Known Spyware not removed by Windows Defender

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am not a super tech genius but here is my question.

I am infected with several programs known to be malware, which have
installed themselves on my hard disk and have registry values. I have run
Windows defender in full scan mode twice (45 minutes each time) with the most
current definition files and it does not detect them.

In the "Add/Remove Programs" list, they show up as:

Public Messenger ver 2.03
Soft Codec 9.0
Internet Explorer Security Plugin 2006

When I click add/remove on any of the preceding, I get a message as follows:

Attention! (This is in the blue title bar)

You should reboot your computer prior to uninstalling this software. Reboot
now?

Yes No (This is in the dialog box)

Of course, I do no such thing.

Instead, I have searched google on all of these programs and all are known
to be spy/mal/adware.

Is Microsoft aware of these malware, and if so, how do I get rid of them?
Can Windows Defender be configured to remove these?
 
Hi WG...

The short answer is no there is no way for you to configure it yourself
within WD if it's missing from the definitions. However you can report
such failed detections to Microsoft through Spynet as follows with the
intent of getting detections added to a future WD definition update and by
doing so you'll be doing the rest of us a favor:

http://www.microsoft.com/athome/security/spyware/software/support/reportspyware.mspx

Questions for you... did you have WD installed and running real time
protection while this happened, and are your versions current?
Was anything else detected/removed on your system at the same time this
happened?
Windows Defender Version: 1.1.1347.0

Engine Version: 1.1.1603.0

Definition Version: 1.14.1715.11
 
Hello,

Report a possible spyware problem to Microsoft
http://www.microsoft.com/athome/security/spyware/software/support/reportspyware.mspx

Go for scans in safe mode and also add Ewido and Ccleaner as Ewido performs
great with Trojans and Ccleaner will clear your temp folders where a lot of
malware hides installers.

First remove all temporarily junk with CCleaner
http://www.ccleaner.com
Note, When you install Ccleaner, uncheck the Yahoo toolbar option.
Note, in Options, Advanced, uncheck - Only delete files in Windows folders
older than 48 hours.
Note: uncheck Windows Defender in the applications.

Then try Ewido for removal:
http://www.ewido.net/en/download/

You might also consider going with posting a HijackThis log in a specialized
forum that deals with reading such logs:

Here's a list:

Forums where you can get expert advice for Hijack This! logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order

http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Her...
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5
--

Install Siteadvisor
http://www.siteadvisor.com/preview/
Working on the principle that prevention is better than cure.

Did you visit `Intcodec.com` in your travels? I ask this because there is an
excellent BHO available - `McAfee Site Advisor` which will give you fair
warning when you are about to visit a dangerous site. When you search
Google/MSN/Yahoo all links are highlighted in a colour code according to
danger levels. If you see red for example - don`t even go there. If, on the
otherhand, you are just surfing the unobtrusive button will give you fair
warning by changing to the appropriate colour. There is also a reporting
mechanism of dubious sites which are then investigated and added to the
database. BTW its free and I have no finacial interest ;-)

I hope this post is helpful, but we would highly appreciate it if you could
rate the pºst, so we can keep the community informed and saves somebody else
the hours of trawling through the web trying to find a solution.

Еиçеl
--
 
Your answers were very helpful... thank you!

Here is additional info. The names of some of these files are as follows (I
found them running in memory in Task Manager, then searched for and used a
program called BFU (Brute Force Uninstaller) to delete them.

pmsngr.exe
isamonitor.exe
isamini.exe

These came from when my g/f downloaded Pest Control and VirusBurst (fake
anti malware progs), I believe. Anything that BFU missed I had to delete
manually, using the Search function. To remove them from the Add/Remove
Programs list (under the various names listed in my first post) I had to edit
their entries registry (regedt32). Everything is now gone and my computer is
running like new. I then created a restore point. As far as reporting them, I
didn't find out how to do so until I had already deleted all the files.

Thank you for your help gentlemen, I appreciate it.

-Grant
 
Hi again,

Glad to help and thankx for updating the threªd.

(¯`·._.·Еиçеl·._.·´¯)
--
 
Back
Top