AntiHackers, need your help.

Welcome to RCTalk

Come join other RC enthusiasts! You'll be able to discuss, share and private message with other members of our community.

Register Log in
This site may earn a commission from merchant affiliate
links, including eBay, Amazon, and others.
SteelCityNitro

SteelCityNitro

RCTalk Addict
Messages
876
Reaction score
1
Location
Pittsburgh
RC Driving Style
  1. Bashing
  2. Racing
I just got the Security Defender Virus this morning. I've been fooling around with this bastard all day, and can't seem to get rid of it. If I start up in safe mode, the virus is disabled. My antivirus program was able to remover some of the files, but the program still runs and annoys me.

here's what I've found about this virus:
Just the latest spawn in a large brood of fake antivirus scanners, Security Defender has numerous connections to earlier forms of rogue malware and should be removed at the earliest opportunity. Like other rogues, it operates by way of a simple graphical shell that pretends to alert the user to serious computer errors. However, these are all false, specifically created to be a scam.
A Biography of the Newest Member of the Nasty Rogue Family

Security Defender, despite being the 2011 model of the same old scam, shares the limitations of these rogues. Most importantly, it's completely unable of detecting or removing true threats to your computer's stability or security. Like many kinds of malware, it has its origins in the Russian Federation. Although it may look a little different from others, more polished and modern, its methodology is identical. This is good for the user, because it means that removing Security Defender is an already solved puzzle!
Identifying the Traitor in Your Ranks

Sometimes it can be difficult to tell whether you have a malware infection on your computer. Security Defender is happily a standout rogue that makes identification very easy. In fact, it can't wait to advertise its presence! It will run itself automatically rather than requiring a prompt, and will immediately detect many nonexistent threats. Despite these messages, Security Defender is physically incapable of actually scanning your computer, let alone removing serious threats, even in its supposed 'full' version.

Another ironic trait that makes Security Defender a snap to identify is its rather morbidly enthusiastic marketing. This is a rogue that truly relies on you not knowing what it is to get the sale! It will engage in tactics such as creating popups or modifying your browser settings with a proxy server for redirection. Whatever foul tactics Security Defender takes always ends at the same goal, towards a purchase form for itself.
The Worst Security Defender Has to Offer to Your System

Security Defender's aggressive attempts to protect itself from being deleted are both its most blatant and its most dangerous behavior. To this end, it may automatically shut down any process it considers a threat to its own predatory well-being, including various genuine anti-malware scanner programs.
The Achilles Heels in Security Defender

Even in the face of such aggression, there's no reason to give in to this rogue invader. Security Defender has several weak points that make it easy to remove. Because it requires a web browser to scam you out of your money in the first place, Security Defender won't block the processes for Internet Explorer or Firefox.

However, it's usually more efficient to boot into Safe Mode. To access the menu for Safe Mode, simply hit F8 while starting your computer and this will prevent Security Defender from starting up in the first place. If your Internet connection is for some reason cut off or crippled by this rogue, there are two ways to regain it. The first is to use 'Safe Mode with Networking.' The second works in any mode - just disable proxy servers in your LAN Settings under the Connections tab of Internet Options (found in the Control Panel).

While in Safe Mode, removing Security Defender and any other infections should be your top concern, since this nasty little guy will hinder all other operations as long as it's on your hard drive. Some professional anti-malware scanners may have difficulty recognizing and cleansing the PC from Security Defender. It can also be removed in a hands-on fashion - searching for all its files and folders as well as registry entries, and deleting them one at a time. With this last method, you should take care that all components of Security Defender are truly deleted. Make sure that there aren't any malware-based processes running during your deletion sweep! If done properly, your system should be free of this highly disruptive pest, allowing you to go about your life with renewed freedom.
Security Defender or SecurityDefender Automatic Detection (Recommended)


I can't seem to locate any files related to this damn thing. Where should I be looking?
 
I assume it created a registry entry as well. Do you have System Restore turned on? In some of these cases, I find it is much easier, and less of a headache to go back to the last restore point.
 
download and run malwarebytes
http://download.cnet.com/3001-8022_4-10804572.html?spi=316c56677563f84dc2926ba2b5296503

what antivirus are you running? and how many files are left after you ran it and how many times did you run it? i would run the antivirus twice. i use avast the free edition
http://www.avast.com/free-antivirus-download

download ccleaner and run it.
http://download.cnet.com/3001-2086_4-10315544.html?spi=27e04a976e975962ec083e1d863bfa4b


once you've ran the antivirus twice, malwarebytes twice and checked everything accept wipe hard disk and save passwords and ran ccleaner. i would run the antivirus for the third time, this time seeing which files and which directory were left, manually opening c:/windows/system32 and delete whatever file it says is in there, if this is where it put it.

then after running malwarebytes do the same thing.

for the 4th run you should be clean. it's very very very time consuming but can be done.


i've found that on some systems it's easier to backup your information on a pen drive and reinstall windows.


very first thing i would do though is prob. run malwarebytes if you haven't already. it works pretty good. sometimes you have to run it a few times though
 
Last edited:
I'm using spyhunter, it got rid of some of the files... I ran it several times but there are still traces of it on my drive
 
try malwarebytes once. do the quick scan and get back with us.
 
