Im gonna keep this short, my computer has somehow been infected with a rogue virus named "Desktop Defender 2010", I have no idea how to remove it. Seeing as how we have quite a few tech savvy people around here I thought I might be able to get some help around here. I'm running Microsoft XP MCE 2002 SP3.
First result on a Google search:
http://www.spywarevoid.com/remove-desktop-defender-2010-desktopdefender-2010-removal-help.html
And just adding on to what Scotty said in case you don't know what to do with it. Pretty much for any documented virus, there are manual instructions. (meaning you, not a program removes the virus) and that is what you want to look for in scotty's link. Also, you'll most likely have to go and remove registry keys, so if there is anything like that in the instructions, in order to get into your registry you go to Run> Type "cmd" > than in the cmd type "regedit"....in case you already didn't know. And as always, be careful what you delete as many important files/etc are in your registry, so only delete what the instructions say. Hope that helps.
Quote from: Mr Pwnage on December 31, 2009, 05:12:44 PM
And just adding on to what Scotty said in case you don't know what to do with it. Pretty much for any documented virus, there are manual instructions. (meaning you, not a program removes the virus) and that is what you want to look for in scotty's link. Also, you'll most likely have to go and remove registry keys, so if there is anything like that in the instructions, in order to get into your registry you go to Run> Type "cmd" > than in the cmd type "regedit"....in case you already didn't know. And as always, be careful what you delete as many important files/etc are in your registry, so only delete what the instructions say. Hope that helps.
I am going to go ahead and gauge (through his post) that M4 should absolutely
not go into the registry. Whenever there is a problem, I constantly see people here recommend they go into the registry and should start deleting stuff, throwing a prayer that they don't FUBAR their computer. That's even AFTER they provide an automatic way that would prevent people from having to go to the registry editor. I guess people like to think they are savvy and are incapable of making mistakes.
M4, DO NOT go into your registry, that should be last resort. Rely on the recommended software in that link. If that software does not do the trick, find another that will. Just keep Googling until you find a program that removes it for you. I typed in "Windows 2010 Removal" and I saw PAGES of links on how to remove it.
EDIT: Chaos just put it perfectly. Going into the regedit right off the bat to fix the problem when a simple anti-virus program will do it for you, is like having a headache, and "You should do brain surgery on yourself and see what the problem is. But be careful!" Long story short, you should NEVER have to go into your registry for... just about anything... Unless you work for Microsoft... Or have a Masters in Computer Science...
EDIT 2: ... Pwnage, I just want to clarify, when you say regedit, you DO mean actual registry edit on your computer, and not the bathtub sitting in your back yard, acting as a make-shift ice pack, holding all your beer and your house's fuse box, while you sit around watching your neighbors play the age ol' game of "Spank the Bull" right?
Thank you, I did see that link before, and had tried the manual version before I even posted here but many of the keys they point you to in the registry lead to dead ends, because the virus isn't located them. However after browsing through many other websites they all seem to point towards "Spyware Doctor". I'm downloading it now, but I'm still backing up some of my files in which worse case scenario I will have to wipe my computer clean.
Edit: And as for manually deleting the files, it wouldn't allow you to anyways because the virus is always running. Even as I type this :\ It wouldn't allow me to go on Firefox, Explorer, or Opera, so I've been using Chrome to get around it.
Quote from: NotoriousM4^ on December 31, 2009, 05:41:18 PM
and had tried the manual version before I even posted here but many of the keys they point you to in the registry lead to dead ends
That's
EXACTLY why you don't do it. People get curious and start snooping around thinking they gotta be there somewhere. Trust in software to do it for you.
I think the above analogy of reg-edit as brain surgery is very good. Don't go in there, unless you have a computer you want to get rid of. If you plan to wipe your computer by inserting an OS re-installation disc(that's the only way I know of), messing with reg-edit can destroy even that precious fail-safe.
