Synaptics Pointing Device Driver Virus/Malware, Fake Defender Control

  • Thread startercloud9atom
  • Start date
C
cloud9atom
New member
Joined
30.07.2023
Messages
21
Solutions
4
Reaction score
46
Since we use cr@cked software that most of the times requires to disable Windows Defender, we (including me) tend to use software that automates this process, the most popular one is Defender Control by sordum.

Problem is, a fake defender control circulates on the internet that has virus/malware included. It infects other executables on your system, it goes under the name "Synaptics Pointing Device Driver" meaning that it is trying to look legitimate (like the real Synaptics driver).

Here are the instructions to remove it, they doesn't require you to re-enable Windows Defender. Attached some pictures for help, only one screenshot is mine, credits go to the owner for the other ones.

1. Open Task Manager, the windows automatically opens to "Processes", search for "Synaptics Pointing Device Driver", if you find it, select it and click on End Task.
2. Search in taskbar "File Explorer Options", open it, go to "View", uncheck/untick "Hide protected operating system files (Recommended)", a window will pop up, click on yes, then apply.
3. Open File explorer, go to "C:\ProgramData", look for "Synaptics" folder and delete it.
4. Search in taskbar "File Explorer Options," open it, go to "View", check/tick "Hide protected operating system files (Recommended)".
5. Search in taskbar "Registry Editor", go to "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run", search for "Synaptics Pointing Device Driver", delete the registry key.
6. Restart.
 
Download attachments
  • 1.png
    1.png
    159.2 KB · Views: 688
  • 2.png
    2.png
    214.1 KB · Views: 688
  • 3.png
    3.png
    93.9 KB · Views: 588
  • 4.png
    4.png
    113 KB · Views: 595
  • 5.png
    5.png
    105.8 KB · Views: 659
  • 6.png
    6.png
    36.6 KB · Views: 609
  • 7.png
    7.png
    55.6 KB · Views: 690
  • 8.png
    8.png
    69.4 KB · Views: 620
  • 9.png
    9.png
    60.7 KB · Views: 609
Last edited:
  • Like [+1]
Reactions:fouadtl, star10, grisleigh and 15 others
Also the best way to stop this virus from spreading, while you clean up the mess that its already caused, is to create a file (txt file, any file) in the "C:\ProgramData\Synaptics" folder, rename it to synpatics.exe, then set all file permissions to "deny"... try delete the file, if Windows doesn't let you have succeeded... virus can no longer respawn on that PC.

Are you sure its a fake "defender control" and not just the program infected with the virus? As this virus works by infecting all other EXE files on the infected computer... if not caught quickly it can get close to impossible to fully clean the PC without losing a lot of programs...

I know for a fact that "Eucartech" Xentry installations were responsible for a lot of infections of this virus, as their DTS Monaco 9 was infected.

Also a way to recover you file from this virus is either, unzip with 7zip the infected file and the original file will be there (you must set file permission to show hidden system files) or use a sandbox and run the file, and the original uninfected file is extracted...
 
  • Like [+1]
Reactions:fouadtl, grisleigh, pockysticks and 3 others
Actually one more thing to point out about that virus... you will find that the icon of many infected EXE has changed, usually the icon of the file that was the source of the virus... helps hunt down where you got the virus in the first place.
 
  • Like [+1]
Reactions:babbel2020, Darkening1820 and cloud9atom
So, apparently, newer versions of this virus, automatically reenable the "Hide protected operating system files (Recommended)", in an instant after you pressed on OK and the window closes.
Also, the "explorer.exe" process can be shutdown but it automatically reopens.

Solution would be to run a full scan of defender in SAFE MODE, check the infected file, open in 7zip and replace the file from there.
Can also be done with SSD taken out and plugged into another computer as external SSD.
 
Download attachments
  • synaptics.PNG
    synaptics.PNG
    240 KB · Views: 529
Thank you for the post. I was not interested in the virus but in Windows Defender problems.
It's annoying because you can stop it in Windows 11, but after restarting, the computer Defender is there again.
I didn't know about Defender Control by sordum and I will give it a try. It could be my solution.
By the way, I wish I won't have any problems with viruses. I'm going to download the software from the official sordum website.
 
  • Like [+1]
Reactions:babbel2020 and pockysticks
I have installed Defender Control by sordum in my Windows 11, and it works perfectly well. Windows is not turning on Defender any more.
This soft is free on the official sordum site, and has no virus. It's a pity that your computer was infected.
Thanks again.
 
The following steps also help:

Win-Key + R, type "regedit", go to: "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender", create a new Key with "Real-time Protection",
add "DisableRealtimeMonitoring" as "DWORD" value (REG_DWORD), change Value from 0 to 1.

This works similar with the update function of Windows.
 
  • Like [+1]
Reactions:lötkis
Use this fix to remove it and restore the program.
 
Download attachments
  • Synaptics Killer v5.rar
    External link · Views: 16
  • Like [+1]
Reactions:GentleM, gadalayn, cloud9atom and 5 others
Use this fix to remove it and restore the program.

After using this software to clean Synaptic, my computer became completely infected and lost a lot of software.
I don't know what happened.
 
I face the "synaptics.exe" virus while installing Renolink on the CD I received with the cable. It destroys all my EXE on my PC, I have to clean them manually by hex editor. Below I made a video of what I face and what I did to clean most of my programs.

[ Log in or register now to view this content ]
 

Similar threads

N
  • Nicholaz
  • Diagnostic and engineering software
Replies
1
Views
344
krugger
K
Back
Top Bottom