Windows Defender Opinions?

[Cosmo_Smallpiece]

Hi Everyone. Newby to the forum here.

 

I've got a Novatech Laptop which came with Vista Home Basic Pre-installed about 4 years ago (I think).

 

It recently let in a virus which I had a devil of a job to get rid of. It was one of those that bombards you with pop ups saying that the PC is infected with a virus, if you click on the remove or quarantine button it asks for credit card details. It's also designed to look just like windows defender and also blocked all my attempt to access the internet.

 

I eventually got rid of it by using system restore.

 

I also downloaded Adaware Stopzilla which is telling me my laptop is stlll infected but Windows Defender is telling me everything is fine!!

 

I don't know which one to believe. I'm not using the laptop at the moment until I can get some reliable anti virus software installed on it.

 

Any recommendations for what to use?

[KenB]

Hi and welcome to ExTS

 

I doubt that simply using System Restore would rid your system of this infection.

You really need Starbuck to advise you.

In the mean time:

Download MBAM > Install > Update > run it.

Post the log here.

http://www.malwarebytes.org/products/malwarebytes_free

(You want the free version)

[RandyL]

Ken is right. For the record Windows Defender is an anti-spyware program not anti-virus program.

[etavares]

Hello and welcome to Extreme Tech Support - Free PC Help!

 

My name is etavares and I will be working with you to fix your computer. I have moved this to our malware infection removal forum.

 

Please follow KenB's request and post the MBAM log in your reply.

 

Please also take note:

 

 

1. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    
   
   • If you are unsure about any of these characteristics just post what you can and we will guide you.
     

 

[*]Please tell us if you have your original Windows CD/DVD available.

[*]If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.

[*]Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.

[*]Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

[*]If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

[*]If you have already posted a log, please do so again as instructed below, as your situation may have changed.

*]Use the 'Add Reply' and add the new log to this thread.

 

 

 

We need to see some information about what is happening in your machine. Please perform the following scan:

 

We need to create an OTL report,

• Please download OTL from this link.
  
• Save it to your desktop.
  
• Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.
  
• Click the "Scan All Users" checkbox.
  
• Under the Custom Scan box paste this in:
  
  netsvcs
  msconfig
  drivers32 /all
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\*.sys /90
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\*. /mp /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  CREATERESTOREPOINT
   
  
  
• Click the Quick Scan button.
  
• The scan should take a few minutes.
  
• Please copy and paste both logs in your reply.
  

 

 

 

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

 

Information on A/V control HERE

 

 

We also need a new log from the GMER anti-rootkit Scanner.

 

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

 

Please first disable any CD emulation programs using the steps found in this topic:

 

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

 

How to create a GMER log

 

In your reply, please post both OTL logs and the GMER log. Thanks!