• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Windows defence

Brainache

Nasty Brutish and Tall
Brainache
Joined
Aug 8, 2006
Messages
17,795
Location
Canberra
My daughter was using my computer yesterday and somehow managed to download a hysterical piece of malware called "Windows Defence". It keeps hijacking my screen and telling me to register and buy...

I can't find any way to get rid of this thing. I tried the suggestions at this website: http://www.spywareremove.com/removeWindowsDefence.html

But their suggestions don't match what I'm seeing on my comp. I can't find any mention of the thing in any of the places the website says to look and searching my computer for it isn't working either.

Can anyone help me?

Please bear in mind that I'm am nearly computer illiterate so please dumb it down for a poor old luddite...
 
I have a laptop sitting on the floor next to me that has that same virus. It belongs to a friend, and the process is time consuming and requires the use of a thumbdrive to complete.

Basically the rogue program will deny any use of virus protection programs including downloading new ones. This is why a thumbdrive is require.

My second desktop is having overheating issues atm and all my links are saved there. As soon as I have it fired up and working again I'll post what I found. That is, if the above link provided by JWildeman doesn't do the trick.
 
Last edited:
Skeeve said:
I have a laptop sitting on the floor next to me that has that same virus. It belongs to a friend, and the process is time consuming and requires the use of a thumbdrive to complete.

Basically the rogue program will deny any use of virus protection programs including downloading new ones. This is why a thumbdrive is require.
Click to expand...
wow, even in safe mode?
Usually you can download them in safe mode and then change the name of the exe file, like from MBAM.exe to Bob.exe
That sucks big time.
My second desktop is having overheating issues atm and all my links are saved there. As soon as I have it fired up and working again I'll post what I found. That is, if the above link provided by JWildeman doesn't do the trick.
Click to expand...

Good luck , try Read and Run me first after you get it running.
 
Last edited:
Yesterday I managed to smash the same infection by booting into safe mode and using System Restore to jump to a restore point made last week. It might rear its head again, but it has at least restored functionality for now.

Oh, once you get your system coherent again, update your virus scanner and run a full scan. You might also want to download and run MalwareBytes.
 
Thanks guys. I'll try the safe mode system restore thing. I don't want to go poking around in the registry deleting stuff, I'd probably destroy something...
 
That didn't work. "Unable to restore computer to earlier point, no changes were made..."

It looks like I need to manually remove the files. If I can find them...
 
bobhope2112 said:
Yesterday I managed to smash the same infection by booting into safe mode and using System Restore to jump to a restore point made last week. It might rear its head again, but it has at least restored functionality for now.

Oh, once you get your system coherent again, update your virus scanner and run a full scan. You might also want to download and run MalwareBytes.
Click to expand...

I like Malware Bytes also!!
 
Brainache said:
Thanks guys. I'll try the safe mode system restore thing. I don't want to go poking around in the registry deleting stuff, I'd probably destroy something...
Click to expand...

If it helps, I used to be afraid of doing that - until I did it and it worked!!And I am functionally computer illiterate - except for the ability to do research on the computer.
 
Brainache said:
That didn't work. "Unable to restore computer to earlier point, no changes were made..."

It looks like I need to manually remove the files. If I can find them...
Click to expand...

On startup F whatever to enter setup
Boot select to CD Drive
Put install disk in drive.
reboot
Install Windows to format drive.
From then on use Virus Checkers and stay away from dodgy sites
 
Also make sure the people who use the infected computers have decent anti virus software that is updated frequently. Also they do not do things that are likely to download a virus.

Otherwise they may turn their machines in spam production units and I will not be happy.
 
Restart it in safe mode with networking (try resetting the PC during bootup and it will tell you windows didn't boot up correctly - would you like to start in safe mode?) if you can get into Windows this way, go to http://www.eset.com/online-scanner. They have an online virus checker that should bypass the virus's anti-virus ban list.

I had the same thing and I got rid of it this way. Good luck!
 
Last edited:
Thanks again. I got rid of it manually by using safe mode. I had to reset something so I could see hidden files and folders and the system files. It all seems to be working ok now, no sign of the evil defence program.

I am a bit annoyed with my daughter for downloading this thing. I have AVG running on this computer wich updates every day, but it doesn't help when 13 year olds are operating it.

Now I'm annoyed that downloading all of these anti-virus things has put my internet usage over the limit and doubled my bill for this month.:mad:
 
Brainache said:
Thanks again. I got rid of it manually by using safe mode. I had to reset something so I could see hidden files and folders and the system files. It all seems to be working ok now, no sign of the evil defence program.

I am a bit annoyed with my daughter for downloading this thing. I have AVG running on this computer wich updates every day, but it doesn't help when 13 year olds are operating it.

Now I'm annoyed that downloading all of these anti-virus things has put my internet usage over the limit and doubled my bill for this month.:mad:
Click to expand...

Wow! sounds like you have a really sucky Internet Service Provider!!:(
 
Brainache said:
Thanks again. I got rid of it manually by using safe mode. I had to reset something so I could see hidden files and folders and the system files. It all seems to be working ok now, no sign of the evil defence program.

I am a bit annoyed with my daughter for downloading this thing. I have AVG running on this computer wich updates every day, but it doesn't help when 13 year olds are operating it.

Now I'm annoyed that downloading all of these anti-virus things has put my internet usage over the limit and doubled my bill for this month.:mad:
Click to expand...

My daughter did something similar. Luckily it was her own laptop. I wiped the hardrive, causing her to lose all her photos and mp3s, and installed linux. She got the point.
 
fuelair said:
If it helps, I used to be afraid of doing that - until I did it and it worked!!And I am functionally computer illiterate - except for the ability to do research on the computer.
Click to expand...

I think a lot of the warnings about messing around with the registry are overblown. Yes, you can seriously screw things up if you go in there and randomly delete or change stuff, but if you know what you need to modify, pay attention to what you are doing, and especially if you export the key your are working on so you can restore it if necessary, it can be very useful and will not damage your system.
 
I ran into a very similar virus/trojan last night called Windows Defender*. It installed on my computer and started its 'scan'. I tried to close it so that I could uninstall it, but it just went into the system tray. Right-clicking the system tray icon didn't show an 'Exit' or 'Shut Down' option, so I went to Task Manager to kill the process. Task Manager would open for a second, then close. I tried it over and over thinking "oh crap". I rebooted, and the trojan app started up immediately and proceeded to end other processes. I tried Task Manager again, and it closed after a second. I opened up Firefox to try and look it up, and Firefox closed after a second. Everything I tried to open would close almost immediately (even running 'cmd' and 'msconfig.exe').

During one of the times Task Manager flashed open, I saw that one of the processes was 'defender.exe'. I opened Windows Explorer, which luckily stayed open, and searched for it. Sure enough, defender.exe was sitting in the Users directory (I'm running Vista). I tried to delete, but couldn't because the process was running. So I renamed it and rebooted. This time, it didn't run on startup, so I quickly went in and deleted defender.exe and went into msconfig.exe and removed it from startup. I also went into the registry and removed all entries that contained 'defender.exe'.

It was 1:30am by the time I got rid of it, so I shut down my machine and went to bed. Tonight, I plan on doing a full system scan: AVG, Ad-Aware, and a few of the programs mentioned in this thread.

Thanks for all the info!

==========
* Not THE Windows Defender, just trying to disguise itself as legit.
 
Last edited:
You must log in or register to reply here.

Back
Top Bottom