Windows 10: Windows Defender Misses Malware

I'm writing to you about an anti-virus that missed 79 threats.

Sad. =(
I would like to receive a report...

Malwarebytes
www.malwarebytes.com

-Данные журнала-
Дата проверки: 28.01.2019
Время проверки: 23:31
Файл журнала: 2361c266-2344-11e9-b13b-00ff12859955.json

-Информация о ПО-
Версия: 3.6.1.2711
Версия компонентов: 1.0.527
Версия пакета обновления: 1.0.9004
Лицензия: Ознакомительная версия

-Информация о системе-
ОС: Windows 10 (Build 17134.523)
Процессор: x86
Файловая система: NTFS
Пользователь: ASUS\Admin

-Отчет о проверке-
Тип проверки: Полная проверка
Способ запуска проверки: Вручную
Результат: Завершено
Проверено объектов: 215203
Обнаружено угроз: 79
Помещено в карантин: 79
Затраченное время: 7 мин, 42 с

-Настройки проверки-
Память: Включено
Автозагрузка: Включено
Файловая система: Включено
Архивы: Включено
Руткиты: Выключено
Эвристика: Включено
PUP: Обнаружение
PUM: Обнаружение

-Данные проверки-
Процесс: 0
(Вредоносные программы не обнаружены)

Модуль: 0
(Вредоносные программы не обнаружены)

Раздел реестра: 31
Trojan.PBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\bestsalesprofit, Удалить при перезагрузке, [1535], [536638],1.0.9004
Trojan.PBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A7BAA369-32C3-4139-8F86-00941F98C606}, Удалить при перезагрузке, [1535], [536638],1.0.9004
Trojan.PBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{A7BAA369-32C3-4139-8F86-00941F98C606}, Удалить при перезагрузке, [1535], [536638],1.0.9004
Trojan.PBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\bestsalesprofit2, Удалить при перезагрузке, [1535], [536638],1.0.9004
Trojan.PBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7**** HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7**** Удалить при перезагрузке, [415], [586068],1.0.9004
PUP.Optional.UltimateDiscounter****-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ccfifbojenkenpkmnbnndeadpfdiffof, Удалить при перезагрузке, [308], [420429],1.0.9004
PUP.Optional.RussAd, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\OELPKEPJLGMEHAJEHFEICFBJDIOBDKFJ****-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oelpkepjlgmehajehfeicfbjdiobdkfj****-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ojlcebdkbpjdpiligkdbbkdkfjmchbfd****-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}, Удалить при перезагрузке, [248], [382913],1.0.9004
PUP.Optional.RussAd, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\lbjjfiihgfegniolckphpnfaokdkbmdm, Удалить при перезагрузке, [308], [405528],1.0.9004
PUP.Optional.RussAd, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\odijcgafkhpobjlnfdgiacpdenpmbgme, Удалить при перезагрузке, [308], [418615],1.0.9004
PUP.Optional.RussAd, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\phkdcinmmljblpnkohlipaiodlonpinf, Удалить при перезагрузке, [308], [418618],1.0.9004
PUP.Optional.RussAd, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pmpoaahleccaibbhfjfimigepmfmmbbk, Удалить при перезагрузке, [308], [418620],1.0.9004
PUP.Optional.MailRu, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}, Удалить при перезагрузке, [248], [471429],1.0.9004
PUP.Optional.Amigo, HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\amigo.exe**** HKLM\SOFTWARE\CLASSES\IESearchPlugin.MailRuBHO****-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{****-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{****1.0.9004
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\INTERFACE\{2170BCBA-E35C-42A5-9CDB-691334**** HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8E8F97CD-60B5-456F-A201-73065652D099}, Удалить при перезагрузке, [308], [351113],1.0.9004
PUP.Optional.MailRu, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bgcifljfapbhgiehkjlckfjmgeojijcb, Удалить при перезагрузке, [248], [454830],1.0.9004

