Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Trojan "Spyware protection, Designed to protect"

Posted on 2010-11-19
6
Medium Priority
?
5,917 Views
Last Modified: 2013-12-09
I have a user who has contracted some sort of trojan.  Looks like it modifies defender.exe, and runs a program called "Spyware protection, Designed to protect" and gives the same garbage not letting me open just about anything, saying my computer is infected.  I've run malwarebytes anti-malware on it in safe mode, found something, removed it, but it is still there.  I even attached the HD to another computer and ran MBAM on the entire drive and nothing.  A system restore seems to have put a band-aid on the problem.  Symantec sees that defender is causing problems, but does not detect the virus.    any suggestions?
0
Comment
Question by:Winstink
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 5

Accepted Solution

by:
frostsystems earned 1000 total points
ID: 34175449
From safe mode, run Hitman Pro and then run Combofix. Problem solved.

Hitman Pro is available from www.surfright.nl

Combofix is available from http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 30

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 1000 total points
ID: 34175826
If your computer is now functioning properly make sure you delete all old restore points and create a new clean one:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/A_2209-Removing-protected-System-Restore-files-if-they-have-been-infected.html

BUT ONLY IF YOU HAVE A WORKING REBOOTABLE COMPUTER!

Check out the free version of this little tool, it may help:

http://www.iobit.com/ascdownload-promo.html
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 34182193
For the record, both Malwarebytes & ComboFix should be run in normal mode where Malware are usually the most active.  You can run in safe mode at times when you're unable to reach normal mode.

There is a good 'disinfection guide' here, by rpggamergirl :
http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/A_1979-THINGS-YOU-NEED-TO-DO-WHEN-YOUR-PC-IS-INFECTED.html

If still unsuccessful, try running an Eset online scan, it has proved to have been effective when other scanners have failed:
http://www.eset.com/online-scanner
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 27

Expert Comment

by:Jonvee
ID: 34182200
You could also try temporarily uninstalling Defender, if not yet tried.   Then re-install Defender & fully update.
0
 
LVL 9

Expert Comment

by:faizbaig
ID: 34182203
Following option may resolve your issue..

-> Right click " Defender.exe" or " "Spyware protection" icon you see on the desktop..etc. and click on "Properties" and click on "Find target" tab and try deleting that ".exe" file via normal mode or safe mode.

&

-> Look for "defender.exe" or "Spyware protection" on startup list and unselect the box if you find one.

0
 
LVL 2

Author Closing Comment

by:Winstink
ID: 34182798
nothing could be run in normal mode, the trojan would not allow anything to run that could allow you find where the virus originates.  combofix found a trojan and removed it.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question