Cyberdefender Antivirus Software

[Maxspeed996]

So my sis pics out a new laptop....has it for a few months. And decides to purchase CyberDefender Antivirus software.....she's not got this worm on her machine, and an annoying pop up window saying that she's needing to license her purchase of the Personal Antivirus....The company (cyber defender)is wanting $250 to "fix" it for her....and I'm sitting here now. Really nice huh?

To make a long story short....she of course has no Resource disks with a clean backup, or any support/restore disks from HP to wipe it and start clean.....
I'm dealin with Vista Home Premium 32 bit.
I'm attempting to use Symantec Internet Security 2009 ( I know....flame the symantec now ) to do an install if it allows me here.....and to try to actually remove the problem....but the one thing that has me concerned is the pop up I talked about above I can't seem to locate in order to remove it. It doesn't exist in the Add/Remove programs list, and it isn't showing at the top of a task manager when sorted by mem usage.....is there anywhere else to locate and eliminate this app?

 

[mechBgon]

That Cyberdefender stuff is clearly a scam. Don't give them anything.

If you haven't already done so, try a System Restore to before this problem occurred, then mop up with Symantec and some antispyware apps such as Superantispyware, Spybot S&D and Malwarebytes.

If you can't uproot the Cyberdefender scamware and don't see where to uninstall it, manual removal using HijackThis would probably get the job done. If necessary, download HijackThis from http://www.trendsecure.com/por...ls/hijackthis/download and post a logfile if you need help with it.

 

[Maxspeed996]

thanks for the post man. I've been able to remove the few virus's that she had now...and i'm down to the last problem the "personal antivirus" program that keeps popping up tell me she's still infected....but wanting me to buy it. I've located the file destination where it is stored but it keeps re-appearing....somehow it's modded the registry i bet. I'm currently installing LavaSoft's Ad-Aware and trying to finish the removal with it. everywhere I've read on this lists the app as annoying adware....so we'll see if that works.
The complete re-installation is always my first choice when i see pc's comprimised to this level....there is no reason to take any chances anymore ya know.

 

[MadRat]

Go into the registry in safe mode to limit what it loads up at the startup. Use f8 when you are starting up the machine to get the menu for safe mode.

Scan the run locations under both local machine and user profiles. Chances are its piggybacking off a svchost or lsass process that keeps it safe from simply deleting it out of the registry while you are logged in. Every time you delete it the piggybacked process reinserts it, often with a new name.

Before loading up another anti-virus or spyware remover you need to glance over the hosts file and make sure you're not getting redirected. Malware writers these days will transfer you to malicious websites when you try to go to common websites.

Also look in the startup folders in her profile, but then also in the all users and default users profiles, too. Once you get it from starting up you need to load up spybot and nuke all the other tedious shit that's been installed. You'll have a lot of bho's and crap like that dropped on your machine.