Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How can I remove Malware: Smart Defender Pro?

Posted on 2009-07-07
7
Medium Priority
?
1,087 Views
Last Modified: 2013-11-22
I have a user who has managed to snag a copy of this Smart Defender Pro malware.  Pop-ups every few seconds, bogus "Your browser is secure" screens, false threat warnings, the works.  The only files I see listed on the system are in her profile under Application Data.  I need to know if anyone has idea what reg keys and or files to look for so I can get rid of this thing.

The only info I have found on the web are sites advertising removal tools (always shady).  The app is an exact replica of "Virus Remover Pro."  After all the bogus literature I have come across, I would rather get some assistance via EE (with all our abundant knowledge!)

I will re-image the machine in the end but I wanted to see if anyone has some additional insight.
0
Comment
Question by:Mahoney-84
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24795813
Have you tried MalwareBytes - www.malwarebytes.org - great free tool and finds all manner of spyware, malware and other nasties.
0
 
LVL 27

Assisted Solution

by:David-Howard
David-Howard earned 200 total points
ID: 24796025
As stated, Malwarebytes should remove this threat.
http://www.bleepingcomputer.com/virus-removal/remove-smart-defender-pro
If however you are unable to remove it in normal mode, you may need to boot into Safe Mode (F8 at startup) and run the scan in that mode.
You may also want to run HiJackThis. Once you run the utility look for and remove the following entry if present.
O4 - HKCU\..\Run: [Smart Defender PRO] %UserProfile%\\Application Data\Smart Defender PRO\smrtdefp.exe
Download HiJackThis from:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Once you run the utility save the log file.
You can post it for free analysis here or at
www.hijackthis.de
You are primarily looking for items marked with red X's.
You can get a brief overview of Hijackthis here:
http://www.bleepingcomputer.com/tutorials/tutorial42.html
0
 
LVL 23

Expert Comment

by:Mohamed Osama
ID: 24801997
with rogue programs like this one , if Malwarebytes did not do the trick as advised above, you can jump rightaway to using Combofix
also please show us the logs form Hijack this, Combofix & MBAM

0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 2

Expert Comment

by:moatist
ID: 24805642
I would try  Spybot - Search & Destroy which you can download from:
http://www.safer-networking.org/en/download/index.html

Moatist
0
 
LVL 3

Accepted Solution

by:
Mahoney-84 earned 0 total points
ID: 24805820
The log is attached.
But this is after the fact - Ran a full scan in Norton (in SAFEMODE) and removed the executable from %UserProfile%\\Application Data\Smart Defender PRO\smrtdefp.exe prior to running hijackthis.  

I can log in as the user and the SmartDefender no longer appears in the tray and the popups have ceased.  I don't see any background processes that should not be there.

Hijackthislog.txt
0
 
LVL 23

Assisted Solution

by:Mohamed Osama
Mohamed Osama earned 300 total points
ID: 24806047
Nice work with the removal efforts , try to fix  those entries using hijack this to get rid of some leftovers
O4 - HKUSS-1-5-21-842925246-1659004503-1417001333-9722..Run: [Smart Defender PRO] C:Documents and Settingsocasis\Application DataSmart Defender PROsmrtdefp.exe (User 'ocasis')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

it is still a good idea to run a scan using MBAM.
finaly take a look here for the manual removal steps
http://windowsprotection.net/how-to-remove-smart-defender-pro-smartdefender-pro-removal-guide/



0
 
LVL 3

Author Comment

by:Mahoney-84
ID: 24858701
The hijackthis logs are very helpful - Thank you for suggesting the very handy utility
Prefer to try and remove threats like this manually without scan utilities or blow the machine away and start over.
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question