You could also compare it to bomb dismantlement. "Don't cut the red wire". "But their ALL red wires!" "Oh. Well, your screwed."---something like that.
By the way, I'm looking at a search page right now. I don't see that there's anything wrong with it, except being annoying. According to the site I'm on, it just tries to trick you into getting rid of good programs by calling them viruses.
Or unless you're a brain surgeon.
Quote from: Jackabomb on December 31, 2009, 06:05:01 PM
By the way, I'm looking at a search page right now. I don't see that there's anything wrong with it, except being annoying. According to the site I'm on, it just tries to trick you into getting rid of good programs by calling them viruses.
If you were to have gotten the virus yourself, I would have been glad to accept that "statement".
I don't know how to get ride of this and the best thing i can say use is google. But if anything (i know i will get hate for this) fromat and reinstall if you want to be 100% sure its gone.
Quote from: http://www.ontrackdatarecovery.com/computer-virus-information/#Q6Q: What should I do if I get a virus?
First, don't panic! Resist the urge to reformat or erase everything in sight. Write down everything you do in the order that you do it. This will help you to be thorough and not duplicate your efforts. Your main actions will be to contain the virus, so it does not spread elsewhere, and then to eradicate it.
If you work in a networked environment, where you share information and resources with others, do not be silent. If you have a system administrator, tell her what has happened. It is possible that the virus has infected more than one machine in your workgroup or organization. If you are on a local area network, remove yourself physically from it immediately.
Once you have contained the virus, you will need to disinfect your system, and then work carefully outwards to deal with any problems beyond your system itself (for example, you should meticulously and methodically look at your system backups, and any removable media that you use). If you are on a network, any networked computers and servers will also need to be checked.
Any good anti-virus software will help you to identify the virus and then remove it from your system. Viruses are designed to spread, so don't stop at the first one you find, continue looking until you are sure you've checked every possible source. It is entirely possible that you could find several hundred copies of the virus throughout your system and media!
To disinfect your system, shut down all applications and shut down your computer right away. Then, if you have Fix-It Utilities 99, boot off your System Rescue Disk. Use the virus scanner on this rescue disk to scan your system for viruses. Because the virus definitions on your Rescue Disk may be out of date and is not as comprehensive as the full Virus Scanner in Fix-It, once you have used it and it has cleared your system of known viruses, boot into Windows and use the full Virus Scanner to do an "On Demand" scan set to scan all files. If you haven't run Easy Update recently to get the most current virus definition files, do so now.
If the virus scanner can remove the virus from an infected file, go ahead and clean the file. If the cleaning operation fails, or the virus software cannot remove it, either delete the file or isolate it. The best way to isolate such a file is to put it on a clearly marked floppy disk and then delete it from your system.
Once you have dealt with your system, you will need to look beyond it at things like floppy disks, backups and removable media. This way you can make sure that you won't accidentally re-infect your computer. Check all of the diskettes, zip disks, and CD-ROMs that may have been used on the system.
Finally, ask yourself who has used the computer in the last few weeks. If there are others, they may have inadvertently carried the infection to their computer, and be in need of help. Viruses can also infect other computers through files you may have shared with other people. Ask yourself if you have sent any files as email attachments, or copied any files from your machine to a server, web site or FTP site recently. If so, scan them to see if they are infected, and if they are, inform other people who may now have a copy of the infected file on their machine.
This is also some info and try asking here
http://answers.yahoo.com/
you can also try
http://onecare.live.com/site/en-za/center/whatsnew.htm
Quote from: Chaos on December 31, 2009, 06:34:42 PM
Or unless you're a brain surgeon.
And if you WERE a brain surgeon, you would hopefully (I use that term lightly here, I never underestimate humanity's stupidity) be smart enough to realize cracking open your noggin for a headache is a BAD idea!
