defender.exe virus - anyone battle this one yet?

The place for all kinds of software for all kinds of operating systems.

Moderator: Dposcorp

Re: defender.exe virus - anyone battle this one yet?

Postposted on Fri Sep 09, 2011 10:20 pm

LaChupacabra wrote:Do this, but before you do go into the task manager. Defender spawns a process that hijacks your browser and .exe files. What you have to do to properly clean it is

1) Open task manager. There will be a process that is assigned 3 random letters. That is the defender process. Kill it and do not run any other files (it takes over pretty much every file type and runs it through it's own program and will respawn defender)

What you don't understand is performing your FIRST step is impossible with this virus. Even when I opened task manager, it closed and killed it so quickly before I even had a change to do anything. So even if all your steps work, the first step is to stop the virus in the first place, then continue with the process...
thegleek
Darth Gerbil
Gold subscriber
 
 
Posts: 7367
Joined: Tue Jun 10, 2003 11:06 am
Location: Detroit, MI

Re: defender.exe virus - anyone battle this one yet?

Postposted on Sat Sep 10, 2011 10:53 am

LaChupacabra wrote:1) Open task manager. There will be a process that is assigned 3 random letters. That is the defender process. Kill it and do not run any other files (it takes over pretty much every file type and runs it through it's own program and will respawn defender)

Couldn't do this. Booted right up into Safe Mode (withOUT networking)

LaChupacabra wrote:2) Run the registry fix. This re-associates .exe files with the proper windows programs and allows you to

Didn't need to do this since I booted up in Safe Mode.

LaChupacabra wrote:3) Install malwearebytes

Done.

LaChupacabra wrote:4) Update malwarebytes

Couldn't do this part since I used "without Networking", but it's only 85 days out-of-date, which isn't bad. This virus/trojan has been around A LOT longer then that!

LaChupacabra wrote:5) Perform a quick scan (this catches it) and have malwarebytes clean the system

Done. It caught 10 items (6 files, 1 folder, 2 registry values, and 1 registry key):

Trojan.Tracur (C:\programdata\audiodev32.exe)
Trojan.FakeAlert (C:\programdata\defender.exe)
Trojan.FakeAlert (reg key)
Exploit.Drop.2 (C:\Windows\Temp\0.{random numbers}.exe)
Backdoor.Bot (C:\Windows\scvhost.exe)
Trojan.Spyeyes (C:\Recycle.Bin\b6232f3ae2d.exe)
Trojan.Spyeyes (reg value)
Trojan.BHO (reg key)
Trojan.Spyeyes (C:\Recycle.Bin)
Trojan.Spyeyes (C:\Recycle.Bin\4e9cfea536c3122)

LaChupacabra wrote:6) reboot

Done.
thegleek
Darth Gerbil
Gold subscriber
 
 
Posts: 7367
Joined: Tue Jun 10, 2003 11:06 am
Location: Detroit, MI

Re: defender.exe virus - anyone battle this one yet?

Postposted on Sat Sep 10, 2011 10:58 am

dextrous wrote:This comes back because it has a rootkit associated with it. Run TDSSKiller from Kapersky: http://support.kaspersky.com/faq/?qid=208283363

It took me a few days to finally get rid of this one for good.

I downloaded this and ran it after running malwarebytes. Nothing was found. I'm thinking cuz malwarebytes was the hero in this case and got rid of 10 baddies.
thegleek
Darth Gerbil
Gold subscriber
 
 
Posts: 7367
Joined: Tue Jun 10, 2003 11:06 am
Location: Detroit, MI

Re: defender.exe virus - anyone battle this one yet?

Postposted on Sat Sep 10, 2011 11:19 am

Just to be safe, you should update Malwarebytes and run it one more time (if you haven't already).
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37705
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: defender.exe virus - anyone battle this one yet?

Postposted on Sat Sep 10, 2011 11:26 am

just brew it! wrote:Just to be safe, you should update Malwarebytes and run it one more time (if you haven't already).