Like broken_civic said, run malwarebytes. Also get AdAware SpyBot S&D, run that.
 
alien13 said:
I assume it created a registry entry as well. Do you have System Restore turned on? In some of these cases, I find it is much easier, and less of a headache to go back to the last restore point.
Click to expand...

I will try the programs that Civic suggested and then do a system restore and see what happens. I think I found some of the traces.. just have to figure out how to find and remove them. When I started up in safe mode I got a message starting that certain operations could not run and traced them back to the virus.
 
alien13 said:
Like broken_civic said, run malwarebytes. Also get AdAware SpyBot S&D, run that.
Click to expand...


pretty good for spyware? i've never heard of it or used it.

SteelCityNitro said:
I will try the programs that Civic suggested and then do a system restore and see what happens. I think I found some of the traces.. just have to figure out how to find and remove them. When I started up in safe mode I got a message starting that certain operations could not run and traced them back to the virus.
Click to expand...



system restores don't always get rid of the virus, i know from experience.
 
broken_civic said:
pretty good for spyware? i've never heard of it or used it.
Click to expand...
Been using in my pc, my wife's pc, and my dad's pc for at least the last 6-7 years, and as long as you keep the definitions up to date, and scan regularly, it's works great. I'll swear by it.

broken_civic said:
system restores don't always get rid of the virus, i know from experience.
Click to expand...
If I ever needed a last ditch, that was it, and it always worked. Expect for the one time that the virus was on my second hard drive.
 
Well guys I had to go out for the night but I will check back in with you in the morning
 
Malwarebytes brought my PC back from the brink a few years ago. That was the free version. I paid for it and now it runs in the background all the time and updates itself. Those are the two things the free version doesn't do.

Anytime I suspect something now, I fire up MWB and do a full system scan.
 
I also use Adaware and have used it for years. It works great for me.
 
I also recommend Microsoft Security Essentials for your AV software. It's free, and I run it on many PCs belonging to my family and friends, and I know quite a few IT pros who will also swear by it. There are many AV programs out there, only two stick out as great, Avast and MSE, but I'll put my faith in MSE any day, have for two and a half years, and if you had any idea what this computer went through in a day, you'd put your faith in it too.
 
Well after running the listed programs I think I was able to evict the virus. I still get a pop up messages about a program that can't run because I have a file locked out in quarantine. This file path is
C:\ProgramData\41e0b4f9-2399-4b00-945a-354b15e9418b_43.avi

The registry is HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41e0b4f9-2399-4b01-945a-345b15e9418b}


I'm not sure if this is just a corrupt windows file, or part of the virus program, but when it's locked out I dont get any more annoying messages from the phony antivirus program "security defender." From what I was reading on the virus, it was traced back to somewhere in Russia. Bastards... I hope they burn in hell.:angry:
 
You might also try...

Start, Run, type in msconfig, hit okay, then go to the start up tab and turn off anything that might be related to the virus. You might find the actual name listed.
 
alien13 said:
Damn commie hackers!
Click to expand...

Thats how I feel

Rolex said:
You might also try...

Start, Run, type in msconfig, hit okay, then go to the start up tab and turn off anything that might be related to the virus. You might find the actual name listed.
Click to expand...

Hm, I had a look.. didnt find anything related, but I think this whole thing is at bay now
 
Could always just get your data off and do a format/reinstall of the OS. Since it's not crippled at the moment, may not be a bad idea to spend $100 on a usb drive and get your junk off of it anyway in case the next one cripples it entirely.
 
Last about two weeks ago I had to users computer infected with this same crap, here's what I did to fix it.

1. Using a flash drive and a clean PC downloaded Superantispyware Portable and MalwareBytes and saved both files to the flash drive.

2. Insert the flash drive in the infected machine and restart it.

3. As soon as the desktop starts to load on the infected machine press CTRL+ALT+DEL and hurry and find the rouge task in task manager. The name is always different but it's usually something totally off the wall or just random letters and numbers. END the task right away - you have to be quick else once it starts everything it will close task manager and block anything else from running or installing. So be quick!

4. Once the task has been killed install malwarebytes, update, and perform quick scan. Remove infected files then run Superantispyware portable quick scan and reboot any infected.

5. Reboot computer.

6. Enjoy clean PC. :)
 
avast can do a preboot scan. if you can get it installed, it will take care of it.

also pulling the drive and slaving it to a clean machine and scanning it there will get rid of it.
 

Similar threads

F
Best way to discharge a Spektrum G2 battery to storage voltage?
Replies
10
Views
374
Flyboy666
F
Greywolf74
Spektrum Firma 160A ESC LVC Setting Info
2 3
Replies
50
Views
13K
Jeffrcrc
J
WoodiE
If you don't Wannacry then update your stuff
Replies
0
Views
548
WoodiE
WoodiE
WoodiE
Registering your drone no longer required
Replies
9
Views
2K
Certified Mike
Certified Mike
WoodiE
Computer threat warning: CryptoLocker
2
Replies
30
Views
2K
WoodiE
WoodiE
Back
Top