Spy-Bot Search and Destroy , Advanced System Care 3,Microsoft Malicious Tool Removal,Ad-aware,Web root Spy sweeper Pro, which also claims to block spy ware and hijacks did nothing.I even tried “Hijack this” which is well respected in the industry.Nothing worked out of many attempts except Avast.However with that said my file system is now hosed and I have constant Bad image messages come up so its off to reinstall Windows !! Thanks Microsoft for having such a weak product.

  9. Mary Yugo says:

    I’m not sure if this forum is accepting my posts so forgive if duplicate. Use Malwarebytes from malwarebytes.org. Check first in google. It’s free and legitimate.

    Edit: OK– looks as if my longer post was rejected maybe because it had a link in it. Anyway, Malwarebytes removes this scum. If you gave them your credit card number, I’d recommend cancelling both the payment and the card number with your credit card company. Who knows what these people will do with that information? What I want to know is why nobody is able to do anything about them!

    Also suggest running Malwarebytes in safe mode (F8 during boot) and with System Restore (Start/Programs/Accessories/System/System Restore turned off (look for the turn off check mark and don’t forget it to turn it back on once the software is removed).

  10. Mary Yugo says:

    OK– here is my previous post:

    This vicious thing snares many unsuspecting users. It’s perpetrators hack badly designed web sites and insert a redirection instruction to their site which in turn infects your computer.

    The best cure for this, in my experience, has been MalwareBytes’ removal program. A completely free (and safe) version is found here: malwarebytes.org

    Click on download the free program. While downloading, IGNORE any pop-ups from the rogue program! If you have given this “company” your credit card information to buy their “removal” software, you MUST cancel the purchase with your credit card provider AND cancel/replace the card! These guys are God-knows-where and will do God-knows-what with your card number!

    I wish I knew how scumbags like this are allowed to continue operating and as others noted, why Microsoft and other large companies don’t take them apart. I’d like to see them crucified in public on nationwide TV!

    In the future NEVER click on any offer from an unknown web site. Check the site address in the address field of your browser to make sure you are directed to where you want to go. If you are redirected, X-out the window immediately. Do not click ANYWHERE in it.

    Finally, to be sure the fix works properly, I prefer to:

    – turn off system restore and
    – run the fix in SAFE MODE (F8 while booting) and with the Internet disconnected.

    Good luck!

  11. Hayden says:

    Tried a lot of things but my windows explorer kept shutting down. Anyway, restart the computer and as soon as the first screen comes up, says Dell or HP, tap F8 until a menu comes up. choose the option that gives a restore point and choose a restore point that is uninfected.
    Pro: Easiest method and no trying to find the mystery file
    Con: Any files downloaded between restore point and now is gone.