Defender Pro destabilizes Windows?

November 1, 2006

Oh MajorGeeks,

Please HELP! I need some immediate assistance. My system is a Dell Dimension 8300 (Intel Pentium 4, 3 Ghz), running Windows XP (2002, Home), with Service Pack 2. (I have more system specs if you want them.). My Windows Updates are current except for maybe the last 24-48 hours.

The virus protection that I had been using (E-Z something by Consultation Associates) expired about a month ago. In the interim, I tried a trial version of Spyware Doctor, which identified some fairly low threat spyware items on my system (nothing too serious), but it would not allow me to quarantine or get rid of them unless I purchased the software. (I have also used SpyBot & Ad-Aware SE to supplement virus protection software, but these were recently uninstalled as part of the installation process of a new viral software program.)

So, last week I finally made it down to the local computer outlet, and wound up purchasing Defender Pro: 5-in-1. (Probably not the best choice in hind sight. I was in hurry & didn’t do my homework. But it was on the shelf right next to Spyware Doctor, Norton, & McAfee—how bad could it be? Also, I wasn’t certain if Spyware Doctor provided virus, as well as spyware, ID & protection.)

I uninstalled all previous viral protection software that I knew of, prior to installing Defender Pro. Defender Pro was installed successfully, and has appeared to be working normally.

This morning when I checked my computer, Defender Pro showed a new display window I had not seen before. The display indicted that some viruses had been found on my system, and provided several options for disposition. I don't recall what each option was now, except for the last one, which was Delete. The description of the infection provided by Defender Pro was that of a "Trojan", including a reference to backdoor trojan. Well, I didn't want any trojans on my system (backdoor or otherwise), so I elected to delete them. I deleted approximately 5-9 items/files presented in the Defender Pro pop-up window for disposition.

The infected files presented in the Defender Pro pop-up window for disposition, contained only partial file ID, dissolving into “… ”, to indicate the remaining unprovided file name. The full file name or path might have provided some important information about the type of file identified as infected, which might have helped me to make a better decision as to file disposition. Efforts to view the underlying listing of potential malware located by Defender Pro, which did have more complete file path nomenclature, were blocked by the pop-up window requiring input for disposition. Clicking on the abbreviated file name in the DP pop-up window only provided a very brief tag, indicating a trojan infection. (I acknowledge that since it has been so recently installed, I am not very familiar with this software, in all it’s various nuances.)

I did notice that many of the files presented by Defender Pro for disposition had Microsoft prefixes, but I just figured that some Microsoft items (or Microsoft look-alike spam or spyware) had been identified as infected and probably needed to be deleted. I also assumed that Defender Pro wouldn't easily permit me to do something that would compromise the stability of my entire system. There was no indication or warning, that I recall, as to the possible negative effects that removal of these files might cause.

Immediately after deleting these items, even before closing or exiting Defender Pro, a message box from Windows popped up stating that some important files from Windows had been replaced with ones that were unrecognizable, and requested that I use my Windows Home XP SP2 CD to restore the original versions of these files.

When I tried to reinstall using my original CD, Windows indicated that it was not the correct CD needed. I figure the original Home XP CD does not include SP2, which I downloaded from the M/S Windows website. I do not have a CD of XP that includes the SP2 addition.

The Windows message box indicates that the current situation is unstable unless these files can be replaced. I have never experienced a system crash on this machine, and I am in no way prepared for one.

No, I do not have a current system backup, OK? My bad.

(I have tried backing up my system in the past using the Wizard software provided by Windows, with unsuccessful or questionable, unknown, and untested results. I've never really had a lot of confidence in the Windows Restore functions, when the Backup procedures they provide appear so inadequate or ineffective in the hands of the non-majorgeek population.)

But, when Windows pops up and tells me my system is unstable immediately after performing a Defender Pro function, I’m inclined to believe it. I'm also thinking I might be better off taking my chances out there with the viruses, without such “protection" provided by Defender Pro.

Some virus and spyware software automatically perform a backup (however rudimentary) prior to the execution of system scans. So, here's my burning question:

Can the files I deleted this morning be restored by Defender Pro? Is there a log of deleted files that can be accessed? I’ve e-mailed Defender Pro about this problem, but have not received a response.

I am afraid to close the Defender Pro window or the Windows Message window, access too many other programs, or restart my computer. Due to lack of response or further action, Windows is also now sending a pop-up confirmation window stating, “You chose not to restore the original versions of the files. This may affect Windows stability. Are you sure you want to keep these unrecognized versions?”

I read your Read-Me section of things to do before posting a request for help on the Support Forum, but I’m afraid to do anything else. At least my system still seems to be up and running. But, if you think I should follow the standard clean-up protocol to get out of this mess, I will do that.

Also, according to Defender Pro, I am being frequently attacked from the Internet by “Intrusion.Win.MSSQL.worm.Helkern” at address 219.140.165.44 (and other addresses). What’s up with that? Could this be related or just coincidence?

Oh, Obi-wan, I need you now. Hope to hear from you soon.

suntal

 

Halo,

Thanks so much for your response to my predicament! Sorry it’s taken me so long to reply. I’ve been working so much this past week, this is the first time I have even looked at my e-mail. However, I did, in fact, do one of the things you suggested.

Eventually, after my original post, I explored the Defender Pro software a little more and did discover a Restore function. I was somewhat ambivalent about using it because I would theoretically be re-infecting my computer with the files I had previously deleted, but I sucked it up and dove in. I figured if the Restore function worked authentically, when I ran Defender Pro’s system scan again, it should identify these files again, and I would have the opportunity to make another choice other than to delete them.

However, after I restored the deleted files, which had been identified as infected, the next system scan was clean. It did not identify any infected files, and the Windows message window stating my system could be unstable did not go away.

So, I figured I was still in trouble, probably had set some viruses loose in my unstable computer, and I was still afraid to turn my machine off, fearing that would create a point of no return/restore.

But, after a day or two with clean virus scans, and my computer hadn’t crashed, I held my breath and turned it off for several days while I was at work. Since I have turned it back on, it seems to be working fine, scans are clean, and the Windows warning that my system might be unstable has not returned. Yet.

So, whadaya think? Have I dodged a bullet? Should I go ahead and do a full-on system shakedown using your standard protocols? Needless to say, I’m seriously reconsidering my choice of virus protection. Any suggestions? I’m also planning to invest in an external back-up system, which is long overdue.

I’m very grateful for your response and suggestions. I’m not sure I totally understand WHY you guys are out there sharing your expertise for free, but it certainly is a great relief to know you are.

Stable 4 now,
Suntal

P.S.

I’m continuing to receive (and hopefully repel) frequent daily attacks by a Helkern worm. Is it just me, or is this a common critter these days?

 

Personally I would recommend you running the Panda Online Scan and HijackThis so we can confirm nothing is there.

 

bj,

OK, I'll give it a go this week. Haven't run either of these programs before, so it will probably be slow going. I'll post the results. Thanks for responding.

Suntal

 

Okay! Will be awaiting your results.