Jump to content


Photo
* * * * * 1 votes

Windows system defender virus


  • Please log in to reply
90 replies to this topic

#1 The Alpha Gamer

The Alpha Gamer

    Active WinMatrixian

  • Member
  • 996 posts

Posted 30 October 2009 - 02:21 PM

Ok so I've got a virus that's installed Windows System Defender. It's added "Gala search" to my firefox search bar and I can't open my task manager. I tried going in safe mode to run SDFix but it just gives me an error message. I googled it and found sites saying to use Malwarebites anti-malware. I just did a scan with that and it said it removed the 741 infections it found but it's still here. Help?! D=

#2 fediaFedia

fediaFedia

    Super WinMatrixian

  • Elites
  • 2,553 posts

Posted 30 October 2009 - 04:05 PM

Use HijackThis to clean it up, after that run a antivirus scan.

#3 RickSOLET

RickSOLET

    Super WinMatrixian

  • Member
  • 1,793 posts

Posted 30 October 2009 - 05:00 PM

Malwarebytes' Anti-Malware can remove it.

Or read this to manually remove it.

#4 The Alpha Gamer

The Alpha Gamer

    Active WinMatrixian

  • Member
  • 996 posts

Posted 30 October 2009 - 06:12 PM

Malwarebytes' Anti-Malware can remove it.

Or read this to manually remove it.



Did you read the first post? Malwarebytes Anti-malware didn't get rid of it and I can't open task manager so i can't remove it manualy


@Fedia: How do you clean it up with hijackthis? I thought that was just for scanning and making log files?

#5 poolsharkzz

poolsharkzz

    XP - 'till the world blows up!

  • Member
  • 403 posts

Posted 30 October 2009 - 09:22 PM

Is this still the same problem you had a month ago:

Got a virus, need urgent help!

...or is this something totally new?

Either way, I'd really wish you would stop and seriously think about actually repairing what needs to be repaired so this crap doesn't happen again, you know?

741 infections - are you trying to set a record?

That's more than double the nastys from the last time! Come on dude - isn't it time? I mean, it's your system but jeepers creepers, what does it take?

Follow RickSOLET's and fediaFEDIA's advice...

If you are not too busy, I'd also look over that past thread - all the answers you seek are there:

I would focus on the following posts: 9, 10, 23, 24, 30, 37, 39, 40, 45, 48, 54, 57, 59...
Then, pay particular attention to these posts: 26, 68, 70, 71, 79, 101, and 103.
Finally, I suggest you download, install, update if needed, and then run all 5 programs from post # 77.

And this time: please follow instructions as given to you, without arguing, fighting or questioning everyone's motives.

The whole program goes alot smoother!

Good luck,

poolsharkzz


PS. Didn't I say this was going to happen?

Edited by poolsharkzz, 25 November 2009 - 11:31 PM.


#6 The Alpha Gamer

The Alpha Gamer

    Active WinMatrixian

  • Member
  • 996 posts

Posted 30 October 2009 - 11:22 PM

No it's a new one. And I explained last time why I couldn't format my laptop or reinstall the OS or anything extreme like that. Once again, all I need is the virus gone, without that I'm perfectly happy with how my laptop is.

And I would follow their advice but like it said, malwarebytes said it got rid of everything and it's all still here, I can't get taskmanager to open to remove it manually and I don't know how to fix things with Hijackthis, if someone will explain how to, I will gladly try that.

#7 Afzal

Afzal

    Super WinMatrixian

  • Member
  • 1,668 posts

Posted 30 October 2009 - 11:49 PM

open regedit, if its not opening then use something like Autoruns utility to disable the crap from starting at startup, for enabling taskmgr, it might be disabled from the registry or the exe file might've been replaced

#8 The Alpha Gamer

The Alpha Gamer

    Active WinMatrixian

  • Member
  • 996 posts

Posted 31 October 2009 - 12:09 AM

Sorry if i'm slow but what are you saying to do once I have regedit open?

#9 Syzygy

Syzygy

    Zing.