Значение реестра: 22
PUP.Optional.RussAd, HKU\S-1-5-21-2853281986-3967198410-3313239868-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|CCFIFBOJENKENPKMNBNNDEADPFDIFFOF****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|CCFIFBOJENKENPKMNBNNDEADPFDIFFOF****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|OELPKEPJLGMEHAJEHFEICFBJDIOBDKFJ****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|OELPKEPJLGMEHAJEHFEICFBJDIOBDKFJ****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|OJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|OJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD****-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-****-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-****-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|LBJJFIIHGFEGNIOLCKPHPNFAOKDKBMDM****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|LBJJFIIHGFEGNIOLCKPHPNFAOKDKBMDM****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ODIJCGAFKHPOBJLNFDGIACPDENPMBGME****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|ODIJCGAFKHPOBJLNFDGIACPDENPMBGME****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|PHKDCINMMLJBLPNKOHLIPAIODLONPINF****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|PHKDCINMMLJBLPNKOHLIPAIODLONPINF****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|PMPOAAHLECCAIBBHFJFIMIGEPMFMMBBK****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|PMPOAAHLECCAIBBHFJFIMIGEPMFMMBBK, Удалить при перезагрузке, [308], [418620],1.0.9004
PUP.Optional.MailRu, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}|APPPATH, Удалить при перезагрузке, [248], [471429],1.0.9004
Trojan.PBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7**** HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A7BAA369-32C3-4139-****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bgcifljfapbhgiehkjlckfjmgeojijcb****-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|bgcifljfapbhgiehkjlckfjmgeojijcb, Удалить при перезагрузке, [248], [454830],1.0.9004

Данные реестра: 0
(Вредоносные программы не обнаружены)

Поток данных: 0
(Вредоносные программы не обнаружены)

Папка: 0
(Вредоносные программы не обнаружены)

Файл: 26
PUP.Optional.MailRu, C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\MAIL.RU.LNK**** C:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\BESTSALESPROFIT.LNK, Удалить при перезагрузке, [1535], [536634],1.0.9004
PUP.Optional.MailRu, C:\USERS\ADMIN\FAVORITES\Mail.Ru Агент - используй для общения!.url**** C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Перезаписано, [308], [420429],1.0.9004
PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Перезаписано, [308], [437841],1.0.9004
PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Перезаписано, [308], [418617],1.0.9004
PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Перезаписано, [308], [405528],1.0.9004
PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Перезаписано, [308], [418615],1.0.9004
PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Перезаписано, [308], [418618],1.0.9004
PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Перезаписано, [308], [418620],1.0.9004
PUP.Optional.RussAd, C:\USERS\ADMIN\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IESEARCHPLUGIN.DLL**** Удалить при перезагрузке, [0], [392686],1.0.9004
PUP.Optional.MailRu, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Перезаписано, [248], [454830],1.0.9004
PUP.Optional.MailRu, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Перезаписано, [248], [454830],1.0.9004
PUP.Optional.MailRu, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences**** C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Перезаписано, [248], [454830],1.0.9004
Adware.Elex.ShrtCln, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Sync Data\SyncData.sqlite3, Перезаписано, [268], [454693],1.0.9004
Adware.Elex.ShrtCln, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Перезаписано, [268], [454693],1.0.9004
PUP.Optional.MailRu, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Sync Data\SyncData.sqlite3, Перезаписано, [248], [454830],1.0.9004
PUP.Optional.MailRu, C:\USERS\ADMIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Web Data, Перезаписано, [248], [454830],1.0.9004

Физический сектор: 0
(Вредоносные программы не обнаружены)

Инструментарий управления Windows (WMI): 0
(Вредоносные программы не обнаружены)



(end)


[Original Title: Windows defender]

:)

 

Windows Defender Fails Malware Test

Naw... I'll just stick by Windows Server 2003 SP #1 fully hotfix patched (& current on that note), for now @ least, & doing what I do, to get THIS kind of security analysis score:





I never suck in virus' either! The 2 the times I thought I did, the past 15 years now? They were my own fault (running 2 antivirus once, & another I don't know WHAT caused it, or I can't recall specifics anymore) in "false positives"!

