Internet Defender infection

I also have a problem with Internet Defender.
I have followed the instructions from EssexBoy here:
http://forum.avast.com/index.php?topic=72397.0

I attach the log files as asked and appreciate your help !

Note:
I deleted the following registry key before starting with your diagnostic:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
as per the instructions here, (http://www.bleepingcomputer.com/virus-removal/remove-internet-defender#keys)
which pointed to an avi file.

J

Hi on completion of these runs can you let me know what problems remain

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL [2011/02/27 12:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Defender [2011/02/27 12:33:53 | 000,001,935 | ---- | M] () -- C:\Users\Iain\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Defender.lnk [2011/02/27 12:33:53 | 000,001,911 | ---- | M] () -- C:\Users\Iain\Desktop\Internet Defender.lnk[2011/02/27 12:34:15 | 000,000,966 | -HS- | C] () -- C:\ProgramData\e57f550b-1cd1-41e7-8276-662c433ecac6_.mkv [2011/02/27 12:33:53 | 002,568,192 | -HS- | C] () -- C:\ProgramData\e57f550b-1cd1-41e7-8276-662c433ecac6_35.avi [2011/02/27 12:33:53 | 000,001,935 | ---- | C] () -- C:\Users\Iain\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Defender.lnk [2011/02/27 12:33:53 | 000,001,911 | ---- | C] () -- C:\Users\Iain\Desktop\Internet Defender.lnk

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

.
THEN

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[
]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Ok - thanks. Looks promising…

Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5895

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/02/2011 18:34:07
mbam-log-2011-02-27 (18-34-07).txt

Scan type: Quick scan
Objects scanned: 144710
Time elapsed: 5 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\e57f550b-1cd1-41e7-8276-662c433ecac6_.mkv (Trojan.FakeAlert) → Quarantined and deleted successfully.
c:\programdata\e57f550b-1cd1-41e7-8276-662c433ecac6_35.ico (Trojan.FakeAlert) → Quarantined and deleted successfully.

Looks good - any further problems ?

all OK - many many thanks for your time

J

Run OTL and hit the cleanup button to remove it ;D