Well yeah...don't go into your registry and delete shit for shits and giggles... Honestly though, I've never had a problem as far as doing it that method...before I got antivirus software on this new comp I got about 5 viruses...all I was able to remove them all manually, which all involved registry keys.
Sure, the registry is a vital part of your machine, but I wouldn't consider handling it rocket science like you seem to be making it to be. Now granted, I have a lot of experience when it comes to the core system files...but I still don't think it is THAT hard to not !@#$ up. Use cation though by all means.
you dont need to run regedit by using cmd, you can just go to run then type regedit, well atleast it works on XP for me.
I recommend having some knowledge about registries before deleting them, but I always delete registries for viruses like these, guarantees them to not come back or run anything on start-up etc...
At least you can do stuff to solve your problem. In case nobody here knows, yesterday(12/31/2009) at about 1700(-6 GMT), I installed an antivirus(Symantec Endpoint Protection). Now, the minute I start my computer, it starts a scan that I can't figure out how to stop. I get roughly sixty seconds in which the machine functions, after which the system freezes. The only option I know of at that point is to hit the power button to turn it off. Any clues? I don't think this is an actual virus.
Quote from: Jackabomb on January 01, 2010, 01:37:01 PM
At least you can do stuff to solve your problem. In case nobody here knows, yesterday(12/31/2009) at about 1700(-6 GMT), I installed an antivirus(Symantec Endpoint Protection). Now, the minute I start my computer, it starts a scan that I can't figure out how to stop. I get roughly ten seconds in which the machine functions, after which the system freezes. The only option I know of at that point is to hit the power button to turn it off. Any clues?
Well what you downloaded was probably a virus...and it sounds like the virus is occurring your start up files. I recommend you start windows in safe mode. I think you rapidly press F12 or something like that...it tells you what to do as your comp is loading up. The whole point behind that is that you only want to launch your computers core files when booting the machine so the viruses files aren't started. You should have some control over your PC at that point.
I'm positive it's not a virus. I ripped the installation zip from my father's system and he downloaded it from AKO. I'll try booting in safe mode, anyway. Maybe the thing won't start.
Quote from: Jackabomb on January 01, 2010, 01:54:12 PM
I'm positive it's not a virus. I ripped the installation zip from my father's system and he downloaded it from AKO. I'll try booting in safe mode, anyway. Maybe the thing won't start.
Well, if you want to remove it from your start up simply do this (I'm assuming your running windows XP):
- Start>Run>type in "msconfig".
- Click "Startup" tab.
- Uncheck the AV (or any other programs you don't want running at start up for that matter).
- Click "OK"
- Reboot
That should probably solve the problem for you.
Edit: I managed to get rid of my virus, "Spyware Doctor" managed to remove most of it, however some of the trojans and other programs it used to attempt to re-download itself under a different name were still there, so I did some manual work in the temporary folder (where most of it was located). I managed to figure out what was a virus and not by viewing the "last modified date" and deleting whatever appeared consecutively around the time and date that the virus first appeared (I strongly do not recommended doing this). Then I used CC cleaner to remove and extra extensions/keys/unused dlls that the virus had left in my registry.
It's funny... I called dell and they insisted to try and pressure and intimidate me into purchasing a new warantee so that they could remove the virus from my computer using there "specialized tools", and claiming that "the virus would head to my MBR (that stands for Master Boot Record)" and become "very difficult and time consuming to remove". They wanted me to pay $169 plus taxes to remove it. Haha Dell... Haha.
Quote from: NotoriousM4^ on January 01, 2010, 03:43:01 PM
Start>Run>type in "msconfig".
Again, I don't want to rain on anybody's parade, but msconfig is another program I would never preach to someone to use, especially if I didn't know their capabilities with computers. There's a LOT of stuff you can screw up in there that'll render your computer useless. If you want to do it properly, instead of taking a chainsaw to it, go into your Control Panel, Administrative Tools, Services. There you can find the application, and set it to "disabled" or "manual" (likely "manual" is what you want) or "Automatic" That way you aren't going to kill any vital services windows needs to run.
