Trojan "Spyware protection, Designed to protect"

I have a user who has contracted some sort of trojan.  Looks like it modifies defender.exe, and runs a program called "Spyware protection, Designed to protect" and gives the same garbage not letting me open just about anything, saying my computer is infected.  I've run malwarebytes anti-malware on it in safe mode, found something, removed it, but it is still there.  I even attached the HD to another computer and ran MBAM on the entire drive and nothing.  A system restore seems to have put a band-aid on the problem.  Symantec sees that defender is causing problems, but does not detect the virus.    any suggestions?
LVL 2
WinstinkAsked:
Who is Participating?
 
frostsystemsConnect With a Mentor Commented:
From safe mode, run Hitman Pro and then run Combofix. Problem solved.

Hitman Pro is available from www.surfright.nl

Combofix is available from http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
Thomas Zucker-ScharffConnect With a Mentor Systems AnalystCommented:
If your computer is now functioning properly make sure you delete all old restore points and create a new clean one:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/A_2209-Removing-protected-System-Restore-files-if-they-have-been-infected.html

BUT ONLY IF YOU HAVE A WORKING REBOOTABLE COMPUTER!

Check out the free version of this little tool, it may help:

http://www.iobit.com/ascdownload-promo.html
0
 
JonveeCommented:
For the record, both Malwarebytes & ComboFix should be run in normal mode where Malware are usually the most active.  You can run in safe mode at times when you're unable to reach normal mode.

There is a good 'disinfection guide' here, by rpggamergirl :
http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/A_1979-THINGS-YOU-NEED-TO-DO-WHEN-YOUR-PC-IS-INFECTED.html

If still unsuccessful, try running an Eset online scan, it has proved to have been effective when other scanners have failed:
http://www.eset.com/online-scanner
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
JonveeCommented:
You could also try temporarily uninstalling Defender, if not yet tried.   Then re-install Defender & fully update.
0
 
faizbaigCommented:
Following option may resolve your issue..

-> Right click " Defender.exe" or " "Spyware protection" icon you see on the desktop..etc. and click on "Properties" and click on "Find target" tab and try deleting that ".exe" file via normal mode or safe mode.

&

-> Look for "defender.exe" or "Spyware protection" on startup list and unselect the box if you find one.

0
 
WinstinkAuthor Commented:
nothing could be run in normal mode, the trojan would not allow anything to run that could allow you find where the virus originates.  combofix found a trojan and removed it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.