Windows 10: A ransom virus has deleted my windows defender registry

Yesterday i've been hit by ransomware virus.

I could log in to my pc but some of my files were encrypted.

It took control of my kaspersky any virus and windows defender.

I tried clean install then tried to scan my pc using windows defender but it appears that the virus deleted WD registry files


What should i do to fix this and to be sure that i don't have the virus anymore ?

:)

 

New Trojan that Demands a Ransom

There is a new virus out there discovered by virus hunters known as "Cryzip". The Trojan encrypts your files and then demands a $300 ransom for the decryption password to get your files back. After encrypting the files, the virus leaves a nice step-by-step guide of how to go about paying the ransom off. It's supposedly spread through email Spam, and has successfully evaded anti-virus scanners.

Source: eWeek

 

Cannot turn on Windows Defender virus protection

I had the same sort of symptoms. In the Windows Security Center, under Virus and threat protection, it said "Your virus & threat protection is managed by your organization."





I note you mentioned the Registry Keys under HKLM/SOFTWARE/Microsoft/Windows Defender. Nice spotting, but it seems like there is another key that is causing the problem for some users.

Steps to a solution:

1. Press the Windows key and type "regedit"
   
2. On the regedit icon that appears, right-click and select Run as Administrator.
   
3. Navigate to the folder located at HKLM\SOFTWARE\Policies\Microsoft\Windows Defender (You can paste this into the address box at the top of the window, or navigate manually using the side directory structure)
   
4. In this folder, there are probably two keys. Right-click and Delete the DisableAntiSpyware key.
   
5. Exit regedit, and return to the Windows Defender settings screen (refresh it if necessary). Windows Defender should have the scan options available and working.
   

Solution adapted from here, with a much more detailed solution here.

 

Windows Defender realtime scanning will not switch on - it detects another anti-virus product.

Windows Defender realtime scanning will not switch on, and the message suggests there is another anti-virus product present but if there is it does show up in Window 10 UI.

The long story is that I am troubleshooting a problem with application software. The manufacturer suggest removing Bitdefender because there product is incompatible. I thought I would give this a try, if only to element Bitdefender as a cause.

Firstly, I upgraded from Bitdefender 2016 to 2017 to see if that made a difference. The application still failed so I decided to try removal.

• I used the standard uninstall to remove Bitdefender 2017, rebooted but Windows Defender would not start realtime protection because another product was providing realtime protection
• I download the uninstall application for Bitdefender 2017, ran it then rebooted but Windows Defender would not start realtime protection because another product was providing realtime protection
• I checked the file system and all Bitdefender files have been deleted.
• I check the registry and found a couple of references to Bitdefender Wallet, then deleted these.
• I rebooted but Windows Defender would not start realtime protection because another product was providing realtime protection
• I reran the uninstall application for Bitdefender 2017 then rebooted but Windows Defender would not start realtime protection because another product was providing realtime protection.
  

I can find no traces of Bitdefender so I wonder why Windows Defender detects another anti-virus software. I've check other posts but couldn't find additional steps for uninstalling an anti-virus software. Any suggestions?

Moved from Windows 10