The reason I said all that earlier (and this now) Pwnage is that sure, you might be comfortable with going into the registry editor and handling problems, but it is not a good idea to just assume that everyone else here has the same know-how as you. I feel comfortable doing it, mostly because if I FUBAR my computer, no big loss, I do all my heavy lifting with Linux anyways, and all my data is saved on a partitioned drive. I just see so many instances on this forum (and no where else) where as soon as there is a problem, the first tech savvy guy that visits the topic feels the need to act cool by saying "Well if you go into the registry..." when the first question SHOULD be "How comfortable do you feel with handling registry keys and...." If their response is "Uh...." this is definitely NOT the time to try and show them up by trying to walk them through it, ESPECIALLY when there is software out there to handle it for you. Besides, how many times are you 100% positive (and I do mean fully knowledgeable) that you got EVERY SINGLE ENTRY deleted. I'd venture to guess you're relying on someone else's advice on which keys to delete, and you THINK you got them all based off of what this person tells you. Well then take M4's scenario where he couldn't find all the keys the guy said, then what?
I'm just saying, unless you know the person's capabilities, do NOT assume that everyone here knows how to properly navigate and work the registry, you're gonna end up screwing up Gramma's computer some day with that mentality, and then she IS screwed.
Quote from: Scotty on January 01, 2010, 04:08:02 PM
I'm just saying, unless you know the person's capabilities, do NOT assume that everyone here knows how to properly navigate and work the registry, you're gonna end up screwing up Gramma's computer some day with that mentality, and then she IS screwed.
I Lol'd at that last part, but yeah I guess I should have been a little more careful with my suggestion, and thought it out a bit better. So take my advice at your own risk ;).
Have 2 backups of the files you cant repace or just whant to have all the time. 1 online(Carbonite, gmail, s3, etc), 1 local(cds, dvds, external hardrive). On your harddrive have 2 partions. 1 partion for windoes and programs. 1 for other data (photo, word files, videos, music, etc). Install windoes on the first partions with all its updates and your programs with there updates. Make a copy of that partion with Clonezilla ( http://clonezilla.org/ free ) or any other disk cloning tool and keep it offline on a disk or something. Updated that clone of the partion (the one with windoes and programs) every 2 months or so just to keep up with windoes updates and your program updates. When you get a virus or your computer just action wired just format the first partition (the one with windoes and programs) and use your offline clone backup and just place that back.
It will take a while to set up the first time but after that your good to go.
I hate virus, i hate virus scanners, I hate the fixes for virus. They all slow you down, make you do work, and have a chance of not working. This way is quick and easy. The best AV is just making sure all your software is up to date and that you don't do stupid things.
big edit:
Something else you can do is install a virtual box ( http://www.vmware.com/, http://www.microsoft.com/windows/virtual-pc/, http://www.virtualbox.org/, etc) and do all your browsing on the internet on there. Install windoes with it into a file. Make a backup of that file. When that vm starts action weirded just delete the file with windoes on it and place the one you copied there.
You can also sandbox programs with sandboxie. Most of the time you might whant to sandbox internet programes.
Quote from: http://www.sandboxie.com/
Tired of dealing with rogue software, spyware and malware?
Spent too many hours removing unsolicited software?
Worried about clicking unfamiliar Web links?
Introducing Sandboxie
Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.
http://www.sandboxie.com/
Pwnage's solution provides a temporary respite and the ability to work. My computer is laggy, but I'm doing a system restore to before I installed the program. Scotty, is system restore one of those programs that you mean?
ART, what on earth is a partition?
Quote from: Jackabomb on January 01, 2010, 04:29:47 PM
ART, what on earth is a partition?
Let me make sure i spelt it right!
Edit:
ok i did.
