Hi - first post here, so apologies if this is in a wrong section.

I have a remote server 2003 box (when I say remote I mean practically in the middle of Australia!!) that has somehow become infected with Windows PC Defender, asking us to activate the product etc.

I downloaded the latest mbam-setup.exe, checked for updates and ran the quick and full scan - these did pick some hijack stuff that it quarantined but it does not get rid of the Windows PC Defender.

On boot up this rogue creates a folder in C:\Documents & Settings\All users\application Data, I can delete some but not all of these files, and they are re-created on reboot anyway.

When I log on as the Server admin - you wouldn't realise there was an issue, however it is only when I log on as the user that this programme becomes apparent as the IE browser will not function. A full scan with McAfee does not pick up this infection

If anyone has any ideas, or needs some logs etc. that might help you assist me, just let me know.

Regards,
Stephenite

Follow the instructions below:

1. Please read and follow the instructions provided here: I'm infected - What do I do now?
2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.