Computers The Official Malware/Antivirus Thread - Need help or general advice? Read this first!

Huffmeister · 10-29-2010, 10:23 PM

I ran into a strange virus/trojan last night called Windows Defender*. It installed on my computer (not sure how) and it looked like a virus-scan or spyware-removal dashboard. I tried to close it so that I could uninstall it, but it just went into the system tray. Right-clicking the system tray icon didn't show an 'Exit' or 'Shut Down' option, so I went to Task Manager to kill the process. Task Manager would open for a second, then close. I tried it over and over thinking "oh crap". I rebooted, and the 'Defender' app started up immediately and proceeded to end other processes. I tried Task Manager again, and it closed after a second. I opened up Firefox to try and look it up, and Firefox closed after a second. Everything I tried to open would close almost immediately (even running 'cmd' and 'msconfig.exe').

During one of the times Task Manager flashed open, I saw that one of the processes was 'defender.exe'. I opened Windows Explorer, which luckily stayed open, and searched for it. Sure enough, defender.exe was sitting in the Users directory (I'm running Vista). I tried to delete, but couldn't because the process was running. So I renamed it and rebooted. This time, it didn't run on startup, so I quickly went in and deleted defender.exe and went into msconfig.exe and removed it from startup. I also went into the registry and removed all entries that contained 'defender.exe'.

It was 1:30am by the time I got rid of it, so I shut down my machine and went to bed. Tonight, I plan on doing a full system scan: AVG, Ad-Aware, and a few of the programs mentioned in this thread. From what I gathered, it was just a bogus app that tries to get people to buy "full version" to get rid of whatever virus it says you have.

I think everything is ok now, but just want to make sure. Any thing else I should be doing or looking for?

==========
* Not THE Windows Defender, just trying to disguise itself as legit.

**Bearcat** · 10-30-2010, 12:33 AM

Quote:

Originally Posted by Huffmeister

I

I think everything is ok now, but just want to make sure. Any thing else I should be doing or looking for?

Run the scans in Safe Mode, then I will usually boot up normally and run them again... and you can always post a HiJack This log after the scans to make sure it got everything.

At least it was just the defender.exe... the really nasty ones will have a DLL that gives a random name to the .exe each time you start Windows.

10-29-2010, 10:23 PM	#1
Huffmeister Veteran Join Date: Apr 2004 Location: Kansas City, MO Casino cash: $9904277	I ran into a strange virus/trojan last night called Windows Defender. It installed on my computer (not sure how) and it looked like a virus-scan or spyware-removal dashboard. I tried to close it so that I could uninstall it, but it just went into the system tray. Right-clicking the system tray icon didn't show an 'Exit' or 'Shut Down' option, so I went to Task Manager to kill the process. Task Manager would open for a second, then close. I tried it over and over thinking "oh crap". I rebooted, and the 'Defender' app started up immediately and proceeded to end other processes. I tried Task Manager again, and it closed after a second. I opened up Firefox to try and look it up, and Firefox closed after a second. Everything I tried to open would close almost immediately (even running 'cmd' and 'msconfig.exe'). During one of the times Task Manager flashed open, I saw that one of the processes was 'defender.exe'. I opened Windows Explorer, which luckily stayed open, and searched for it. Sure enough, defender.exe was sitting in the Users directory (I'm running Vista). I tried to delete, but couldn't because the process was running. So I renamed it and rebooted. This time, it didn't run on startup, so I quickly went in and deleted defender.exe and went into msconfig.exe and removed it from startup. I also went into the registry and removed all entries that contained 'defender.exe'. It was 1:30am by the time I got rid of it, so I shut down my machine and went to bed. Tonight, I plan on doing a full system scan: AVG, Ad-Aware, and a few of the programs mentioned in this thread. From what I gathered, it was just a bogus app that tries to get people to buy "full version" to get rid of whatever virus it says you have. I think everything is ok now, but just want to make sure. Any thing else I should be doing or looking for? ========== Not THE Windows Defender, just trying to disguise itself as legit.
Posts: 1,245