Disk partitioning
QuoteDisk partitioning is the act or practice of dividing the storage space of a hard disk drive into separate data areas known as partitions. A partition editor program can be used to create, delete or modify these partitions. Once a disk is divided into several partitions, directories and files of different categories may be stored in different partitions......
It basically lets your split your hard drive into smaller pieces.
Partition tools:
http://www.google.com/search?q=partition+tools&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a
Quote from: Jackabomb on January 01, 2010, 04:29:47 PM
Pwnage's solution provides a temporary respite and the ability to work. My computer is laggy, but I'm doing a system restore to before I installed the program. Scotty, is system restore one of those programs that you mean?
ART, what on earth is a partition?
No, system restore is something entirely different.
Has your computer been laggy for a while, or is this recent? What OS are you using? You might be able to go through and weed out some of the services that startup with your computer, improving performance a slight bit.
Partitioning, as Art said, is a way of taking a single hard drive, and splitting it however you like, essentially (as far as you can tell) turning it into multiple hard drives. For instance, my laptop has one hard drive in it, but I want to have windows and linux on it. Instead of getting a second hard drive, I just split this one down the center so I can put windows on one half of the hard drive (one partition) and linux on the other. BUT, I would also like to have a storage drive that I can use on either Windows OR Linux to read from. Since windows cannot read from my linux drive, I created ANOTHER partition (3 total). One is for windows, one is for linux, and one is for file storage between the two!
Something went wrong with system restore anyway. I won't work. What safe mode option do I use in order to use the "install/uninstall" option in the Control Panel?
Scotty, this all started yesterday when I installed the antivirus. I'm using windows XP. How, by the way, do I set up one of these partitions?
Quote from: Jackabomb on January 01, 2010, 07:38:53 PM
Something went wrong with system restore anyway. I won't work. What safe mode option do I use in order to use the "install/uninstall" option in the Control Panel?
Scotty, this all started yesterday when I installed the antivirus. I'm using windows XP. How, by the way, do I set up one of these partitions?
There's quite a bit of software out there to do it, be being that everyone is greedy, about every one of them will cost you. When I want to partition, I take the slightly more complicated, yet completely free and legal way of doing it.
I download and burn an Ubuntu Linux cd. I leave the cd in the tray, and reboot. It starts up off the disc, which I tell to start-up using a "trial" of ubuntu (without actually installing it). It takes some time to load since it is booting the OS off a cd, but once in, I use the partition editing tool in Ubuntu to edit the partitions.
Partitioning NTFS drives (Windows' default partition format) is a pain to do anyways. If I remember correctly, you cannot alter and NTFS partition WHILE you are using it (hence me using Ubuntu from a CD to alter it). Man I wish Windows would adopt the ext# format, I'd never have to de-fragment ever again!
EDIT: Also, if you do decide to partition your drives, BE VERY CAREFUL! MAKE SURE that you defragment a couple of times (preferably while in safe-mode to ensure it is done properly) before shrinking the size of an NTFS drive. If you cut it short, you'll lose data and likely render the drive useless. In other words, you'll FUBAR your windows OS.
You got to hand to military acronyms. Any other suggestions for my computer issue? System restore won't work, and I can't uninstall in safe mode. I'd rather not reinstall windows, but I can if I have to. It's a pain, it deletes my files, it takes friggin forever, and I have to sit there the whole darn time to answer the little popup questions when they happen. What's Ubuntu anyway?
Quote from: Jackabomb on January 01, 2010, 11:41:24 PM
What's Ubuntu anyway?
A vary popular disto of Linux. I like it myself.
Jack, in your case, you likely won't need to re-install windows. If I am reading your posts correctly, all you need to do is reboot, and go into safe mode. Once in safe mode, go to Control Panel -> Administrative Tools -> Services. Find the service in the list. Double click, then set it to "disabled". You can reboot and go into Windows normally, and use Add/Remove to get rid of it from there, since it should not start up after you disable it.
