Windows 10: Active threats have not been remediated - Windows Defender.

Hello,


I have scoured the internet to try to figure out how to fix this problem. It appears that malware has hijacked my UEFI firmware. I tried running Malwarebytes with rootkit detection in regular and safe mode, ADWcleaner, FRST, as well as an offline Windows Defender scan, and lastly, flashing the BIOS but cannot wrap my head around what to do. Any help would be appreciated.


Best,


Brandon



Threat Detected: Active threats have not been remediated and are running on your device.


Severe

Trojan:Win32/Dorv.D!rfn

8/9/2020 2:12 AM

This program is dangerous and executes commands from an attacker.


Affected items:


uefifirmware: \UefiImage->BootScriptHidePei

:)

 

Active threats have not been remediated and are running on your device

I have a problem where it says Active threats have not been remediated and are running on your device

I cannot remove it for some reason, I've pressed the actions and pressed remove, quarantine but it did nothing if anyone has any idea how to fix this please help me thanks

 

Windows defender false positive - forced to allow threat

Windows defender has started to identify C:\Windows\System32\mshta.exe as a threat [normally reported as a Trojan Powessere.G]. I use mshta.exe to run an hta custom MsgBox - I have been hoping to keep using my current CustomMsgBox tool [batch file calling a vbs-hta file] until later this year when I hope to have had enough time to replace it with a PowerShell alternative.

Windows defender's notification lets me "allow the threat" but that seems to me to be a bigger security hole than is necessary - it will now ignore a potentially real intrusion when all I want to run is a genuine Windows component. My immediate problem is fixed but I would prefer to fix the false positive using the exclusions list.

I cleared the 'Allowed threats history' so I could use the exclusions list instead. I added C:\Windows\System32\mshta.exe to the file exclusions list and I checked that it had taken properly by checking the exclusions list both in the UI & in the Registry. But the exclusion made no difference, it continued to detect and block the exe.

I have repeated the attempt several times [by clearing the allowed threats list & exclusions list beforehand] and the results are the same every time
- allowing the threat works,
- using the exclusions list has no effect.

I studied the relevant tutorial but have not spotted an error in what I have been doing - Add or Remove Windows Defender Exclusions

Does anybody with experience of using the exclusions list to counter false positives have any suggestions for me?

Denis

 

WINDOWS DEFENDER IS NOT REMOVING THREATS

I'm having a problem with Windows Defender the threats found after I ran a full scan that last maybe around 10 hours cannot be removed by windows defender. I selected the remove option and it shows processing but after a while
the threats are still listed and active. I already ran a offline scan and a quick scan but neither fix the problem.

I already ran a secure boot and see if third-party apps are causing the problem but nothing works the threats are still listed and active. I checked the location of the file and manually deleted it even on my recycle bin but
the threats are still there and labeled as active. This very annoying. I think this is an error in the windows defender part because I installed Malwarebytes and ran a full scan which took a couple of hours and found nothing because like I've said I have deleted
the file location where the threats are.