How can I remove Malware: Smart Defender Pro?

I have a user who has managed to snag a copy of this Smart Defender Pro malware.  Pop-ups every few seconds, bogus "Your browser is secure" screens, false threat warnings, the works.  The only files I see listed on the system are in her profile under Application Data.  I need to know if anyone has idea what reg keys and or files to look for so I can get rid of this thing.

The only info I have found on the web are sites advertising removal tools (always shady).  The app is an exact replica of "Virus Remover Pro."  After all the bogus literature I have come across, I would rather get some assistance via EE (with all our abundant knowledge!)

I will re-image the machine in the end but I wanted to see if anyone has some additional insight.
LVL 3
Mahoney-84Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
Have you tried MalwareBytes - www.malwarebytes.org - great free tool and finds all manner of spyware, malware and other nasties.
0
David-HowardCommented:
As stated, Malwarebytes should remove this threat.
http://www.bleepingcomputer.com/virus-removal/remove-smart-defender-pro
If however you are unable to remove it in normal mode, you may need to boot into Safe Mode (F8 at startup) and run the scan in that mode.
You may also want to run HiJackThis. Once you run the utility look for and remove the following entry if present.
O4 - HKCU\..\Run: [Smart Defender PRO] %UserProfile%\\Application Data\Smart Defender PRO\smrtdefp.exe
Download HiJackThis from:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Once you run the utility save the log file.
You can post it for free analysis here or at
www.hijackthis.de
You are primarily looking for items marked with red X's.
You can get a brief overview of Hijackthis here:
http://www.bleepingcomputer.com/tutorials/tutorial42.html
0
Mohamed OsamaSenior IT ConsultantCommented:
with rogue programs like this one , if Malwarebytes did not do the trick as advised above, you can jump rightaway to using Combofix
also please show us the logs form Hijack this, Combofix & MBAM

0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

moatistCommented:
I would try  Spybot - Search & Destroy which you can download from:
http://www.safer-networking.org/en/download/index.html

Moatist
0
Mahoney-84Author Commented:
The log is attached.
But this is after the fact - Ran a full scan in Norton (in SAFEMODE) and removed the executable from %UserProfile%\\Application Data\Smart Defender PRO\smrtdefp.exe prior to running hijackthis.  

I can log in as the user and the SmartDefender no longer appears in the tray and the popups have ceased.  I don't see any background processes that should not be there.

Hijackthislog.txt
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mohamed OsamaSenior IT ConsultantCommented:
Nice work with the removal efforts , try to fix  those entries using hijack this to get rid of some leftovers
O4 - HKUSS-1-5-21-842925246-1659004503-1417001333-9722..Run: [Smart Defender PRO] C:Documents and Settingsocasis\Application DataSmart Defender PROsmrtdefp.exe (User 'ocasis')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

it is still a good idea to run a scan using MBAM.
finaly take a look here for the manual removal steps
http://windowsprotection.net/how-to-remove-smart-defender-pro-smartdefender-pro-removal-guide/



0
Mahoney-84Author Commented:
The hijackthis logs are very helpful - Thank you for suggesting the very handy utility
Prefer to try and remove threats like this manually without scan utilities or blow the machine away and start over.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.