« previous next »
Pages:  [1]     Go Down

Author Topic: Fake Windows Defender virus  (Read 1129 times)

0 Members and 1 Guest are viewing this topic.

Offline fohat.digs

  • * Elevated Elder
  • Thread Starter
  • Posts: 6473
  • Location: 35°55'N, 83°53'W
  • weird funny old guy
Fake Windows Defender virus
« on: Sat, 19 September 2015, 19:09:23 »
My son got hit by the "Fake Windows Defender virus" and it looks like a really nasty beast, disabling any attempts to get rid of it including registry edits and Malwarebytes. Apparently you can't even use the Task Manager to make it stop.

We gave up and did a full reformat/reinstall, but do any of you have any experience with it, and/or know any way to get rid of it.

And, of course, where it comes from and how it attacks?

Thanks!
Logged
"It's 110, but it doesn't feel it to me, right. If anybody goes down. Everybody was so worried yesterday about you and they never mentioned me. I'm up here sweating like a dog. They don’t think about me. This is hard work.
Do you feel the breeze? I don't want anybody going on me. We need every voter. I don't care about you. I just want your vote. I don't care."
- Donald Trump - Las Vegas 2024-06-09

Offline digi

  • elite af tbh
  • * Exquisite Elder
  • Posts: 2789
  • keyboard game on fleek
Re: Fake Windows Defender virus
« Reply #1 on: Sat, 19 September 2015, 19:10:32 »
That sucks, I've had good luck with Combofix, check it out next time, hehe.
Logged

Offline njbair

  • Posts: 2825
  • Location: Cleveland, Ohio
  • I love the Powerglove. It's so bad.
    • nickbair.net
Re: Fake Windows Defender virus
« Reply #2 on: Sat, 19 September 2015, 19:21:18 »
At some point it must ask for elevated privileges. Like most modern malware, it may have presented itself as a software update or something. I've dealt with similar malware and was able to trace it back to fake Flash Player update "ads" on the user's Juno web mail. Apparently Juno allows anyone to advertise who pays them.
Logged

Alpine Winter GB | My Personal TMK Firmware Repo
IBM Rubber Band "Floss" Mod | Click Modding Alps 101 | Flame-Polishing Cherry MX Stems
Review: hasu's USB to USB converter
My boards:
More
AEKII 60% | Alps64 HHKB | Ducky Shine 3, MX Blues | IBM Model M #1391401, Nov. 1990 | IBM SSK #1391472, Nov. 1987, screw modded, rubber-band modded | Noppoo EC108-Pro, 45g | Infinity 60% v2 Hacker, Matias Quiet Pros | Infinity 60% v2 Standard, MX Browns | Cherry G80-1800LPCEU-2, MX Blacks | Cherry G80-1813 (Dolch), MX Blues | Unicomp M-122, ANSI-modded | Unicomp M-122 (Unsaver mod in progress) | 2x Unitek K-258, White Alps | Apple boards (IIGS, AEKII) | Varmilo VA87MR, Gateron Blacks | Filco Zero TKL, Fukka White Alps | Planck, Gateron Browns | Monarch, click-modded Cream Alps

Offline inanis

  • Truly Literally The Cloud
  • * Destiny Supporter
  • Posts: 790
  • Location: Dark Places
    • SEALWoodworking
Re: Fake Windows Defender virus
« Reply #3 on: Sat, 19 September 2015, 19:55:05 »
For stuff like that a good boot disk is always helpful to get malware/virus off. If you can boot into a different environment, whether that is CD or USB and then run a scan on your affected disk it tends to do a pretty good job at cleaning it out.
Logged
Some hearts are gallows, I'm not here for hangin' around
Pages:  [1]     Go Up
« previous next »