Windows 10: Malware removes Windows Defender

Discus and support Malware removes Windows Defender in AntiVirus, Firewalls and System Security to solve the problem; Hi! About two weeks ago I've got a virus, which not only wasn't found or blocked by Windows Defender but it has completely deleted Defender from... Discussion in 'AntiVirus, Firewalls and System Security' started by Gacorek11, May 14, 2020.

  1. Gacorek11 Win User

    Malware removes Windows Defender


    Hi! About two weeks ago I've got a virus, which not only wasn't found or blocked by Windows Defender but it has completely deleted Defender from system! I've used Malwarebytes to delete malware and then I used system restore to have Defender back. But two days ago the same thing happen! There is no Defender in system tray, nor working in the background. Manually launching an app shows an empty window with "At glance" text like on a screenshot below: Malware removes Windows Defender 72522788-8f1a-4f3e-ab7a-786619b795a5?upload=true.png

    There is also no WinDefend or SecurityHealthService in Windows Registry.
    Windows Update is also broken - gives an 0x80070424 error.

    Here is a report from my Malwarebytes scan:

    Registry key: 3

    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\STARTUPCHECKLIBRARY, Dodano do kwarantanny, 490, 735770, , , ,

    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B07CFF68-8ED4-4020-998B-0DAD7FDF806D}, Dodano do kwarantanny, 490, 735770, , , ,

    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{B07CFF68-8ED4-4020-998B-0DAD7FDF806D}, Dodano do kwarantanny, 490, 735770, , , ,



    Registry Value: 2

    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B07CFF68-8ED4-4020-998B-0DAD7FDF806D}PATH, Dodano do kwarantanny, 490, 782993, 1.0.23708, , ame,

    RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNWINLOGUI, Dodano do kwarantanny, 854, 604807, 1.0.23708, , ame,



    Registry Data: 3

    PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTERANTIVIRUSDISABLENOTIFY, Zastąpiono, 13646, 293294, 1.0.23708, , ame,

    PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTERFIREWALLDISABLENOTIFY, Zastąpiono, 13646, 293295, 1.0.23708, , ame,

    PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTERUPDATESDISABLENOTIFY, Zastąpiono, 13646, 293296, 1.0.23708, , ame,



    Folder: 3

    PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Dodano do kwarantanny, 325, 455070, , , ,

    PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Dodano do kwarantanny, 325, 455070, , , ,

    PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Dodano do kwarantanny, 325, 455070, , , ,



    File: 16

    Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, Dodano do kwarantanny, 490, 735770, 1.0.23708, , ame,

    RiskWare.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, Dodano do kwarantanny, 854, 604807, , , ,

    Trojan.FakeMS.TskLnk, C:\WINDOWS\SYSTEM32\STARTUPCHECKLIBRARY.DLL, Dodano do kwarantanny, 4082, 676770, 1.0.23708, 5A74DC805B2D0D63F8E75887, dds, 00716168

    PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Dodano do kwarantanny, 325, 455070, , , ,

    PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000102.ldb, Dodano do kwarantanny, 325, 455070, , , ,

    PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000104.ldb, Dodano do kwarantanny, 325, 455070, , , ,

    PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000105.log, Dodano do kwarantanny, 325, 455070, , , ,

    PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000106.ldb, Dodano do kwarantanny, 325, 455070, , , ,

    PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Dodano do kwarantanny, 325, 455070, , , ,

    PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Dodano do kwarantanny, 325, 455070, , , ,

    PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Dodano do kwarantanny, 325, 455070, , , ,

    PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Dodano do kwarantanny, 325, 455070, , , ,

    PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Dodano do kwarantanny, 325, 455070, , , ,

    PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Zastąpiono, 325, 455070, 1.0.23708, , ame,

    PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Zastąpiono, 325, 455070, 1.0.23708, , ame,

    PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Zastąpiono, 325, 455070, 1.0.23708, , ame,


    "zastąpiono" = replaced; "Dodano do kwarantanny" = Added to quarantine
    All quarantined items were deleted later.

    Windows 10 Home 64-bit
    Version: 1909
    Compilation: 18363.815

    I know that I have to reinstall system now, but first of all, Defender does not fulfill it's task, and second - I don't know where the virus comes from and how to become immune for it.

    I'm sorry for my bad english. I hope you can help me!

    :)
     
    Gacorek11, May 14, 2020
    #1
  2. Amadeus51 Win User

    Malware removal


    Understood, OldMike. I will keep your suggestion in mind. I always appreciate suggestions from those who know more than I do. I think the Malware did do more than one scan, because I had to approve removal of what it found twice. I don't see Windows Defender on the list of programs. I think it was on there before they redid the software. Pluto TV also disappeared.
     
    Amadeus51, May 14, 2020
    #2
  3. Le Boule Win User
    Get message Defender is removing Malware.

    Sounds like the malware detections may be in a browser.