  • Member
  • 3,470 posts

Posted 31 October 2009 - 12:45 AM

Looks pretty common - just take a look at http://www.bleepingc...system-defender

I guess this would be it:
Posted Image

Looks like a mix of Windows Defender and the Security centre, lol.

@Fedia,
Afaik HiJackthis doesn't cleanup automatically - unless you know what entries you want to remove (which I presume is what you meant). Anyway, the bleeping computer guide has all the info you need.

Edited by Syzygy, 31 October 2009 - 12:53 AM.


#10 poolsharkzz

poolsharkzz

    XP - 'till the world blows up!

  • Member
  • 403 posts

Posted 31 October 2009 - 12:59 AM

No it's a new one. And I explained last time why I couldn't format my laptop or reinstall the OS or anything extreme like that. Once again, all I need is the virus gone, without that I'm perfectly happy with how my laptop is.

And I would follow their advice but like it said, malwarebytes said it got rid of everything and it's all still here, I can't get taskmanager to open to remove it manually and I don't know how to fix things with Hijackthis, if someone will explain how to, I will gladly try that.



So, I was right: It is the same problem you had last month... Attached File  crazy.gif   4.87K   0 downloads

I can't help you because you won't help yourself. The problem is that you have very little computer knowledge and that you don't understand how important it is to run a decent antivirus, firewall, spyware programs, backup, etc.

You are causing your own problems, I am sorry to say... Attached File  grandpa.gif   2.44K   0 downloads

Also, you really don't understand viruses and spyware, and how they manipulate your static or dynamic IP Addresses, mess with your TCP/IP Stack, and change your Winsock LSP's. They screw up the insides of a system so bad to the point where it is not fixable anymore on any level and you have only one choice left - to reformat...

Which is right where you are at today - it doesn't matter if you believe it or not. Attached File  help.gif   2.59K   0 downloads

Because of your lack of decent computer knowledge, you computer is too infected and even if you removed all traces of all infections you will still have problems.

How could you trust your system to be fine after, what, over 1000 infections in a month's time? Tell me, what wrong with that picture?

FYI: I'd bet you would get a 40% performance boost just from reformating - imagine what we could do if we tweaked, tuned, and secured that system!

Please understand that is it not as easy as downloading something and running a scan to remove it.

You remind me of this: Attached File  Rescue.gif   8.86K   0 downloads

I am a Doctor...

You are a 35+ year Smoker... Attached File  smokin.gif   538bytes   0 downloads

You tell me you have lung cancer and to "remove it"...

I say: "Yes, I can get you started on chemotherapy right away - but it depends how serious it is - chemotherapy might not work. Also, I want you to quit smoking"...

You tell me "No - I am perfectly happy smoking - I'm not going to change any of my habits - do your job and just get rid of the cancer".

I say: "I am sorry then, I can't help you".

Do you understand now? Do you understand why?

My final suggestion is this: Attached File  Pirate.gif   12.04K   0 downloads

I would PM either CommonSense or Syzygy and ask them to help you update your system to Windows 7...

It will cost you $30.00 if you are still in school and I am sure they will help you out, knowing that they will be removing an XP system off the face of the earth - they might even chip in $15.00 bucks each just to see it go! LOL

Seriously, you will be much better off - Windows 7 is far superior for Laptops with much improved power usage, memory management, overall security, etc.

Hell, just having the crappy Windows Firewall in place and User Account Control working as it should will go a long way to keeping your system safe and secure.

It's against my better judgement to go any furthur, you will just take bits and pieces of what I tell you to do and not follow directions thus you will be right back where you were last month. Sad turn of events...

Your options are limited - I wish you the best of luck!

poolsharkzz


PS. Anyone who helps out this guy will only see him back here asking for your help again in a month - He doesn't want to do the things necessary to help himself. It's up to you but I wouldn't waste any more of my time - it's not worth it.


Attached File  PacMan.gif   37.75K   0 downloads

Edited by poolsharkzz, 31 October 2009 - 07:31 PM.


