Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG 9.0 detects malware Defender


  • Please log in to reply
20 replies to this topic

#1 hwkd

hwkd

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 08 January 2010 - 10:55 AM

Found a topic thread with similar problem that was closed.

Have completed malware removal process of

java updated
boot up set to normal
SAS
Malware Bytes
Combo Fix

SAS and Malware found a lot of nasties including "Antispyware" and both are running clean

Combo Fix flushed out a lot of "Antispyware" residuals.

Trying to install AVG 9.0 which wants Malware Defender uninstalled.

Cannot see Malware Defender anywhere.

Any suggestions?

Thanks

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:50 AM

Posted 08 January 2010 - 10:56 AM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:50 AM

Posted 08 January 2010 - 02:39 PM

As I am unsure if you've used the latast version of malwarebytes please Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 hwkd

hwkd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 08 January 2010 - 03:37 PM

MBAM Scan Log below.

Malware Defense (MD) is hanging around in the Windows Security Center after the firewall and Auto Updates listings.

Periodically a little balloon pops up stating MD may be out of date.

Not finding in Add/remove programs, processes, registry, etc.

Thanks



Malwarebytes' Anti-Malware 1.44
Database version: 3521
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/8/2010 3:22:53 PM
mbam-log-2010-01-08 (15-22-53).txt

Scan type: Quick Scan
Objects scanned: 107479
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:50 AM

Posted 08 January 2010 - 04:48 PM

OK, I think we have to do one more . It's a bit long.. Drweb-cureit



Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 hwkd

hwkd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 11 January 2010 - 08:29 AM

Ran both scans with Dr. Web over the weekend and final result is:

"Done - no virus found"

"Save report list" not an option under File drop down.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:50 AM

Posted 11 January 2010 - 10:27 AM

This looks clean ,do you still have that "Malware Defense (MD) is hanging around in the Windows Security Center after the firewall and Auto Updates listings."
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 hwkd

hwkd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 11 January 2010 - 10:39 AM

Yes.

Wild guess here but it seems as though maybe some of this is related to McAfee which was uninstalled automatically and manually hanging around.

There are still some remnants of McAfee drivers i.e., Mpfp.sys hanging around

I want to delete them??????

Again, when I tried to install AVG 9.0 or Avasti, they freak out and freeze the machine up when they run.

Thanks for the ongoing assistance

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:50 AM

Posted 11 January 2010 - 10:57 AM

Hi I think we should remove both ,reboot then reinstall one.


McAfee Consumer Product Removal Tool: MCPR.exe

Avast Uninstall Utility:awsClear.exe

AVG Remover Utility: avgremover.exe

I may even suggest you install Avira frr as the others may have been conflicting with your system.. You can get antiVir,AVG or Avast here
http://www.bleepingcomputer.com/forums/topic3616.html
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 hwkd

hwkd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 11 January 2010 - 11:01 AM

OK, I have installed Avira Antivir

As an AVG man for some time, I think I am impressed (Not so much with AVAST).

As Avira was installing the Malware Defense pop-up balloon from the system tray pertaining to "out of date" disappeared.

The Windows Security System settings shows antvir and I was able to turn on the Windows firewall. (I know, I know......I was a big ZA man but had some upgrade problems, tried outpost and it knocked out the wireless on a laptop, so I guess I am looking at Comodo now.)

Do not know the source of thee lingering problem and why AVG and Avast did not behave like Avira. Should I post the Avira install/update log?

Also, I do recall seeing Avira in another thread, another forum on this site as pertains to Malware Defense. So, that is where the idea did come from.

Keeping fingers crossed.

#11 hwkd

hwkd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 11 January 2010 - 11:16 AM

Thanks for the tips:


McAfee Consumer Product Removal Tool: MCPR.exe

Avast Uninstall Utility:awsClear.exe

AVG Remover Utility: avgremover.exe



Should have thought of the AVAST and AVG removers since I have worked with mbclean.exe.

Double thanks on the MCPR.exe!!!!!!


Running Avira Scan did just give me a blue screen:

It is an IRQL_NOT_LESS

it an A and 02 message

have already tested the RAM on the machine with memtest86 and windows diagnostic

#12 hwkd

hwkd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 11 January 2010 - 03:07 PM

System running stable now.

In safe mode, Avira knocked out TR/Crypt.XPACK.Gen2 hanging around in a .zip file associated with HP Photosmart files hanging around in the temp folder.

Scans in normal mode no longer BSOD to IRQL STOP message.

I think we can close this thread.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:50 AM

Posted 11 January 2010 - 04:26 PM

Excellent.. Let's just mop up.
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 hwkd

hwkd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 15 January 2010 - 11:54 AM

It worked.

I have apprised the father of the laptop of the process/solution and you should see a donation from him.

MBAM looks to have knocked out most of the culprits.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:50 AM

Posted 15 January 2010 - 03:12 PM

Thank you please donate a first born and a gallon of meade.

Please take a few minutes to read our quietman7's excellent Tips to protect yourself against malware and reduce the potential for re-infection:,in post 17. :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users