Am I completely rid of vcx/defender malware?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I noticed an unfamiliar scheduled startup task on my Vista32 system
shortly  before and after using Malwarebytes to get rid of
vcx.exe/defender.exe malware.

Task Scheduler -> FORGX -> Ready -> at system startup
I can't disable the scheduled task: "The user account you are
operating under does not have permission to disable this task."

Properties -> General tab: "Run with highest privileges" (checkbox).
When I try to uncheck it, I get a password prompt box ->
user name: S-1-5-18, password:

Properties -> Actions tab: Start a program ->
C:\Windows\system32\rundll32.exe ->
"C:\Windows\system32\compobje.dll",mjnf

I can't find any Google discussion on this. Can someone tell me if
this is a malware remnant, and if so, how I can disable it? Thanks.

Re: Am I completely rid of vcx/defender malware?


Quoted text here. Click to load it

It certainly looks like a malware loading methodology.

You need to look for anything other malware that may be protecting this as well
as take
ownership such that the administrative account you use can overide whatever the
malware is
trying to protect.  This may have to be done in Safe Mode.


--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Am I completely rid of vcx/defender malware?



Quoted text here. Click to load it

Thanks for your reply. I couldn't get the Task Manager to work in Safe
Mode. Surprisingly, I was able to simply delete the task in normal
mode. Before the deletion I noticed that MSSE and Windows Security
Center were disabled and returned to that state upon reboot even after
setting them to automatically start.

Once the task was deleted those two apps stayed activated. However,
MSSE didn't show in the System Tray or Task Manager. After running
ComboFix everything appears back to normal. Not exactly sure what it
fixed though.

BTW, shortly before the defender.exe malware app started to do its
thing, WinPatrol notified me that vcx.exe wanted permission to run at
each startup, which I declined, and MSSE warned me of 3 or 4 malware
files in its appdata directory, which I ordered it to remove.
Unfortunately that was not enough to keep the malware from molesting
MSSE anyway.

Site Timeline