#11 The Alpha Gamer

The Alpha Gamer

    Active WinMatrixian

  • Member
  • 996 posts

Posted 31 October 2009 - 01:00 AM

Syzygy: i tried that guide before making this thread. D=

poolsharkzz: The first part of the post you quoted said that it's a new one. You said that this laptop is beyond repair, you said that last time, and after the virus was removed, it was fine.

As for saying I wont follow advice and that anyone that helps me would just be wasting their time, you don't know me at all, so you have now proof that I wouldn't follow advice.

And as far as Windows 7 goes, I will be getting it on my new laptop when I can afford it

Edited by The Alpha Gamer, 31 October 2009 - 01:04 AM.


#12 bhast2

bhast2

    Hi I'm Win8

  • Member
  • 633 posts

Posted 31 October 2009 - 01:09 AM

not again

WOW

time to laugh for 6 or 7 days

dude needs to learn how to keep his computer clean

#13 Syzygy

Syzygy

    Zing.

  • Member
  • 3,470 posts

Posted 31 October 2009 - 02:39 AM

If you could, hop onto safe mode and try to remove the entries manually.

Files to remove:
%UserProfile%\Application Data\Windows System Defender
c:\Documents and Settings\All Users\Application Data\61a60\WSDDSys
c:\Documents and Settings\All Users\Application Data\61a60
c:\Documents and Settings\All Users\Application Data\61a60\WS83b.exe
c:\Documents and Settings\All Users\Application Data\61a60\8727.mof
c:\Documents and Settings\All Users\Application Data\61a60\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\61a60\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\61a60\WSD.ico
c:\Documents and Settings\All Users\Application Data\61a60\WSDDSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\WSDDSys
c:\Documents and Settings\All Users\Application Data\WSDDSys\wsd.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows System Defender.lnk
%UserProfile%\Application Data\Windows System Defender\cookies.sqlite
%UserProfile%\Desktop\Windows System Defender.lnk
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\eb.sys
%UserProfile%\Recent\eb.tmp
%UserProfile%\Recent\energy.sys
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\exec.tmp
%UserProfile%\Recent\FS.exe
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\ppal.dll
%UserProfile%\Recent\SICKBOY.exe
%UserProfile%\Start Menu\Windows System Defender.lnk
%UserProfile%\Start Menu\Programs\Windows System Defender.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml

Registry Entries to Fix
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" => "http://search-gala.com/?&uid=222&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" => "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows System Defender"

The registry entries could probably be cleaned via Hijack This, or regedit if you feel comfortable to use it. Oh! and make sure to disable System Restore and delete any existing restores before you do this - otherwise it may potentially try to restore itself.

If you use msconfig or ccleaner to view the startup entries - if you see any entries that look or are associated with anything above, delete or uncheck the entry.

If you can't use Task Manager, download Process Explorer @ http://download.sysi...essExplorer.zip

Edited by Syzygy, 31 October 2009 - 02:43 AM.


#14 The Alpha Gamer

The Alpha Gamer

    Active WinMatrixian

  • Member
  • 996 posts

Posted 31 October 2009 - 02:44 AM

I tried safe mode twice earlier and just got an error. I will try it again tomorrow though

How do I clean entries with hijackthis?

#15 Syzygy

Syzygy

    Zing.

  • Member
  • 3,470 posts

Posted 31 October 2009 - 03:03 AM

I tried safe mode twice earlier and just got an error. I will try it again tomorrow though

How do I clean entries with hijackthis?

After it finished scanned, I think it's meant to give you a choice of checking boxes under the entries you want to delete. Then you just have to click a clean or delete or something - forgot sorry. (Haven't used it in a while)

#16 The Alpha Gamer

The Alpha Gamer

    Active WinMatrixian

  • Member
  • 996 posts

Posted 31 October 2009 - 03:08 AM

Malwarebytes' Anti-Malware can remove it.

Or read this to manually remove it.


I'm going through this manual list, it didn't find all the processes it said to kill, didn't find any of the DLL's when I tried to unregister them and i'm going through the files and can't find ones it says to delete but i'm finding some with the same filename but with a different extension, should I delete them too?