Now something else is up.When I hit the button on the welcome screen for my profile, it's taking forever to load. This is in safe mode. I haven't tried it in normal mode yet. Is that normal? I'm still trying to fix the first issue, so this is annoying. In addition, if I get my Eagle Project all planned and all required(3) merit badges finished by the end of winter break we get an XBOX360. Talk about a lot to do at once.
Quote from: Jackabomb on January 02, 2010, 01:08:57 PM
Now something else is up.When I hit the button on the welcome screen for my profile, it's taking forever to load. This is in safe mode. I haven't tried it in normal mode yet. Is that normal? I'm still trying to fix the first issue, so this is annoying. In addition, if I get my Eagle Project all planned and all required(3) merit badges finished by the end of winter break we get an XBOX360. Talk about a lot to do at once.
Not sure about the slow loading, could be a lot of things. Try getting the program removed via my previous method, and see if it is slow to load on normal boot-up. Do you have all your plans for your Eagle Project on your computer then?
No, thank goodness they're all still in my head or on my dad's computer which runs the same antivirus just fine. I meant I feel like I've got a lot of stuff to deal before school starts after tomorrow. Oh Dang! *runs and studies marching paper for monday's drill*
Didn't bother to read this completely through, so I don't know if this problem has been resolved or not. Anyways, I had a Rogue Virus and I was able to get it out with a free program called "Malwarebytes' Anti-Malware". It's definitly worth looking into and is fairly simple to use. Good luck. :)
Quote
Anyways, here is a solution...
Firstly, you might want to download AntiMalware - http://www.antimalwarenow.com/ - It's free and not only does it detect virus's but it also completely wipes it off your computer. I used this when I had a rogue virus which didn't allow me to open .exe files.
Once you install the program, go to the updates tab and click "Check for updates". Once the software updates, then go to the scanner tab and click "scan". Oddly it detected 560+ virus's on my computer, and it deleted them all! The scan could take several to thirty minutes depending on the amount of files you have. The program will search through everything.
When it finish's, there should be an option that allows you to delete all the virus's listed. After it deletes them, you will get a word document or a seperate file that shows all the files that have been deleted and why. Afterwards, it will promt you to restart your computer, so do so.
Sorry if this has been solved already, just thought I'd let you know.
I managed to figure out what scotty was talking about and I disabled it. Just in time, too. Things were getting so slow, explorer wouldn't run. I had to hunt the services application down in system32 with command line using more "dir" commands than I ever want to use again. Really makes me feel for the folks who had to deal with Unix.
By the way, scotty, what do you do for a living now that you're out of the Marines?
Quote from: Jackabomb on January 02, 2010, 07:16:20 PM
I managed to figure out what scotty was talking about and I disabled it. Just in time, too. Things were getting so slow, explorer wouldn't run. I had to hunt the services application down in system32 with command line using more "dir" commands than I ever want to use again. Really makes me feel for the folks who had to deal with Unix.
By the way, scotty, what do you do for a living now that you're out of the Marines?
Sounds like a bit more overkill than what I was expecting. I just assumed you'd be able to find the service in the list of services and disable it, then reboot. I had no idea you'd be going through the system32 folder for whatever reason.
To answer your question, I'm about to move out to Annapolis, MD to do web development for the United States Intelligence Community. I'm expected to start working around Jan. 15th, dependent upon when they can transfer my clearance. I'll probably be out there within the next week and a half.
Control panel isn't an actual place. That is, you can't get to it by clicking through folders or using 'cd' in command line. All the programs in it are actually links to the real program elsewhere. Services(the program that brings up the list) is actually found in system32. Once I found and started it, it was simple.
At long last, I'm making this post from my own computer!
I thought you'd be doing something like that. You seem to know a whole lot about computers. Far more than I do, at least.
Just started wondering: what is the ventrilo server? I've heard of it a long time ago, but it was donors-only at a time when I wasn't a donor, so I didn't pay attention.