    Can you give us the complete name/file path of the malware (as it appears under quarantine or on the list of detected items)?

    Have you emptied temporary internet files and rebooted the computer? Then do a manual update of WD followed by a Quick Scan.

    Any new browser extensions that need to be disabled?

    Try this free scanner:
    http://blog.emsisoft.com/2015/06/09/how-to-find-and-clean-malware-infections-with-emsisoft-emergency-kit/


    If the detections continue see the following free removal guide from Malwaretips.com:
    Remove Viruses, Trojans & Malware from Windows PC (Free Guide)

    To remove malware from Windows, follow these steps:

    STEP 1: Scan your computer with Kasperskty TDSSkiller

    STEP 2: Scan your computer with Malwarebytes Anti-Malware

    STEP 3: Stop the malicious process with Rkill

    STEP 4: Double-check for malware with HitmanPro

    STEP 5: Scan your computer with AdwCleaner

    (OPTIONAL) STEP 6: Scan your computer with Zemana AntiMalware

    (OPTIONAL) STEP 7: Reset your browser to default settings

    Regards…

    Top 10 Ways PUPs Sneak Onto Your Computer. And How To Avoid Them. | Emsisoft | Security Blog
     
    Le Boule, May 14, 2020
    #3
  4. Jaune Bel Win User

    Malware removes Windows Defender

    Windows Defender was permanently disabled by a malware

    Hi Robbie,

    You would have to remove the malware first before you can turn on the Windows Defender again. You can use the

    Malicious Software Removal Tool
    to eliminate the malware that entered your PC. Once you have removed it, you can turn Windows Defender on. You can refer to the below steps to turn on the Windows Defender:

    • Select the Start button.
    • Click Settings, then select Update & Security.
    • Click Turn on Windows Defender.

    To know more on how to protect your PC with Windows Defender, refer to this
    link
    .

    Let us know how it goes.
     
    Jaune Bel, May 14, 2020
    #4
Thema:

Malware removes Windows Defender

Loading...
  1. Malware removes Windows Defender - Similar Threads - Malware removes Defender

  2. Windows Defender only partially removing malware

    in AntiVirus, Firewalls and System Security
    Windows Defender only partially removing malware: Hi I have a Windows 10, 64bit platform. I noticed that my screen was momentarily going black when opening some applications mainly Microsoft ones. One suggestion was to download the virus checker from Microsoft MSERT which I did and ran. It picked up the...
  3. Malware disabled (or removed) Windows Defender

    in Windows 10 Ask Insider
    Malware disabled (or removed) Windows Defender: Here's what happened: i started my laptop normally and i went AFK for a while, the fan went full power, it was weird because I've never heard it going so fast, so I opened task manager to search for the culprit and the fan went slow again, I IMMEDIATELY thought "cryptominer",...
  4. Malware removal

    in AntiVirus, Firewalls and System Security
    Malware removal: how do I get rid of "SEGURAZO"? https://answers.microsoft.com/en-us/windows/forum/all/malware-removal/f9696282-beb0-446e-8a62-ce9ef7bbe71f"
  5. malware removal

    in AntiVirus, Firewalls and System Security
    malware removal: How to remove a rogue Chromium from windows 10 ver 1903 https://answers.microsoft.com/en-us/windows/forum/all/malware-removal/0b4e954c-b9b2-4458-b2f7-c9713d40ac53"
  6. Defender unable to find and remove virus or malware

    in Windows 10 BSOD Crashes and Debugging
    Defender unable to find and remove virus or malware: Hi, there seems to be an elusive virus on my Wins 10 hard drive even though I have used Defender (updated) to do mini and full scans online and offline. It initially took downloaded software from Brother website, and Kindle app from Amazon website and installed them on a...
  7. malware removal

    in AntiVirus, Firewalls and System Security
    malware removal: My computer is infected with malware called eleseems-insector. How can I remove it. https://answers.microsoft.com/en-us/protect/forum/all/malware-removal/7c20f981-2735-49e6-a327-541f0f686bd0
  8. Malware removal

    in AntiVirus, Firewalls and System Security
    Malware removal: Hello. I am running Windows 10. I had a pop up take over my screen while online, using Firefox. It started talking to me and telling me I was under attack, etc. Figured it was ransomware and shut down pc immediately. I have run scans using Defender, AVG, Avast, Spybot, and...
  9. Malware removal

    in AntiVirus, Firewalls and System Security
    Malware removal: After windows updates Im getting a lot of malware when I open my checking account and other items https://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning-windows_10/malware-removal/bbd54074-6d98-4d3b-b116-07e35d4a6115
  10. Malware removal

    in AntiVirus, Firewalls and System Security
    Malware removal: Okay, gang, the computer illiterate is back. I have voices doing commercials coming from my computer even when I'm offline. I assume it's some sort of Malware. I bought and DL McAfee, but I can't get it to either scan or open. It says it updated and I needed to reboot, which...