I have total protection suite installed and I still got a virus. I can get in to safe mode I found this:
On how to unistall it.
Problem is I don't know how to find the files and registry files to delete them.
When I did a virus scan in safemode it said everything was fine? What's up with that? Clearly its not fine as I can't run anything with this thing it shuts down everything out of safe mode.
Moved to Top Threats.
There's another thread about this in Top Threats HERE - I found the removal instructions and posted the link to them in that thread, but first you should try the McAfee FakeAlert Stinger tool. If this Fake AV has been added to the list then the Stinger should take care of it. If not, follow the link and use the alternative removal method. Let us know how you get on.
Message was edited by: Hayton on 28/08/11 06:11:37 IST
safe mode is the right step, but lots of program stop working in that mode, that might be the reason you scan but with no virus... you can try firstly stop the security protection process by pressing alt+ctrl+delete keys to open the task manger, select process and end the exact process, and then wipe away files and registries of it, reference as here. this works great if you do know some computer.
Removing Security Protection is fairly easy, no big deal. It's not the most aggresive scareware I've ever seen probably bacause it has to go well with other malware, PPI schemes or bot herders don't want to risk of loosing their bots. That's my guess. Anyway, you can either reboot your computer in safe mode with networking and run Malwarebytes or your favorite malware removal what ever you may use or delete the malicious file manually.
C:\Documents and Settings\All Users\Application Data\defender.exe
Rename defender.exe to defender.vir and restart your computer. Note, you can't just delete the file while the rogue program is active. So, once you are back, Security Protection shouldn't pop up anymore. Now you can download/run any malware removal tool you want. Running rkill first would be a good idea. Then use Malwarebytes or any other anti-malware software.
Security Protection removal procedure:
I hope that my answer will be of help to you. Security Protection virus is not really difficult to remove. I can recommend you my removal guides, which describe manual removal of this virus. Of course, manual removal is for free, you do not need to download or install any security program. Here is the link with the video guide how to do it:
Even in safe mode I get an error when trying to open
It wont allow it
When I go to the task bar and shut down the .ex the keep poping back up. I am going to try to do a system restore to before the virus started do you think that will help?
There is an excellent removal guide here: http://www.bleepingcomputer.com/virus-removal/remove-security-protection scroll down that page as the first links you see are advertising.
Follow their steps and if you have problems follow what they suggest to get support.
For some reason this thread is returned high in the google search when looking for "defender.exe" so I'm going to post up some advice and then lock the thread.
If you need assistance with a new undetected version of a fakealert infection please start a new thread in our Top Threats space, however first of all do try and remove the infection using our FakeAlert Stinger tool - instructions for which can be found on the link.
If you would like to send us a new variant of a defender.exe please follow these instructions. Once you have submitted please post up the analysis ID we respond with in the
Top Threats space so that we can follow up on it for you.
Can we mark this thread solved?