#17 poolsharkzz

poolsharkzz

    XP - 'till the world blows up!

  • Member
  • 403 posts

Posted 31 October 2009 - 04:46 AM

not again

WOW

time to laugh for 6 or 7 days

dude needs to learn how to keep his computer clean



You know it!

Normally, I would take the time to teach this guy everything I know, he doesn't want to learn...
It's a shame - I haven't had a virus, spyware infection, or other nasty in over 8 years.

Everything he needs has already been posted - he just doesn't want to do it!
Even if he completely cleaned up his system, I still wouldn't trust it.

So, sit back in your lazy boy chair, stick in the microwave a bag of Orville Redenbacher's Gourmet Popping Corn, fill your mug to the top with your favorite java juice and spike it hard with your favorite pain-killin poison...

I have a feeling this one is going to take a while.

poolsharkzz

Edited by poolsharkzz, 25 November 2009 - 11:32 PM.


#18 Syzygy

Syzygy

    Zing.

  • Member
  • 3,470 posts

Posted 31 October 2009 - 09:42 AM


Malwarebytes' Anti-Malware can remove it.

Or read this to manually remove it.


I'm going through this manual list, it didn't find all the processes it said to kill, didn't find any of the DLL's when I tried to unregister them and i'm going through the files and can't find ones it says to delete but i'm finding some with the same filename but with a different extension, should I delete them too?

Again, anything that looks alike - it's very simple for a virus/program to rename the extension to make it usable. If they do look alike, rename them to the correct extension and try to unregister them.

#19 poolsharkzz

poolsharkzz

    XP - 'till the world blows up!

  • Member
  • 403 posts

Posted 31 October 2009 - 07:54 PM

And as far as Windows 7 goes, I will be getting it on my new laptop when I can afford it



Dude, you do not need a new Laptop to install Windows 7. Attached File  pullhair.gif   1.26K   0 downloads

In fact, your system would be ideal for the upgrade: Windows 7 Boosts Laptop Battery Life

I'd also check out: Windows 7 boot time on a modest laptop

The Power of Google comples you: Take some time and learn the options available. Attached File  console.gif   11.04K   0 downloads

Don't buy a new one, hardware is dirt cheap these days - you can finds deals everywhere!
Your money will be better off spent upgrading your RAM (MHz and MB) and while you're at it, upgrade the Processor as well.

Follow my advice and you will be thanking me for years to come!

How's that "new" virus treating you?

poolsharkzz

Attached File  beach.gif   13.55K   0 downloads

Edited by poolsharkzz, 31 October 2009 - 07:56 PM.


#20 The Alpha Gamer

The Alpha Gamer

    Active WinMatrixian

  • Member
  • 996 posts

Posted 31 October 2009 - 09:26 PM


And as far as Windows 7 goes, I will be getting it on my new laptop when I can afford it



Dude, you do not need a new Laptop to install Windows 7. Attached File  pullhair.gif   1.26K   0 downloads

In fact, your system would be ideal for the upgrade: Windows 7 Boosts Laptop Battery Life

I'd also check out: Windows 7 boot time on a modest laptop

The Power of Google comples you: Take some time and learn the options available. Attached File  console.gif   11.04K   0 downloads

Don't buy a new one, hardware is dirt cheap these days - you can finds deals everywhere!
Your money will be better off spent upgrading your RAM (MHz and MB) and while you're at it, upgrade the Processor as well.

Follow my advice and you will be thanking me for years to come!

How's that "new" virus treating you?

poolsharkzz

Attached File  beach.gif   13.55K   0 downloads


No I don't need a new laptop to install Windows 7, I need a new laptop so I can have my own laptop

And the new one you said no-one could get rid of? Gone I think. I did the manual removal last night and it stayed gone. Did a search with Malwarebytes and it found 730+ infections, all registry values, let it fix them, updated Malwarebytes and did another scan and found 33 infections, let it fix them and now have taskmanager back.

Want to comment?

Register or Sign In to go completely ad-free!