Need help to get rid of Vista Defender Pro virus

spiki · 28 Mar 2010 at 12:33

My brother's computer is infected with this virus that seems to attach itself to the security settings in Vista and throws up loads of false error messages, starts scanning, continuous pop-ups etc. It appears to be a key logger and wants him to buy the full version of some bogus software.

I have researched the virus and have tried Spydoctor and Malwarebytes but both have been trial versions and while they identify the problem files, don't allow me to remove them without buying the full version.

Could anyone recommend a free, full version that would me to remove this malware as it is leaving his computer almost unusable.

Many thanks in advance.

SB118 · 28 Mar 2010 at 12:42

Malwarebytes has never asked for a purchase before it cleans up for me, have they changed the free version?

(or has this virus sent you to another virus site when you were downloading?)

VaderDSL · 28 Mar 2010 at 12:50

SB118 said:
Malwarebytes has never asked for a purchase before it cleans up for me, have they changed the free version?

(or has this virus sent you to another virus site when you were downloading?)

I have Malware bytes here and same, never asks me to purchase it.

theheyes · 28 Mar 2010 at 12:52

Get the mentioned software from another computer, burn it to disc and use that on the infected machine. Might help to change the filename of the executable too. Boot into safe mode as well.

d_brennen · 28 Mar 2010 at 12:55

theheyes said:
Get the mentioned software from another computer, burn it to disc and use that on the infected machine. Might help to change the filename of the executable too. Boot into safe mode as well.

^

ncjok · 28 Mar 2010 at 13:05

spiki said:
I have researched the virus and have tried Spydoctor and Malwarebytes but both have been trial versions and while they identify the problem files, don't allow me to remove them without buying the full version.

Sounds like a real learning process for you

Malwarebytes, as has been mentioned, will not ask you to pay for anything at all. In its free-to-use form it simply lacks the ability to monitor in real time or set up scheduled scans. Its ability to detect and subsequently remove nasties is no less reduced. Finding that it's suddenly nagging you to pay, as in the case of the malware you are actually trying to rid your computer of, is a classic sign of having downloaded a dupe copy from an unofficial source.

Always download from the software's homepage, RTFM and do some Googling for your original problem. There is often a clearly written guide to be found.

Echoing theheyes' comments, booting the infected PC in safe mode is often enough to get the job done. You can install and run Malwarebytes in this fashion.

Duke · 28 Mar 2010 at 13:06

Attach the infected HD to another system and scan it.

spiki · 28 Mar 2010 at 13:17

ncjok said:
Sounds like a real learning process for you

Malwarebytes, as has been mentioned, will not ask you to pay for anything at all. In its free-to-use form it simply lacks the ability to monitor in real time or set up scheduled scans. Its ability to detect and subsequently remove nasties is no less reduced. Finding that it's suddenly nagging you to pay, as in the case of the malware you are actually trying to rid your computer of, is a classic sign of having downloaded a dupe copy from an unofficial source.

Always download from the software's homepage, RTFM and do some Googling for your original problem. There is often a clearly written guide to be found.

Echoing theheyes' comments, booting the infected PC in safe mode is often enough to get the job done. You can install and run Malwarebytes in this fashion.

Seems like sound advice, thank you.

In all the years I have been using computers, I have never had a problem like this but thought I was taking a cautious approach and not getting ripped off (think I got some of the software of cnet). He asked me to sort it out as he is even more clueless than me. Will try this later and let you know how I get on. Appreciate everyone taking the time to help.

imamosher · 28 Mar 2010 at 13:24

Malwarebytes is a top program, managed to rid some nasties off my bro's pc a while back whcih other programs didnt detect.

spiki · 28 Mar 2010 at 14:45

theheyes said:
Get the mentioned software from another computer, burn it to disc and use that on the infected machine. Might help to change the filename of the executable too. Boot into safe mode as well.

How do you change the file name and what to?

theheyes · 28 Mar 2010 at 16:04

Often malware will block some executables from running based on their filename to survive attempts to remove it.

So, for example, it will watch out for someone trying to run malwarebytes.exe and then terminate it before it can do its job. Fortunately the mechanism is usually crude and renaming the executable to gingerbiscuits.exe or whatever will let it run. It's as easy as right-click and rename.

Crowort · 28 Mar 2010 at 16:12

Just right click and rename it. Also download the standalone definitions as that type of infection often stops maliware bytes updating.

Stand alone updates can be found here

Info on how to take definitions off a clean PC can be found on the malwarebytes forum

If that fails to fix it, then you'll likely have to use combofix. But be warned it can nuke your install.

spiki · 28 Mar 2010 at 16:45

That's great everyone - thanks very much.

HighlandeR · 28 Mar 2010 at 16:52

Malwarebytes+superantispyware will cure it, best too update it and run scan in safe mode or from another pc if its too badly infected too get into windows.

running kaspersky/avira full scan would be great as well.

KIA · 28 Mar 2010 at 17:03

I find the best solution these days is to Google the malware title and follow the instructions.

It usually involves a combination of Safemode and Malwarebytes.

spiki · 29 Mar 2010 at 21:23

OK, so I tried all of your suggestions and still getting these pop-ups.

Ran Malwarebytes in safe mode - it picked up 10 infected files which I removed.
D/l superantispyware and it wouldn't run. Renamed it and tried again, still nothing.

Restarted the system and still getting the pop-ups-Arghhhhhhhhhhh!!! Really really frustrating.

I had also found this which is pretty much what I have done:

http://www.myantispyware.com/2010/03/18/how-to-remove-vista-defender-pro-removal-guide/

Any other suggestions?

metalmackey · 29 Mar 2010 at 21:37

Malwarebytes ssay you should run antimalware in normal mode as its designed to pick up things when they are running.

spiki · 29 Mar 2010 at 21:44

OK, will try that. My bro's gonna leave the system over in the morning, so will be able to spend a lot more time on it.

SB118 · 29 Mar 2010 at 21:51

Once you've got it, boot to safemode, then msconfig and clean up the start list.

HighlandeR · 29 Mar 2010 at 22:10

What id do is get into windows or thru safemode, run msconfig and disable entire startup list so you got nothing running upon startup. Reboot to take effect.

Install malwarebytes and superantispyware trials, fully update it ( if you dont update either its pointless!) and run full scans with both programs also.

I only mention safe mode scans since you can find a few nasties that way and it can run a bit better especially if the bug isnt trying too hinder or stop the scan. Cant stress how important it is too update both programs.

Also you can download kaspersky rescue cd from here:

http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/

make sure your ethernet leads connected too the machine, and fun a full update and then a full AV scan.
This scans your entire hdd for any virus/bugs and kills it better.

If none of the above work, your one of the unlucky ones id advise backup + full restore, and then scan your back for any bugs.