Solved Possible PCHealth Virus - Defender.exe

[Resolved] Possible PCHealth Virus - Defender.exe

Yesterday my wife noticed a bunch of anti-virus screens pop up, none of which were the original AVG program that we were running.

When I got home I tried to kill the process but it wouldn't allow me to access the task manager.

I turned off the restore point while in safe mode and noticed in the start-up files a direct link to f:\windows\PCHealth. After some Googling, it looked to be the PCHealth virus. In safe mode, I deleted the directory and removed all of the references to PChealth in the Registry.

Upon a full reboot the same problem persisted.

I downloaded Malwarebytes and ran it. It found about 9 files, which I removed. Did a full reboot and the same problem persisted. This time I noticed that it referenced a W32blaster.worm name so I downloaded BlasterFix but that didn't find anything.

I tried to ensure that the Windows Firewall is turned on but it wouldn't let me do that in safe mode. I tried to install the recommended Avira program but that won't run in safe mode either.

Any help would be appreciated. Thanks in advance.

 

Thanks.. Attempted to follow the steps but couldn't check the status of the firewall, couldn't load Avira so I wasn't sure if I should just continue or not?

 

After further searching, the root virus was call the defender.exe.

The file was in X:\Documents and Settings\[User Name]\Application Data

The trick is that the folder is hidden.

You need to change the folder attribute to remove the Hidden setting.
I ended up using DOS to manually change the attribute.

Once I changed the folder attribute and deleted the "defender.exe" file I was able to do a full reboot.

I'm now running Malwarebytes and updating the antivirus program to make sure everything else is Ok.

Thanks.