[The Alpha Gamer]

Ok so I've got a virus that's installed Windows System Defender. It's added "Gala search" to my firefox search bar and I can't open my task manager. I tried going in safe mode to run SDFix but it just gives me an error message. I googled it and found sites saying to use Malwarebites anti-malware. I just did a scan with that and it said it removed the 741 infections it found but it's still here. Help?! D=

[fediaFedia]

Use HijackThis to clean it up, after that run a antivirus scan.

[RickSOLET]

Malwarebytes' Anti-Malware can remove it.

Or read this to manually remove it.

[The Alpha Gamer]

RickSOLET, on 30 October 2009 - 06:00 PM, said:

Malwarebytes' Anti-Malware can remove it.

Or read this to manually remove it.

Did you read the first post? Malwarebytes Anti-malware didn't get rid of it and I can't open task manager so i can't remove it manualy


@Fedia: How do you clean it up with hijackthis? I thought that was just for scanning and making log files?

[poolsharkzz]

Is this still the same problem you had a month ago:

Got a virus, need urgent help!

...or is this something totally new?

Either way, I'd really wish you would stop and seriously think about actually repairing what needs to be repaired so this crap doesn't happen again, you know?

741 infections - are you trying to set a record?

That's more than double the nastys from the last time! Come on dude - isn't it time? I mean, it's your system but jeepers creepers, what does it take?

Follow RickSOLET's and fediaFEDIA's advice...

If you are not too busy, I'd also look over that past thread - all the answers you seek are there:

I would focus on the following posts: 9, 10, 23, 24, 30, 37, 39, 40, 45, 48, 54, 57, 59...
Then, pay particular attention to these posts: 26, 68, 70, 71, 79, 101, and 103.
Finally, I suggest you download, install, update if needed, and then run all 5 programs from post # 77.

And this time: please follow instructions as given to you, without arguing, fighting or questioning everyone's motives.

The whole program goes alot smoother!

Good luck,

poolsharkzz


PS. Didn't I say this was going to happen?


 7_5_139.gif (48.05K)
Number of downloads: 1

This post has been edited by poolsharkzz: 31 October 2009 - 07:28 PM

[The Alpha Gamer]

No it's a new one. And I explained last time why I couldn't format my laptop or reinstall the OS or anything extreme like that. Once again, all I need is the virus gone, without that I'm perfectly happy with how my laptop is.

And I would follow their advice but like it said, malwarebytes said it got rid of everything and it's all still here, I can't get taskmanager to open to remove it manually and I don't know how to fix things with Hijackthis, if someone will explain how to, I will gladly try that.

[Afzal]

open regedit, if its not opening then use something like Autoruns utility to disable the crap from starting at startup, for enabling taskmgr, it might be disabled from the registry or the exe file might've been replaced

[The Alpha Gamer]

Sorry if i'm slow but what are you saying to do once I have regedit open?

[Syzygy]

Looks pretty common - just take a look at http://www.bleepingc...system-defender

I guess this would be it:


Looks like a mix of Windows Defender and the Security centre, lol.

@Fedia,
Afaik HiJackthis doesn't cleanup automatically - unless you know what entries you want to remove (which I presume is what you meant). Anyway, the bleeping computer guide has all the info you need.

This post has been edited by Syzygy: 31 October 2009 - 12:53 AM

[poolsharkzz]

The Alpha Gamer, on 30 October 2009 - 06:22 PM, said:

No it's a new one. And I explained last time why I couldn't format my laptop or reinstall the OS or anything extreme like that. Once again, all I need is the virus gone, without that I'm perfectly happy with how my laptop is.

And I would follow their advice but like it said, malwarebytes said it got rid of everything and it's all still here, I can't get taskmanager to open to remove it manually and I don't know how to fix things with Hijackthis, if someone will explain how to, I will gladly try that.

So, I was right: It is the same problem you had last month...  crazy.gif (4.87K)
Number of downloads: 0

I can't help you because you won't help yourself. The problem is that you have very little computer knowledge and that you don't understand how important it is to run a decent antivirus, firewall, spyware programs, backup, etc.

You are causing your own problems, I am sorry to say...  grandpa.gif (2.44K)
Number of downloads: 0

Also, you really don't understand viruses and spyware, and how they manipulate your static or dynamic IP Addresses, mess with your TCP/IP Stack, and change your Winsock LSP's. They screw up the insides of a system so bad to the point where it is not fixable anymore on any level and you have only one choice left - to reformat...

Which is right where you are at today - it doesn't matter if you believe it or not.  help.gif (2.59K)
Number of downloads: 0

Because of your lack of decent computer knowledge, you computer is too infected and even if you removed all traces of all infections you will still have problems.

How could you trust your system to be fine after, what, over 1000 infections in a month's time? Tell me, what wrong with that picture?

