Defender.exe aka 'Spyware Protection'
osaddict
London, UK
A colleague came up to me earlier today saying his PC had 'gone mental' sure enough his description wasn't far wrong... he'd visited a news website and it had loaded a virus on his machine which shut everything else down.
I logged in as myself (an Admin user) and could see defender.exe running under his account.
I killed this process and logged in as the user, everything looked to be ok.
Looking around the appdata/roaming folder I located defender.exe and deleted it.
A reboot and everything looked fine... this seemed far too simple so I dug around the registry a little bit and found
Current user\Windows\Run (or to that effect!) and found an entry for defender.exe and also found one for sdra64.exe I deleted both of these.
The PC seems fine now, and a KAspersky Scan seems to work fine.
I'm concerned this seems too simple a fix and not sure what else to do to 100% clarify that it's gone!
Was a nasty thing - popped up and killed every other process, was scanning the PC (really, it was scanning the CS3 directory - not many PCs have CS3 installed!), making up all sorts of junk.
Oh and the user does not have admin rights so nothing can be installed...
Any pointers?! -Sorry if the above is a little garbled, hopefully it makes sense...
Thanks in advance
I logged in as myself (an Admin user) and could see defender.exe running under his account.
I killed this process and logged in as the user, everything looked to be ok.
Looking around the appdata/roaming folder I located defender.exe and deleted it.
A reboot and everything looked fine... this seemed far too simple so I dug around the registry a little bit and found
Current user\Windows\Run (or to that effect!) and found an entry for defender.exe and also found one for sdra64.exe I deleted both of these.
The PC seems fine now, and a KAspersky Scan seems to work fine.
I'm concerned this seems too simple a fix and not sure what else to do to 100% clarify that it's gone!
Was a nasty thing - popped up and killed every other process, was scanning the PC (really, it was scanning the CS3 directory - not many PCs have CS3 installed!), making up all sorts of junk.
Oh and the user does not have admin rights so nothing can be installed...
Any pointers?! -Sorry if the above is a little garbled, hopefully it makes sense...
Thanks in advance
0
Comments