|
|
|
Thread Tools | Display Modes |
|
10-29-2010, 10:23 PM | #1 |
Veteran
Join Date: Apr 2004
Location: Kansas City, MO
Casino cash: $9904277
|
I ran into a strange virus/trojan last night called Windows Defender*. It installed on my computer (not sure how) and it looked like a virus-scan or spyware-removal dashboard. I tried to close it so that I could uninstall it, but it just went into the system tray. Right-clicking the system tray icon didn't show an 'Exit' or 'Shut Down' option, so I went to Task Manager to kill the process. Task Manager would open for a second, then close. I tried it over and over thinking "oh crap". I rebooted, and the 'Defender' app started up immediately and proceeded to end other processes. I tried Task Manager again, and it closed after a second. I opened up Firefox to try and look it up, and Firefox closed after a second. Everything I tried to open would close almost immediately (even running 'cmd' and 'msconfig.exe').
During one of the times Task Manager flashed open, I saw that one of the processes was 'defender.exe'. I opened Windows Explorer, which luckily stayed open, and searched for it. Sure enough, defender.exe was sitting in the Users directory (I'm running Vista). I tried to delete, but couldn't because the process was running. So I renamed it and rebooted. This time, it didn't run on startup, so I quickly went in and deleted defender.exe and went into msconfig.exe and removed it from startup. I also went into the registry and removed all entries that contained 'defender.exe'. It was 1:30am by the time I got rid of it, so I shut down my machine and went to bed. Tonight, I plan on doing a full system scan: AVG, Ad-Aware, and a few of the programs mentioned in this thread. From what I gathered, it was just a bogus app that tries to get people to buy "full version" to get rid of whatever virus it says you have. I think everything is ok now, but just want to make sure. Any thing else I should be doing or looking for? ========== * Not THE Windows Defender, just trying to disguise itself as legit. |
Posts: 1,245
|
10-30-2010, 12:33 AM | #2 | |
Would an idiot do that?
Join Date: Nov 2000
Location: Arizona
Casino cash: $2694931
|
Quote:
At least it was just the defender.exe... the really nasty ones will have a DLL that gives a random name to the .exe each time you start Windows.
__________________
|
|
Posts: 55,434
|
|
|