FYI: I'd bet you would get a 40% performance boost just from reformating - imagine what we could do if we tweaked, tuned, and secured that system!

Please understand that is it not as easy as downloading something and running a scan to remove it.

You remind me of this:  Rescue.gif (8.86K)
Number of downloads: 0

I am a Doctor...

You are a 35+ year Smoker...  smokin.gif (538bytes)
Number of downloads: 0

You tell me you have lung cancer and to "remove it"...

I say: "Yes, I can get you started on chemotherapy right away - but it depends how serious it is - chemotherapy might not work. Also, I want you to quit smoking"...

You tell me "No - I am perfectly happy smoking - I'm not going to change any of my habits - do your job and just get rid of the cancer".

I say: "I am sorry then, I can't help you".

Do you understand now? Do you understand why?

My final suggestion is this:  Pirate.gif (12.04K)
Number of downloads: 0

I would PM either CommonSense or Syzygy and ask them to help you update your system to Windows 7...

It will cost you $30.00 if you are still in school and I am sure they will help you out, knowing that they will be removing an XP system off the face of the earth - they might even chip in $15.00 bucks each just to see it go! LOL

Seriously, you will be much better off - Windows 7 is far superior for Laptops with much improved power usage, memory management, overall security, etc.

Hell, just having the crappy Windows Firewall in place and User Account Control working as it should will go a long way to keeping your system safe and secure.

It's against my better judgement to go any furthur, you will just take bits and pieces of what I tell you to do and not follow directions thus you will be right back where you were last month. Sad turn of events...

Your options are limited - I wish you the best of luck!

poolsharkzz


PS. Anyone who helps out this guy will only see him back here asking for your help again in a month - He doesn't want to do the things necessary to help himself. It's up to you but I wouldn't waste any more of my time - it's not worth it.


 PacMan.gif (37.75K)
Number of downloads: 0

This post has been edited by poolsharkzz: 31 October 2009 - 07:31 PM

[The Alpha Gamer]

Syzygy: i tried that guide before making this thread. D=

poolsharkzz: The first part of the post you quoted said that it's a new one. You said that this laptop is beyond repair, you said that last time, and after the virus was removed, it was fine.

As for saying I wont follow advice and that anyone that helps me would just be wasting their time, you don't know me at all, so you have now proof that I wouldn't follow advice.

And as far as Windows 7 goes, I will be getting it on my new laptop when I can afford it

This post has been edited by The Alpha Gamer: 31 October 2009 - 01:04 AM

[bhast2]

not again

WOW

time to laugh for 6 or 7 days

dude needs to learn how to keep his computer clean

[Syzygy]

If you could, hop onto safe mode and try to remove the entries manually.

Files to remove:

%UserProfile%\Application Data\Windows System Defender
c:\Documents and Settings\All Users\Application Data\61a60\WSDDSys
c:\Documents and Settings\All Users\Application Data\61a60
c:\Documents and Settings\All Users\Application Data\61a60\WS83b.exe
c:\Documents and Settings\All Users\Application Data\61a60\8727.mof
c:\Documents and Settings\All Users\Application Data\61a60\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\61a60\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\61a60\WSD.ico
c:\Documents and Settings\All Users\Application Data\61a60\WSDDSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\WSDDSys
c:\Documents and Settings\All Users\Application Data\WSDDSys\wsd.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows System Defender.lnk
%UserProfile%\Application Data\Windows System Defender\cookies.sqlite
%UserProfile%\Desktop\Windows System Defender.lnk
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\FS.exe
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.dll
%UserProfile%\Recent\SICKBOY.exe
%UserProfile%\Start Menu\Windows System Defender.lnk
%UserProfile%\Start Menu\Programs\Windows System Defender.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml

Registry Entries to Fix

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=222&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" => "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows System Defender" 

The registry entries could probably be cleaned via Hijack This, or regedit if you feel comfortable to use it. Oh! and make sure to disable System Restore and delete any existing restores before you do this - otherwise it may potentially try to restore itself.

If you use msconfig or ccleaner to view the startup entries - if you see any entries that look or are associated with anything above, delete or uncheck the entry.

If you can't use Task Manager, download Process Explorer @ http://download.sysi...essExplorer.zip

This post has been edited by Syzygy: 31 October 2009 - 02:43 AM

[The Alpha Gamer]

I tried safe mode twice earlier and just got an error. I will try it again tomorrow though

How do I clean entries with hijackthis?

[Syzygy]

The Alpha Gamer, on 31 October 2009 - 12:44 PM, said:

I tried safe mode twice earlier and just got an error. I will try it again tomorrow though

How do I clean entries with hijackthis?

After it finished scanned, I think it's meant to give you a choice of checking boxes under the entries you want to delete. Then you just have to click a clean or delete or something - forgot sorry. (Haven't used it in a while)