Haha! You're a mind-reader! After I rebooted it, I plugged it back into the network, updated Malwarebytes, and ran the quickscan again.

I also downloaded and installed the Microsoft Security Essentials thinger. It'll probably conflict with the eSET NOD32 AntiVirus I bet, eh?

I have to leave soon to DJ a wedding (yes, I -still- do that), but will update this thread on my progress (or lack-of) later.
thegleek
Darth Gerbil
Gold subscriber
 
 
Posts: 7367
Joined: Tue Jun 10, 2003 11:06 am
Location: Detroit, MI

Re: defender.exe virus - anyone battle this one yet?

Postposted on Sat Sep 10, 2011 11:58 am

You don't want to run 2 real-time anti-virus programs at the same time. Get rid of MSE or NOD32.
JJCDAD
Gerbil Jedi
 
Posts: 1867
Joined: Fri Sep 17, 2004 3:11 pm
Location: Is this heaven? No, it's Iowa.

Re: defender.exe virus - anyone battle this one yet?

Postposted on Sun Sep 11, 2011 8:26 pm

thegleek wrote:What you don't understand is performing your FIRST step is impossible with this virus. Even when I opened task manager, it closed and killed it so quickly before I even had a change to do anything. So even if all your steps work, the first step is to stop the virus in the first place, then continue with the process...


It must be a different variation of the virus than I've dealt with then. When I said

LaChupacabra wrote:can you run the registry fix, type task manager into universal search and execute it directly>


that was supposed to re-associate .exe files. The virus may hijak the shortcut to bring up the taskmanager but I have never heard of it hijacking the whole executable itself. Also you can download the latest definitions of malwarebytes as a stand-alone updates. It's one of the nicer features of the program.
LaChupacabra
Gerbil First Class
Gold subscriber
 
 
Posts: 136
Joined: Tue Dec 30, 2008 10:59 pm

Re: defender.exe virus - anyone battle this one yet?

Postposted on Thu Oct 06, 2011 12:54 pm

Lucky Jack Aubrey wrote:
thegleek wrote:What would you have done differently?

Not a thing. You make one serious attempt at cleaning the computer.

If that doesn't work, you nuke it from orbit. It's the only way to be sure.


+1 and Hi5!
Fastfreak39: I feel like they should change the phrase "jumping on the band wagon" to "sailing on the pirate ship"
Philldoe
Minister of Gerbil Affairs
 
Posts: 2790
Joined: Thu May 13, 2004 12:12 pm
Location: Turn around...

Re: defender.exe virus - anyone battle this one yet?

Postposted on Thu Oct 06, 2011 10:16 pm

http://www.youtube.com/watch?v=aCbfMkh940Q
:lol:

Malware Bytes Anti-Malware has impressed me.
JustAnEngineer
Gerbil God
Gold subscriber
 
 
Posts: 15426
Joined: Sat Jan 26, 2002 7:00 pm
Location: The Heart of Dixie

Re: defender.exe virus - anyone battle this one yet?

Postposted on Thu Oct 06, 2011 11:04 pm

meet my little friend
http://www.malwarebytes.org

:P

btw this is what i have always running on my system
Eset NOD32 v5 (desktops) or Eset Smart Security v5 (laptops)
Malwarebytes Anti-Malware PRO (with realtime monitoring)
AMD Phenom II X4 965 Black Edition C3 125W, GA-MA790FXT-UD5P, HD 5870 1GB GDDR5, OCZ Gold XTC 4GB 1600mhz @1333mhz 7-7-7-18 Dual Channel (2x2GB), VelociRaptor 150GB , Corsair 620HX 620W, Windows 7 Home Premium 64-bit
wiak
Gerbil
 
Posts: 30
Joined: Tue Jun 15, 2004 2:52 pm

Previous

Return to General Software

Who is online

Users browsing this forum: No registered users and 3 guests