TPWW Forums

TPWW Forums (https://www.tpwwforums.com/index.php)
-   computer help forum (https://www.tpwwforums.com/forumdisplay.php?f=14)
-   -   Malware Defender 2009 (https://www.tpwwforums.com/showthread.php?t=98252)

KYR 12-28-2009 06:14 PM

Malware Defender 2009
 
Nasty. Nasty. Nasty.

Took me all day to get my PC working to some semblance of its former self.


Two main problems I have now which I can't seem to resolve:
  1. Randomly, my screen will freeze. Can't do ANYTHING. Only option is to cut power and re-boot.
  2. AVG anti-virus will not re-install. I keep getting a time-out error. It gets to the final installation process and times out. Also when this happens IE stops working. I then have to 'unistall' AVG to get IE working again.
Running XP, used Spyware Doctor to find the Registry infections and cleared most of them.

Any assistance would be greatly appreciated before I wipe the hard drive and start again.

Vietnamese Crippler 12-28-2009 07:15 PM

http://www.bleepingcomputer.com/viru...-defender-2009

I've used this process to remove other viruses (Virtumonde)

Requiem 12-28-2009 07:28 PM

^Yep. 'Vundo' is horrible. Have fixed at least 3 computers with it or a variant in the past, and it is probably one of the biggest PITA's to get rid of manually (without formatting).

KYR 12-28-2009 07:41 PM

Thanks guys.

I'll download Malwarebytes when I get home and see if it picks up anything SDr missed.

Danny Electric 12-28-2009 09:44 PM

Wow, was just talking to Mike about this last night.

I have the same thing on my laptop, won't let me upgrade AVG, it doesn't even stay on long enough for me to get rid of the thing.

The laptop stays on for about 2 mins and then freezes so I need help to.

Anyone

KYR 12-28-2009 10:18 PM

Same thing I experienced at first.

Took me a lot of re-booting to gradually edit out and delete all the crap out of the registry and start-up to get to the point where it didn't freeze up for about 30 mins each time.

I think if you can download malwarebytes onto a DVD so you can load it quickly onto your laptop will help.

Other suggestions I've found on-line is to re-boot in Safe Mode with network access to see if you can download m-bytes directly.

The link VC provided has a fairly comprehensive guide on things to try. I'll be home in a couple of hours and will try it.

Danny Electric 12-28-2009 10:32 PM

How did you delete the crap out of registry and start up?

KYR 12-28-2009 10:37 PM

I had my laptop with me and I found a site with some step-by-step tips.

I booted my PC and went straight into the registry and found the infections and deleted them. Could only delete one or two at a time before it 'froze' on me again and had to re-boot.

To edit the registry, click 'Run' and type 'regedit'. This opens up the registry.

KYR 12-28-2009 10:38 PM

These are the registry entries that you need to delete...
HKEY_CLASSES_ROOT\CLSID\{3F0691F1-70E6-44A9-938A-1DC356674878}
HKEY_CLASSES_ROOT\CLSID\{8B2C743A-D44A-4A93-8233-ABEE8BF8ED62}
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defender 2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defender 2009
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "updater"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "malwaredef"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad "DriversLoad"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad "HardwareDrivers"

KYR 12-28-2009 10:39 PM

These are the files that you need to delete...
c:\Program Files\Malware Defender 2009
c:\Program Files\Malware Defender 2009\conf.cfg
c:\Program Files\Malware Defender 2009\malwaredef.exe
c:\Program Files\Malware Defender 2009\mbase.vdb
c:\Program Files\Malware Defender 2009\quarantine.vdb
c:\Program Files\Malware Defender 2009\queue.vdb
c:\Program Files\Malware Defender 2009\uninstall.exe
c:\Program Files\Malware Defender 2009\vbase.vdb
c:\Program Files\Malware Defender 2009\quarantine
c:\WINDOWS\reged.exe
c:\WINDOWS\spoolsystem.exe
c:\WINDOWS\sys.com
c:\WINDOWS\syscert.exe
c:\WINDOWS\sysexplorer.exe
c:\WINDOWS\vmreg.dll
c:\WINDOWS\system32\wcenter.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers
c:\Documents and Settings\All Users\Application Data\Microsoft\win.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\svchos.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\t.id
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\c.cgm
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\vifwnhzqoe.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Network\install.exe
%UserProfile%\Desktop\Malware Defender 2009.lnk
%UserProfile%\Start Menu\Programs\Malware Defender 2009
%UserProfile%\Start Menu\Programs\Malware Defender 2009\Malware Defender 2009.lnk
%UserProfile%\Start Menu\Programs\Malware Defender 2009\Uninstall.lnk

thedamndest 12-28-2009 11:34 PM

I got a terrible virus last night as well. I formatted though because I am a big stupid head.

Bad Company 12-29-2009 12:20 AM

All fixed?
Also, download spybot search and destroy, and lavasoft adaware, install them, boot windows into safe mode, use msconfig to configure your startup to not run the virus shit, reboot back into safe mode, run spybot and adaware, clean shit up, reboot back into safe mode, run them again, make sure you use the spybot immunize function to help prevent virus' in the future.
Instead of AVG free, use avira antivirus, it's a shitload better, and free as well, or spend the cash and get nod32.

Bad Company 12-29-2009 12:20 AM

And that's the bottom line.

KYR 12-29-2009 12:27 AM

I've used spybot in the past but it seemed to be resource hungry (was a few years ago).

