Infected with System Defender

Hello,
It seems that I have got infected when looking at a website which had a list of book collection. The machine is running Windows XP with McAfee av installed. I have disconnected from the internet, just to stop the pop up and constant reminder of the system being infected. The taskmanager window does not pop up when I hit ctrl-alt-del. I am attaching the hijackthis log file. Also, I will be reading similar threads on system defender. It would be great if someone could help me clean the system.
Thanks,
MJ

 

Sorry about the previous post. Here's my logs files following the steps. My computer's refresh rate is lagging (lags when I scroll up/down).

 

Hello MJPani.


Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.



Everything in the Malwarebytes log says No action taken. Let's run another scan make sure they were removed. Be sure to let MBAM fix everything before attaching the log.

Open Malwarebytes' Anti-Malware.

* Click the Update tab.
* Click Check for Updates
* If an update is found, it will download and install.
* Click the Scanner tab.
* Select Perform Quick Scan, then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Now delete ComboFix and download a new copy then run a scan. Attach the new log. Running ComboFix



Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Attach the new C:\MGlogs.zip file that will be created.



Next post please attach:

• New Malwarebytes log (after everything has been fixed)
• New ComboFix log
• New MGlogs.zip

 

hi evilfantasy,

Thank you for your response. I am attaching my logs for mbam, combofix, and MGlogs.

 

Go to Add or Remove Programs and uninstall:

• Browser Address Error Redirector

What antivirus do you use?

BitDefender Antivirus

VirusScan Enterprise + AntiSpyware Enterprise <- Is this McAfee?

 

I'm using mcafee, thinking about switching to avg..

Thanks

 

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

SecCenter::
{6C4BB89C-B0ED-4F41-A29C-4373888923BB}

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze



Also let me know how the computer is running now.

 

My computer seems to be running fine. Should I uninstall superantispyware? I'm attaching the combofix log.

Thanks

 

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!