Rogue AVDefender 2011

Discussion in 'malware problems & news' started by Franklin, Aug 29, 2010.

Thread Status:
Not open for further replies.
  1. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Lovely newish exe killing rogue from the Antivirus Soft family.

    Has two running processes and if one is killed then the other auto starts another.

    Using a renamed Task Manager to iexplore you need to right click one process and select End Process Tree and even then it can be a bit of a struggle to end both processes.

    Easiest way to cleanup this rogue is to leave both processes running and rename mbam.exe (Malwarebytes) to iexplore.exe to get a scan up and running then allow mbam to delete what it finds.

    HitmanPro's hold left control while executing seems to fail against this one.

    One.JPG

    One2.JPG
     
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    This is a newer rogue, thanks for spotting and bring the information to Wilders :thumb: Removal guide here
     
  3. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    Franklin, did you try Safe Returner with this rogue?
     
  4. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    No, not as yet.
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    This software clearly is a goad to download and run :ouch:
    All three of the ad banners offering free scan and fix your PC now, Free Scan your PC now for errors, Scan your Computer for Free, all prompt a download of the executable for the program !!!

     
    Last edited: Aug 29, 2010
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Safe Returner needs to renamed from Safe returner.scr to iexplore.exe in order to get a scan up and running.

    It does detect and clean the rogue but "may" be a prob on XP after reboot and have PM'd egomoo to have a look.

    Win 7 VM and a renamed Safe Returner comes up trumps but a scan with MBAM is advised to clean up dregs.

    @siljane, I do volunteer as a Rogue Reporter for MBAM and usually wait a few days before posting here in order for the removal guides to get up first.
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I know the folks at MBAM quite well, including Rubberducky, I don't quite understand why, Softpedia would sign off this software without having done due diligence on the software, imo, they clearly have not.

    Is there an issue with the guide I posted ? If there is, your comments, it is not that I am aware of in Wilders TOS ?

    If offsite removal guides are an issue, I should have been made aware of this.
     
    Last edited: Aug 30, 2010
  8. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    No issue that I'm aware of and they are a great help to a lot of people. :)
     
  9. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Thanks for the kind feedback, as a security expert, I would only post removal guides that are from sites that I know and implicitly trust.

    Complete discussion thread here, Franklin that we may both have missed.

     
    Last edited: Aug 30, 2010
Thread Status:
Not open for further replies.