Removing System Defender And Other Things

Discussion in 'Malware Help (A Specialist Will Reply)' started by csag08, Nov 14, 2009.

  1. csag08

    csag08 Private E-2

    I somehow got System Defender on my PC and it was causing popups for a while. I booted from another disk and was able to delete the target for the System Defender and one other icon while in safe mode.

    When I try to boot in Safe Mode off of the infected drive, it simply restarts the computer and will not allow it. Also, when I try to install AVG or any other Anti-Virus software, it says that I must first remove System Defender. I ran HiJackThis and the attached log was created.

    It is affecting the sites and searching that I can do in firefox, and creating shortcut icons on my desktop for internet explorer.

    Your suggestions would be appreciated.

    TIA
     

    Attached Files:

    csag08, Nov 14, 2009
    #1
  2. evilfantasy

    evilfantasy Malware Fighter

    Welcome to MajorGeeks!

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the next one.

    Vista and Windows 7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.pif
    * Rkill.exe

    * Double-click on the Rkill desktop icon to run the tool.
    * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    * If not, delete the file, then download and use the one provided in Link 2.
    * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    * Do not reboot until instructed.
    * If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following.


    Download and run exeHelper

    * Please download exeHelper from Raktor to your desktop.
    * Double-click on exeHelper.com to run the fix.
    * A black window should pop up, press any key to close once the fix is completed.
    * A log file named log.txt will be created in the directory where you ran exeHelper.com
    * Attach the log.txt file to your next message.


    If you already have them installed, be sure to update Malwarebytes and SUPERAntiSpyware before the scan!

    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Now run this: Using Malwarebytes Anti-Malware

    Now run this: SUPERAntiSpyware - running & getting a log

    Now run this: Using MGtools
     
    evilfantasy, Nov 16, 2009
    #2
  3. csag08

    csag08 Private E-2

    Here are the files that I ran.

    When I try to run a scan with Super AntiSpyware, it automatically reboots my system.

    Here are the exehelperlog file and MGTools files. Also, I have been getting errors about "rundll32.exe" not functioning and a "prockiller" error when I startup. Also, my wireless internet connection will go into a permanent searching for connection after a while of browsing.

    Thanks
     

    Attached Files:

    csag08, Nov 17, 2009
    #3
  4. evilfantasy

    evilfantasy Malware Fighter

    This logs you could get indicate a Virut infection. Unfortunately the only reliable cure is a complete reformat and reinstall. We can try another scan to try and be sure but I have never been able to cure a Virut infection and many helpers will completely refuse to even try because it is normally a lost cause.

    Download ComboFix from one of the below links. You must rename it before saving it!

    Important! You MUST save ComboFix to your desktop.

    Link #1
    Link #2

    Rename ComboFix to Combo-Fix before saving it to the desktop.

    http://i154.photobucket.com/albums/s258/evilfantasy69/CF1.gif

    http://i154.photobucket.com/albums/s258/evilfantasy69/CF2.gif

    Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    Double click on Combo-Fix.exe & follow the prompts.

    Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

    Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    When the scan completes it will open a text window.

    Post the contents of that log in your next reply.

    Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
     
    evilfantasy, Nov 18, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds