Windows Defender 2010

[Sly]

Man I'm having a bad week. Two different viruses on two different computers.

When I run MalwareBytes on regular boot, it finds and eliminates the files but it does not fix the problem. Upon reboot, everything is back to normal. When I run MalwareBytes in safe mood, it does not find anything at all.

I'm finding tons of different guides and they all have different directions and they also talk about different versions needing different remedies. Anybody conquer this bitch successfully?

[Amputate Your Head]

Quote:

Anybody conquer this bitch successfully?

Yep. Back in '07 when I switched to Macs and shitcanned all my PCs.

[erooup]

You need to reinstall at this point. Copy your data to another drive, format and reinstall again. Stop wasting your time, trying to find a cure for a terminal ill patient.

[Sly]

Quote:

Originally Posted by erooup

You need to reinstall at this point. Copy your data to another drive, format and reinstall again. Stop wasting your time, trying to find a cure for a terminal ill patient.

What's the best way to copy my data? I do have an external drive.

And what about all of my software? Will companies typically give you your activation code again in situations like this?

[Amputate Your Head]

Quote:

Originally Posted by Sly

What's the best way to copy my data? I do have an external drive.

And what about all of my software? Will companies typically give you your activation code again in situations like this?

You don't save your software license information and setup files?

Like this:

[erooup]

Quote:

Originally Posted by Sly

What's the best way to copy my data? I do have an external drive.

Total Commander is good for that task. There are better tools, but this is failsafe and free.
Or buy a new harddisk, and mount your current in a external disk enclosure. That way you can access your data when you have reinstalled your computer and added a good antivirus software.

Quote:

Originally Posted by Sly

And what about all of my software? Will companies typically give you your activation code again in situations like this?

Show a copy of your licences or proof of purchase, and it should not be a problem.

[acctman]

Wait don't reinstall... what problem are you exactly having. you said malabyteware finds and eliminates the virus but does not fix the problem... can you explain the problem you're having?

[Sly]

Quote:

Originally Posted by acctman

Wait don't reinstall... what problem are you exactly having. you said malabyteware finds and eliminates the virus but does not fix the problem... can you explain the problem you're having?

I just did another update for MalwareBytes and am running it again, will take a few more hours. Once it's done, I will report back with the problems I'm having.

[SallyRand]

Download and install Microsoft Security Essentials, update and run it. Just fixed a lap for a bud using that soft, Malwarebytes, Adaware, AVG and Spybot. His box had over 40 infections but the patient pulled through fine!

If you can't download directly to infected box, just download on another box, burn it or load it to an external drive, then load it to the problematic box and run in safe mode.

Not going to do you a lot of good to copy files to another drive if those files are infected as well.

Sally.

[Vick!]

Boot-time scan using Avast Free + Spybot S&D in Windows

Hope it will fix your problem.

[Grapesoda]

Quote:

Originally Posted by Sly

Man I'm having a bad week. Two different viruses on two different computers.

When I run MalwareBytes on regular boot, it finds and eliminates the files but it does not fix the problem. Upon reboot, everything is back to normal. When I run MalwareBytes in safe mood, it does not find anything at all.

I'm finding tons of different guides and they all have different directions and they also talk about different versions needing different remedies. Anybody conquer this bitch successfully?

http://remove-malware.net/how-to-rem...-anti-spyware/

[fpaul90]

If you still have viruses try deleting the files in your registry, or everytime you delete files, they'll jjust keep re appearing because of your registry

[jigg]

what OS are you on?
I have windows defender installed and running, Microsoft security essentials is free
Spybot is pretty much tops when it comes to ripping out hard to remove spyware

[GatorB]

Quote:

Originally Posted by Amputate Your Head

Yep. Back in '07 when I switched to Macs and shitcanned all my PCs.

Security through obscurity is no security at all.

[u-Bob]

re-installing is the only way to be 100% sure it's gone....

[acctman]

let us know how things are once the scan is done. also if you're having search pages and antivirus pages appearing in your browser more than liking you have a proxy virus. easy to remove. It'll effect all browser, fastest way to manual remove it is load IE go to Tool - Internet Options - Connections tab - select LAN settings - check Proxy Server then click Advanced - remove anything in HTTP (probably will be something like 127.0.0.1 with a port) - ok out of there and uncheck proxy server. Go to General tab select Delete - check Temp. Internet Files and delete.

do that after running malabytewares thats a pretty good spyware removal but it sometimes doesn't wipe the browser changes. you might also want to go to Run and then type in msconfig then select Startup tab uncheck anything that looks suspicious, look at the Manufacturer and Command columns. If anything is "unknown" and in a weird location and file name, its more than likely a spyware. (i.e. sniffer Unknown c:\windows\temp\_ex-08.exe). I'm pretty good at spotting spyware file so feel free to post any the file name of anything that looks weird and you're unsure of, or you can just google the file name.

[erooup]

Quote:

Originally Posted by acctman

Wait don't reinstall... what problem are you exactly having. you said malabyteware finds and eliminates the virus but does not fix the problem... can you explain the problem you're having?

Yes, a full reinstall is the only way to go. The OS have been compromised, and no matter what he does, he can never be sure that is going on with the systemfiles, because polymorphic file infectors like Sality, leave the malware code virtually untraceable if the client OS was succesfully infected.

[alias]

Sucks getting pwned, good luck Sly!

[$5 submissions]

Quote:

Originally Posted by Amputate Your Head

Yep. Back in '07 when I switched to Macs and shitcanned all my PCs.

I might go that route soon myself. Tired of playing Whack A Mole with malware. Yet another thing to worry about -- EXTORTIONWARE: http://www.ixdownload.com/forums/sec...-programs.html Lovely

[Sly]

Bah. Still the same problems.

I'll start preparing for a reinstall later this week.

[Amputate Your Head]

Quote:

Originally Posted by GatorB

Security through obscurity is no security at all.

No, but security through Little Snitch is pretty well armored.

[acctman]

Quote:

Originally Posted by erooup

Yes, a full reinstall is the only way to go. The OS have been compromised, and no matter what he does, he can never be sure that is going on with the systemfiles, because polymorphic file infectors like Sality, leave the malware code virtually untraceable if the client OS was succesfully infected.

he's has a spyware and it just mess with the browser/connection functions in order to get you to visit a pages. formatting and reinstalling is the lazy way of fixing things. its not going to stop the problem from happening again in the future so it good to learn how to manually remove the problem. Malawarebyte does a good job of removing the files. Windows (vista/7) will tell you if a system file has been altered or changed. Formatting and reinstalling definitely my way maybe considered the hard way but you learn whats happening and will pick up on threats long before they take effect after a reboot.

[erooup]

Quote:

Originally Posted by acctman

he's has a spyware and it just mess with the browser/connection functions in order to get you to visit a pages. formatting and reinstalling is the lazy way of fixing things. its not going to stop the problem from happening again in the future so it good to learn how to manually remove the problem. Malawarebyte does a good job of removing the files. Windows (vista/7) will tell you if a system file has been altered or changed. Formatting and reinstalling definitely my way maybe considered the hard way but you learn whats happening and will pick up on threats long before they take effect after a reboot.

What you dont seem to understand is; Windows Defender 2010 is what have been detected so far, because the real malware it installs, is virtually untraceable. It dont matter what OS it is, when it comes to polymorphic file infectors or viruses.

Once a OS have been compromised, it will remain unsafe. That is why I said, his only approach to securing his data again, is reinstalling and using a secure antivirus program.

[acctman]

Quote:

Originally Posted by erooup

What you dont seem to understand is; Windows Defender 2010 is what have been detected so far, because the real malware it installs, is virtually untraceable. It dont matter what OS it is, when it comes to polymorphic file infectors or viruses.

Once a OS have been compromised, it will remain unsafe. That is why I said, his only approach to securing his data again, is reinstalling and using a secure antivirus program.

oh boy... windows defender is a common malaware virus there is nothing super special about it. it does not corrupt system files or hide within system files. it works like any low end spyware virus. my way works 100% and would bet money on it. i'm seriously bad ass when it comes to repairing computers... BUT! i'm not going to argue, I've removed windows defender before so I know what it does and what it doesn't. The who point is to learn. Anyone can format (thats the answer everyone gives) a computer and not all virus scanners can prevent new spyware. I put any tech support, repair center, geek squad geek to shame...

[fpaul90]

you can always just put linux on your computer, it has the best security you can get ;)

[roly]

Quote:

Originally Posted by acctman

let us know how things are once the scan is done. also if you're having search pages and antivirus pages appearing in your browser more than liking you have a proxy virus. easy to remove. It'll effect all browser, fastest way to manual remove it is load IE go to Tool - Internet Options - Connections tab - select LAN settings - check Proxy Server then click Advanced - remove anything in HTTP (probably will be something like 127.0.0.1 with a port) - ok out of there and uncheck proxy server. Go to General tab select Delete - check Temp. Internet Files and delete.

do that after running malabytewares thats a pretty good spyware removal but it sometimes doesn't wipe the browser changes. you might also want to go to Run and then type in msconfig then select Startup tab uncheck anything that looks suspicious, look at the Manufacturer and Command columns. If anything is "unknown" and in a weird location and file name, its more than likely a spyware. (i.e. sniffer Unknown c:\windows\temp\_ex-08.exe). I'm pretty good at spotting spyware file so feel free to post any the file name of anything that looks weird and you're unsure of, or you can just google the file name.

that's what i would do too, also run spybot s&d after malwarebytes that seems to find most of the registry entries. and check your hosts file for any changes.

i fixed my cousins pc the other day and it had the fake anti virus program virus amongst others and it had removed registry entries so that you couldn't boot into safemode.