Windows 10: Windows Defender and Windows Update got disabled by a Malware

Windows Defender failed to protect my pc and the Trojian modified registry according to Malwarebytes. Now i can't even check for updates or run windows defender. The "Antimalware service executable" doesn't exist. Not even "Windows Security" I run the sfc/scannow command with administration, found 0 modifications. I run the windows update troubleshooter, it finds a problem but it doesn't fixes it. I don't know what to do next.










:)

 

What the hell, windows defender?

It is true, none my own personal machines have mining apps on them. But as an IT tech/consultant, and the family/friend/neighborhood "go-to" computer guy, I am no stranger to mining and crypto-currancy systems.

My reply was referring to the fact I saw "none" of the issues on any of my systems you had on yours. Neither did any of the users of the dozens of other computers I am responsible for. None that run with alternative anti-malware solutions suddenly had WD enabled after installing those (or any) updates. And some of those users run mining programs. None of the computers had UAC settings changed. None of my computers had my custom settings revert back to the default settings. Nor did I receive any reports from any of my clients, friends, family complaining some Windows Update changed their custom settings back to the defaults. That was my point.

And for the record, while I may not always hear from friends, family, and neighbors, most of my business clients always call us for problems because we are already contractually obligated to support those systems. Full disclosure - none of those contracted systems run mining programs, all run WD or an alternative solution.

I don't think any company, regardless their product or services, should be so harshly bashed for not supporting the extreme 1% fringe portion of their customers - especially when they are erring on the side of increased security.

Absolutely if you have an alternative anti-malware solution installed (and you have not instructed that solution keep Windows Defender active), then Windows should honor your choice and not enable Windows Defender when any new Windows Update is installed. No argument from me on that whatsoever!

BUT, if you disabled Windows Defender and you have no alternative real-time anti-malware solution installed and running, IMO Microsoft is doing the right thing to enable Windows Defender again. Why? Because without some anti-malware solution running, if you connect to a network that has Internet access you are not just a threat to yourself, you are a threat to me, my family and the rest of society too. Whether you choose to believe it or not.

*****

To report any file/program to Microsoft you suspect might be malicious, or that you believe was incorrectly tagged by Windows Defender as malicious, see Submit a file for malware analysis.

 

What the hell, windows defender?

But how does Microsoft distinguish between the user disabling Windows Defender and malware disabling it? If you make something so easy to disable the bad guys will do it too. Better to err on the side of caution (and re-enable it when no other malware protection exists on the system) than to potentially let malware run roughshod over the system in question.

 

Windows defender's process running despite it being disabled.

Windows Defender is integrated within Windows 10. So you have it and it is running (as it should be) unless you installed a 3rd party "real-time" anti-malware solution. If you are using an alternative security solution, it should have registered itself with Windows Action Center which would then disable the real-time component of Windows Defender - unless you specifically told the 3rd party solution not to register itself.

For example, if you purchased Malwarebytes "Premium", it has a real-time scanner (the free version does not). When you install Malwarebytes Premium, it registers itself in Windows Action Center. But because Malwarebytes and Windows Defender play very well together without hogging resources or causing conflicts, it is often recommended to allow each to run at the same time. So to allow that, the user has to manually go into the Malwarebytes control panel Settings menu and select the option to "Never register Malwarebytes in the Windows Action Center".

I suspect other 3rd party solutions provide similar options so you might check that out if you did indeed, install a 3rd party security solution.

Both Windows Update and Windows Defender are supposed to step way back in to the background so they do not interfere with system performance when you are actively using your computer. But this is not always possible, especially if you regularly shut down your computer when you step away from it (instead of just letting it go to sleep), as too much time may have passed and your system is too far behind in Windows and security updates.

Without you noting which program was actually consuming the lion's share of that 80%, there's no way to tell what, at this point, was causing the problem. However, I would not put it past a browser. Chrome, for example, is very good (or bad, I should say) at eating up a lot of RAM and failing to let it go when exited.