Does the 'immunize function' slow everything down if it's on all the time or can you set it to 'scan' periodically? Or is the alternative to be better safe than sorry and up my RAM?

KYR 12-29-2009 12:30 AM

I'm also paranoid at the moment about 'buying' things on-line atm. Just in case that malware shit is still lurking around in some form.

Think I'll buy it over the counter.

KYR 12-29-2009 12:30 AM

And thanks. :y:

Bad Company 12-29-2009 01:13 AM

Spybot is awesome, just dont install that teatimer and system protection shit, just use it as a tool to scan for spyware when you want it.
Immunization won't use any extra resources, all it does is, when your pc tries to visit known spyware/virus/adware sites and addresses, it tricks it into visiting a safe site (your own pc).

Also, www.eset.com is the maker of nod32, get the full smartsecurity program with the firewall if you want, its pretty good. I run it.

KYR 12-29-2009 05:49 PM

Update:

Downloaded malwarebytes - could not even get it to install.
Downloaded Spybot - installed but would not open.
Downloaded Adaware - installed and opened. It found a couple of minor infections but none related to Malware Defender.

Screen is still freezing and I still can't install AVG.

I have two internal hard drives. 'C' drive is 50GB and 'D' drive is 150GB.

Should I load Windows onto the 'D' drive and make it the 'Master' and then wipe the 'C' drive and start again? Or just wipe the 'C' drive and reload Windows?

Vietnamese Crippler 12-29-2009 05:58 PM

Is it the same problem if you try to install/run the programs in safe mode?

KYR 12-29-2009 05:59 PM

Yep. Tried doing everything in both Safe Mode and Normal Mode as per BC's instructions.

KYR 12-29-2009 06:00 PM

<<< I did THAT a lot last night. :(

KYR 12-29-2009 08:00 PM

OK. I'm now thinking of buying a new hard drive and starting from scratch.

I can get one for ~$60 (Seagate 500GB, 160MB/s, 16MB cache). I can then keep my old hard drive (as is - just in case my back-ups didn't work).

Question. What's the difference between IDE and SATA? Can I use either or would my motherboard be specific for just one or the other?

Vietnamese Crippler 12-29-2009 08:06 PM

SATA is faster than IDE.

Newer motherboards (like 4 or 5 years old) should have both SATA and IDE connectors. And you should be using SATA whenever possible (if your motherboard has the connectors, of course).

Requiem 12-29-2009 11:23 PM

Yeah, all the sites that explain how to get rid of it act like it is an easy process. But they forget the fact that these viruses fuck with a shit ton of stuff and block access to internet, downloading, installing... ugh.. Huge pain in the ass. Hate these 'whatever 2009' fucking things. Don't know how they even get on people's computers in the first place.

HMMM KYR?

KYR 12-31-2009 02:08 AM

I don't know either.

I mean apart from TPDUB the only other site I visit is a Bible Scriptures site. :shifty:

KYR 01-03-2010 11:04 PM

Update.

Got the new hard drive and installed it.

Loaded Windows and the rest of the programs. Had a bit of trouble with my sound card - kept getting a 'Code 10' error message. Apparently this is a pretty common problem judging by the various forums I looked at trying to solve the problem. Took me about a day to find a driver that actually worked but all good now.

I must say, it's nice to start with a 'clean slate' so to speak without a couple of years' worth of stored crap.

Bad Company 01-04-2010 02:22 PM

Yup, bet it's going a shitload faster. How much memory have you got? Might be the next wee upgrade.

KYR 01-04-2010 06:09 PM

It is going much faster.

I've currently got 2GB's of RAM...gonna double it this weekend. :D

Xero 01-05-2010 10:52 AM

Pfft, my ram's bigger. :roll:

:shifty:

Bad Company 01-06-2010 05:17 AM

12gb here ;)

KYR 01-06-2010 06:15 PM

I feel so...inadequate :$

Xero 01-06-2010 07:29 PM

Quote:

Originally Posted by Bad Company (Post 2887885)
12gb here ;)

I'm only 8GB. :'(

I SHOULD GET EXTENZ TO 16GB. :foc:

Vietnamese Crippler 01-06-2010 07:43 PM

Screw BC and his DDR3 :foc:

El Fangel 01-06-2010 08:52 PM

KYR, if you can locate the file itself and can right click on it, download Unlocker. I did that and got rid of a few rather annoying undeleteable files.

KYR 01-06-2010 10:07 PM

Quote:

Originally Posted by Fallen Angel (Post 2888958)
KYR, if you can locate the file itself and can right click on it, download Unlocker. I did that and got rid of a few rather annoying undeleteable files.

:?: I have no idea what you're talking aboot.

What file?

El Fangel 01-07-2010 12:52 AM

Ok, there should be a file containing all the Malware Defender stuff in it, If you try to delete it and it wont let you try the program I mentioned. If I am totally of the mark, sorry.

KYR 01-07-2010 12:54 AM

Nah. Hard drive's been wiped. Got a new one as well.

All good.

El Fangel 01-07-2010 12:57 AM

Thats pretty shitty bud. Oh well, nice to start off with a clean slate.

KYR 01-07-2010 01:03 AM

Actually I look at it as a good thing now.

It was always bugging me that there were annoying little things wrong and wanted to format my hard drive and start again. The thing that always stopped me was the fact that I'd have to go through all the crap of re-loading all my programs etc. etc.

This just provided the impetus for me to finally do it.

Xero 01-08-2010 11:18 AM

I reinstall every few months. >.>


All times are GMT -4. The time now is 06:52 PM.

Powered by vBulletin®