Ever since I started implementing a BOAT LOAD of things ANYONE can do, if they take 45 min. - 1 hr. running, or doing:

• BELARC advisor

• Using some security & speed oriented .reg file hacks

• gpedit.msc (altering various policies for better security)

• secpol.msc (hardening default security policies)

• lusrmgr.msc (hardening default userrights)

• regedit.exe (registry hive ACL rights)

• explorer.exe (NTFS rights)

• Turning off java/javascript & ActiveX/ActiveScripting in browsers

• Using Tcp/IP ports filtrating (easy to do in IP properties)

• Turning off Services I do NOT use that may have holes

• AntiVirus (AntiVir, NOD32, AVG, or Norton Corporate 10.2 edition (my favs @ least - I keep 1 resident, & one other as a 2nd opinion))

• AntiSpyware program (I like AdAware & SpyBot + use both, 2nd opinion stuff again)

• SEVERAL AntiRootkit programs (GMER, AVG, BitDefender, BlackLight, Rootkit Buster, Rootkit Revealer, AntiRootKit, Rootkit Hook Analyzer, Sophos - all many doctors opinions from what I feel IS the biggest threat out there now, rootkits)

• + using a hardware NAT firewall in combination w/ a software firewall (ZoneAlarm used to be good, & the native Windows firewall isn't bad, except for noting outgoing packets)

• Keeping up on Microsoft security patches to the OS & programs from them I use

• Being SMART about not opening email attachments & also using TEXT or RTF as my email reading format too

• After trimming services I do NOT use (& even the ones I don't as well, set disabled or not), I secure them ALL, per this thread:

Securing Windows 2000/XP/Server 2003 services HOW TO

• Using adbanner blocking HOSTS files (adbanners have been found to hold malicious code more than a few times the past 4-5 years now mind you)

*HARD TO BELIEVE ON THAT NOTE OF ADBANNERS HOUSING MALWARES IN SCRIPT & MORE?

CHECK THIS, DATED TODAY 02/21/2007:

Microsoft apologises for serving malware

APC's February 2019 issue is out now! | TechRadar

*Smile

* YOU DO ALL OF THAT? Yes, You CAN be safe online & use Windows, just takes a bit of work... 1 hr. implementing it all, & maybe another 1/2 hr. testing it (like when you secure services - I did a BIG list, but not every possible service under the sun, because I have not run them ALL!)

MS ships their Operating Systems 'generic' enough to run on anything FULL FUNCTION, right outta the box... this can be its 'problem' too!

APK

P.S.=> Funny thing is though, I don't think we'll EVER be "110% solid secure" unless we go OFFLINE... @ least not for another 5 yrs. or so & then I think we'll be REALLY close @ least!

Microsoft's taking the RIGHT steps, in the RIGHT direction in their apps & OS, & so are other vendors too... this is a GREAT trend!

Heck - funny thing is? Snort turned up a security hole the other day... a program you CAN use to defend yourself... mistakes & oversights get made is all, still now even.

Today? It's the "Wild West" still, not as bad as it used to be in the earlier days/decades, but still 'risky' to an extent... still in the Stone Age guys, you'll miss these days, when they are gone... apk

 

Windows Defender Fails Malware Test

Microsoft’s very own antivirus software, Windows Live OneCare, was recently found to be failing Vista users, and now the same has been discovered for its free anti-spyware application. In tests carried out by Australian company Enex Testlab, Windows Defender struggled to detect just half of the malware which it was tested with, with the quick scan finding missing most of the malware and the full scan finding only 53.3%. It would be best to note that the test was financed by competing company PC Tools, which claims the test was unbiased, although the winning software (detecting 88.7% of malware) was PC Tools’ very own Spyware Doctor. Windows Defender was released as a final version in October 2006, so it is relatively new and of course (being free) costs less than Spyware Doctor.

Source: Techworld.com

 

Windows Defender notification of malware detection

Hello,

Thank you for keeping us posted and we appreciate your continued patience on this issue.

At this point, I suggest you to update the Windows Defender program and check if it helps.

To check for new Windows Defender definitions manually:

• Open Windows Defender.
• Click the arrow next to the Help button, and then click Check for updates. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Also, check if the detection is of the same malware file or not. Again, see if it is any specific program or a file you try to access which triggers the detection.

Additionally, view the log in Event Viewer to check if the malware is removed every time it is prompted.

To open the Event Viewer. To do so, follow the below steps.

• Go to the Control Panel and choose to click on the
  Administrative Tools icon.
• The above action will open up a new window of the Administrative Tools where you will see the
  Event Viewer.
  

You can view Windows Defender "Operational" events in Event Viewer under Applications and Services Logs -> Microsoft -> Windows -> Windows Defender.

Kindly keep us posted, for us to be able to assist you further.

Thank you.