TR Forums

LaChupacabra wrote:

Do this, but before you do go into the task manager. Defender spawns a process that hijacks your browser and .exe files. What you have to do to properly clean it is

1) Open task manager. There will be a process that is assigned 3 random letters. That is the defender process. Kill it and do not run any other files (it takes over pretty much every file type and runs it through it's own program and will respawn defender)

What you don't understand is performing your FIRST step is impossible with this virus. Even when I opened task manager, it closed and killed it so quickly before I even had a change to do anything. So even if all your steps work, the first step is to stop the virus in the first place, then continue with the process...

LaChupacabra wrote:

1) Open task manager. There will be a process that is assigned 3 random letters. That is the defender process. Kill it and do not run any other files (it takes over pretty much every file type and runs it through it's own program and will respawn defender)

Couldn't do this. Booted right up into Safe Mode (withOUT networking)

LaChupacabra wrote:

2) Run the registry fix. This re-associates .exe files with the proper windows programs and allows you to

Didn't need to do this since I booted up in Safe Mode.

LaChupacabra wrote:

3) Install malwearebytes

Done.

LaChupacabra wrote:

4) Update malwarebytes

Couldn't do this part since I used "without Networking", but it's only 85 days out-of-date, which isn't bad. This virus/trojan has been around A LOT longer then that!

LaChupacabra wrote:

5) Perform a quick scan (this catches it) and have malwarebytes clean the system

Done. It caught 10 items (6 files, 1 folder, 2 registry values, and 1 registry key):

Trojan.Tracur (C:\programdata\audiodev32.exe)
Trojan.FakeAlert (C:\programdata\defender.exe)
Trojan.FakeAlert (reg key)
Exploit.Drop.2 (C:\Windows\Temp\0.{random numbers}.exe)
Backdoor.Bot (C:\Windows\scvhost.exe)
Trojan.Spyeyes (C:\Recycle.Bin\b6232f3ae2d.exe)
Trojan.Spyeyes (reg value)
Trojan.BHO (reg key)
Trojan.Spyeyes (C:\Recycle.Bin)
Trojan.Spyeyes (C:\Recycle.Bin\4e9cfea536c3122)

LaChupacabra wrote:

6) reboot

Done.

dextrous wrote:

This comes back because it has a rootkit associated with it. Run TDSSKiller from Kapersky: http://support.kaspersky.com/faq/?qid=208283363

It took me a few days to finally get rid of this one for good.

I downloaded this and ran it after running malwarebytes. Nothing was found. I'm thinking cuz malwarebytes was the hero in this case and got rid of 10 baddies.

Just to be safe, you should update Malwarebytes and run it one more time (if you haven't already).

just brew it! wrote:

Just to be safe, you should update Malwarebytes and run it one more time (if you haven't already).

Haha! You're a mind-reader! After I rebooted it, I plugged it back into the network, updated Malwarebytes, and ran the quickscan again.

I also downloaded and installed the Microsoft Security Essentials thinger. It'll probably conflict with the eSET NOD32 AntiVirus I bet, eh?

I have to leave soon to DJ a wedding (yes, I -still- do that), but will update this thread on my progress (or lack-of) later.

You don't want to run 2 real-time anti-virus programs at the same time. Get rid of MSE or NOD32.

thegleek wrote:

What you don't understand is performing your FIRST step is impossible with this virus. Even when I opened task manager, it closed and killed it so quickly before I even had a change to do anything. So even if all your steps work, the first step is to stop the virus in the first place, then continue with the process...

It must be a different variation of the virus than I've dealt with then. When I said

LaChupacabra wrote:

can you run the registry fix, type task manager into universal search and execute it directly>

that was supposed to re-associate .exe files. The virus may hijak the shortcut to bring up the taskmanager but I have never heard of it hijacking the whole executable itself. Also you can download the latest definitions of malwarebytes as a stand-alone updates. It's one of the nicer features of the program.

Lucky Jack Aubrey wrote:

thegleek wrote:

What would you have done differently?

Not a thing. You make one serious attempt at cleaning the computer.

If that doesn't work, you nuke it from orbit. It's the only way to be sure.

+1 and Hi5!

http://www.youtube.com/watch?v=aCbfMkh940Q


Malware Bytes Anti-Malware has impressed me.

meet my little friend
http://www.malwarebytes.org



btw this is what i have always running on my system
Eset NOD32 v5 (desktops) or Eset Smart Security v5 (laptops)
Malwarebytes Anti-Malware PRO (with realtime monitoring)