settdebugx.exe is a core component of trojan FakeAlert. When the trojan is installed, it will display a Security Center Alert that stats that “Windows Firewall has blocked some features of this program” (Trojan-Downloader.JS.Multi.ca, Net-Worm.Win32.Mytob.t, Net-Worm.Win32.DipNet.d, Rootkit.Win32.Agent.pp) as an attempt to make you think your computer has a security problem. Of course, all of these alerts are fake and should be ignored!
What is more, the trojan will also download and install Malware Defense automatically without your permission. Malware Defense is a rogue antispyware programs, that reports false infections and shows fake security alerts as method to to trick you into purchase so-called “full” version of the software.
If your computer is infected, then use these removal instructions below, which will remove settdebugx.exe trojan and other components of trojan FakeAlert for free.
Symptoms in a HijackThis Log
O4 – HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\user\LOCALS~1\Temp\settdebugx.exe
Use the following instructions to remove settdebugx.exe trojan (Fake Security Center Alert)
Download HijackThis from here and save it to your Desktop. If you cannot run HijackThis, then re-download it, but before saving HijackThis.exe, rename it first to explorer.exe and click Save button to save it to desktop.
Run HijackThis. Click “Do a system scan only” button. Now select the following entries by placing a tick in the left hand check box, if present:
O4 – HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\user\LOCALS~1\Temp\settdebugx.exe
O4 – HKUS\S-1-5-18\..\Run: [settdebugx.exe] C:\WINDOWS\TEMP\settdebugx.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [settdebugx.exe] C:\WINDOWS\TEMP\settdebugx.exe (User ‘Default user’)
O4 – HKCU\..\Run: [Malware Defense] “C:\Program Files\Malware Defense\mdefense.exe” -noscan
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for settdebugx.exe trojan infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove settdebugx.exe trojan. MalwareBytes Anti-malware will now remove all of associated settdebugx.exe trojan files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
settdebugx.exe trojan creates the following files and folders
%Temp%\settdebugx.exe
%Temp%\wscsvc32.exe
settdebugx.exe trojan creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\settdebugx.exe
I am going through these instructions now, as my PC has gotten this trojan. The thing that worries me a bit is that as Malwarebyte’s Anti-Malware runs, the trojan continues to pop up bogus warnings. I hope it’s capable of removing the trojan while still in memory. I’ll post results later.
Hey, it worked!
Upon reboot it removed some files in memory and after coming back up the trojan is gone.
Thanks for posting these instructions. They’re a life saver.
I think there is still some kind of infection. Half an hour ago the system completely locked up. I rebooted and it appears okay but the sound of a movie clip just came on over my speakers and I had heard this before while all those pop-ups were going on. Something fishy is still happening.
The pop ups are no longer coming up but if I just sit here and watch the PC (I’m typing this on a different one) I see windows change focus every now and then by themselves. I’ll run another hijack this and malware scan and see what I find.
Okay, the 2nd run anti-malware showed ROOTKIT.TDSS was installed. Hopefully it’s been deleted successfully.
BE-A-UTIFUL. Had the above virus plus an attached Trojan.Win32. Using the HackThis and Malwarbytes got rid of both of them after I was unable to the previous days by other methods.
This was rock solid.
We couldn’t get malwarebytes to download any advice? This bug is bad!
Jen, ask for help in our Spyware removal forum.
I agree, this is one tough bugger. I found both bugx and mdefense were set to run at startup when I ran msconfig. I don’t use I.E. but I found it running in the background and there appeared to be a lot of traffic. This is one very active P.O.S. I’m just going to re-format.
I found this forum that helped immediately. The instructions were to at startup immediately hit start then run, type in misconfig hit enter, select startup tab and disable all, click apply then ok. This allowed me to download malwarebytes anti malware. I ran the program and it immediately got rid of those malicious viruses
Thank you so much. I ran Advnaced System Protector and Adaware on the sick computer and it looked like it ran clean though it wouldnt allow malwarebytes to run. When looking through items that run at boot I found settdebugx.exe and a few other fishy soundint items. Googling settdebugx.exe brought me to this page. After doing the fix above, malwarebytes is now running and finding all sorts of nasty little buggers. Will let you know how it turned out….thanks!