Malware Defender 2009

[KYR]

Nasty. Nasty. Nasty.

Took me all day to get my PC working to some semblance of its former self.


Two main problems I have now which I can't seem to resolve:

1. Randomly, my screen will freeze. Can't do ANYTHING. Only option is to cut power and re-boot.
2. AVG anti-virus will not re-install. I keep getting a time-out error. It gets to the final installation process and times out. Also when this happens IE stops working. I then have to 'unistall' AVG to get IE working again.

Running XP, used Spyware Doctor to find the Registry infections and cleared most of them.

Any assistance would be greatly appreciated before I wipe the hard drive and start again.

[Vietnamese Crippler]

http://www.bleepingcomputer.com/viru...-defender-2009

I've used this process to remove other viruses (Virtumonde)

[Requiem]

^Yep. 'Vundo' is horrible. Have fixed at least 3 computers with it or a variant in the past, and it is probably one of the biggest PITA's to get rid of manually (without formatting).

[KYR]

Thanks guys.

I'll download Malwarebytes when I get home and see if it picks up anything SDr missed.

[Danny Electric]

Wow, was just talking to Mike about this last night.

I have the same thing on my laptop, won't let me upgrade AVG, it doesn't even stay on long enough for me to get rid of the thing.

The laptop stays on for about 2 mins and then freezes so I need help to.

Anyone

[KYR]

Same thing I experienced at first.

Took me a lot of re-booting to gradually edit out and delete all the crap out of the registry and start-up to get to the point where it didn't freeze up for about 30 mins each time.

I think if you can download malwarebytes onto a DVD so you can load it quickly onto your laptop will help.

Other suggestions I've found on-line is to re-boot in Safe Mode with network access to see if you can download m-bytes directly.

The link VC provided has a fairly comprehensive guide on things to try. I'll be home in a couple of hours and will try it.

[Danny Electric]

How did you delete the crap out of registry and start up?

[KYR]

I had my laptop with me and I found a site with some step-by-step tips.

I booted my PC and went straight into the registry and found the infections and deleted them. Could only delete one or two at a time before it 'froze' on me again and had to re-boot.

To edit the registry, click 'Run' and type 'regedit'. This opens up the registry.

[KYR]

These are the registry entries that you need to delete...

HKEY_CLASSES_ROOT\CLSID\{3F0691F1-70E6-44A9-938A-1DC356674878}
HKEY_CLASSES_ROOT\CLSID\{8B2C743A-D44A-4A93-8233-ABEE8BF8ED62}
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defender 2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defender 2009
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "updater"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "malwaredef"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad "DriversLoad"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad "HardwareDrivers"

[KYR]

These are the files that you need to delete...

c:\Program Files\Malware Defender 2009
c:\Program Files\Malware Defender 2009\conf.cfg
c:\Program Files\Malware Defender 2009\malwaredef.exe
c:\Program Files\Malware Defender 2009\mbase.vdb
c:\Program Files\Malware Defender 2009\quarantine.vdb
c:\Program Files\Malware Defender 2009\queue.vdb
c:\Program Files\Malware Defender 2009\uninstall.exe
c:\Program Files\Malware Defender 2009\vbase.vdb
c:\Program Files\Malware Defender 2009\quarantine
c:\WINDOWS\reged.exe
c:\WINDOWS\spoolsystem.exe
c:\WINDOWS\sys.com
c:\WINDOWS\syscert.exe
c:\WINDOWS\sysexplorer.exe
c:\WINDOWS\vmreg.dll
c:\WINDOWS\system32\wcenter.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers
c:\Documents and Settings\All Users\Application Data\Microsoft\win.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\svchos.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\t.id
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\c.cgm
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\vifwnhzqoe.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Network\install.exe
%UserProfile%\Desktop\Malware Defender 2009.lnk
%UserProfile%\Start Menu\Programs\Malware Defender 2009
%UserProfile%\Start Menu\Programs\Malware Defender 2009\Malware Defender 2009.lnk
%UserProfile%\Start Menu\Programs\Malware Defender 2009\Uninstall.lnk

[thedamndest]

I got a terrible virus last night as well. I formatted though because I am a big stupid head.

[Bad Company]

All fixed?
Also, download spybot search and destroy, and lavasoft adaware, install them, boot windows into safe mode, use msconfig to configure your startup to not run the virus shit, reboot back into safe mode, run spybot and adaware, clean shit up, reboot back into safe mode, run them again, make sure you use the spybot immunize function to help prevent virus' in the future.
Instead of AVG free, use avira antivirus, it's a shitload better, and free as well, or spend the cash and get nod32.

[Bad Company]

And that's the bottom line.

[KYR]

I've used spybot in the past but it seemed to be resource hungry (was a few years ago).

Does the 'immunize function' slow everything down if it's on all the time or can you set it to 'scan' periodically? Or is the alternative to be better safe than sorry and up my RAM?

[KYR]

I'm also paranoid at the moment about 'buying' things on-line atm. Just in case that malware shit is still lurking around in some form.

Think I'll buy it over the counter.

[KYR]

And thanks.

[Bad Company]

Spybot is awesome, just dont install that teatimer and system protection shit, just use it as a tool to scan for spyware when you want it.
Immunization won't use any extra resources, all it does is, when your pc tries to visit known spyware/virus/adware sites and addresses, it tricks it into visiting a safe site (your own pc).

Also, www.eset.com is the maker of nod32, get the full smartsecurity program with the firewall if you want, its pretty good. I run it.

[KYR]

Update:

Downloaded malwarebytes - could not even get it to install.
Downloaded Spybot - installed but would not open.
Downloaded Adaware - installed and opened. It found a couple of minor infections but none related to Malware Defender.

Screen is still freezing and I still can't install AVG.

I have two internal hard drives. 'C' drive is 50GB and 'D' drive is 150GB.

Should I load Windows onto the 'D' drive and make it the 'Master' and then wipe the 'C' drive and start again? Or just wipe the 'C' drive and reload Windows?

[Vietnamese Crippler]

Is it the same problem if you try to install/run the programs in safe mode?

[KYR]

Yep. Tried doing everything in both Safe Mode and Normal Mode as per BC's instructions.

[KYR]

<<< I did THAT a lot last night.

[KYR]

OK. I'm now thinking of buying a new hard drive and starting from scratch.

I can get one for ~$60 (Seagate 500GB, 160MB/s, 16MB cache). I can then keep my old hard drive (as is - just in case my back-ups didn't work).

Question. What's the difference between IDE and SATA? Can I use either or would my motherboard be specific for just one or the other?

[Vietnamese Crippler]

SATA is faster than IDE.

Newer motherboards (like 4 or 5 years old) should have both SATA and IDE connectors. And you should be using SATA whenever possible (if your motherboard has the connectors, of course).

[Requiem]

Yeah, all the sites that explain how to get rid of it act like it is an easy process. But they forget the fact that these viruses fuck with a shit ton of stuff and block access to internet, downloading, installing... ugh.. Huge pain in the ass. Hate these 'whatever 2009' fucking things. Don't know how they even get on people's computers in the first place.

HMMM KYR?

[KYR]

I don't know either.

I mean apart from TPDUB the only other site I visit is a Bible Scriptures site.

[KYR]

Update.

Got the new hard drive and installed it.

Loaded Windows and the rest of the programs. Had a bit of trouble with my sound card - kept getting a 'Code 10' error message. Apparently this is a pretty common problem judging by the various forums I looked at trying to solve the problem. Took me about a day to find a driver that actually worked but all good now.

I must say, it's nice to start with a 'clean slate' so to speak without a couple of years' worth of stored crap.

[Bad Company]

Yup, bet it's going a shitload faster. How much memory have you got? Might be the next wee upgrade.

[KYR]

It is going much faster.

I've currently got 2GB's of RAM...gonna double it this weekend.

[Xero]

Pfft, my ram's bigger.

[Bad Company]

12gb here

[Xero]

Quote:

Originally Posted by Bad Company 12gb here

I'm only 8GB.

I SHOULD GET EXTENZ TO 16GB. :foc:

[KYR]

I feel so...inadequate

[Vietnamese Crippler]

Screw BC and his DDR3 :foc:

[El Fangel]

KYR, if you can locate the file itself and can right click on it, download Unlocker. I did that and got rid of a few rather annoying undeleteable files.

[KYR]

Quote:

Originally Posted by Fallen Angel KYR, if you can locate the file itself and can right click on it, download Unlocker. I did that and got rid of a few rather annoying undeleteable files.

I have no idea what you're talking aboot.

What file?

[El Fangel]

Ok, there should be a file containing all the Malware Defender stuff in it, If you try to delete it and it wont let you try the program I mentioned. If I am totally of the mark, sorry.

[KYR]

Nah. Hard drive's been wiped. Got a new one as well.

All good.

[El Fangel]

Thats pretty shitty bud. Oh well, nice to start off with a clean slate.

[KYR]

Actually I look at it as a good thing now.

It was always bugging me that there were annoying little things wrong and wanted to format my hard drive and start again. The thing that always stopped me was the fact that I'd have to go through all the crap of re-loading all my programs etc. etc.

This just provided the impetus for me to finally do it.

[Xero]

I reinstall every few months. >.>