Windows 10: Windows Defender Stuck on Removing Severe Threat

Discus and support Windows Defender Stuck on Removing Severe Threat in AntiVirus, Firewalls and System Security to solve the problem; OK... the whole malware crap began when my employer sent a file to me and it showed up in skype as a long url (instead of the file) He frequently... Discussion in 'AntiVirus, Firewalls and System Security' started by kstavert, Aug 8, 2016.

  1. kstavert Win User

    Windows Defender Stuck on Removing Severe Threat


    OK... the whole malware crap began when my
    employer sent a file to me and it showed up
    in skype as a long url (instead of the file)

    He frequently sends DropBox links so I didn't
    really think anything of it.

    I copied the link and put it into a browser search
    and, when it took me to skype (I'd not been paying
    attention to the url), I realized that it was malware.

    I thought all was well because I'd not logged into
    my skype account... NOT

    When I sent a file to another computer, via skype
    the same malware link showed up.

    is it possible that the malware was IN the LINK?

    all three computers ended up with the same
    malware.

    I just finished a scan on the last PC and there
    are two additional files that MSERT couldn't/
    didn't remove

    BackdoorWindows Defender Stuck on Removing Severe Threat :pHP/Small.M
    BackdoorWindows Defender Stuck on Removing Severe Threat :pHP/WebShell

    Plus, these three
    VirTool:JS/Obfuscator.HO
    VirTool:JS/Obfuscator.HS
    VirTool:JS/Obfuscator.HN

    Do I use any different tools or different order
    to remove these additional malware?

    once complete, I will follow the directions for
    creating an image of the computers.

    Thank you

    Karen
     
    kstavert, Aug 11, 2016
    #16
  2. Borg 386 Win User

    iObit has some shady practices when it comes to installing unwanted items, such as PUP's.

    IObit installs toolbar w/browser hijacker, adware: PC Talk Forum: Digital Photography Review

    IObit Malware Fighter: An anti-malware program that attempts to install malware Cloudeight InfoAve

    Using their uninstaller might not be a good idea, being you don't know what's going to be left behind.

    Suggest you uninstall it using Revo uninstaller (Free version) to make sure it gets all of the items out of your PC. Be sure to read the documentation well when using this program & make a back up as you can easily hose your OS if the wrong reg keys are removed.

    Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems

    Revo Uninstaller Pro - How To

    Did you run TDSSKiller & did it find anything?


    Windows Defender Stuck on Removing Severe Threat [​IMG]
    Note When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.

    It seems your getting reinfected from a source somewhere, if it showed up after sending a certain file to another PC, or the infection showed up after running a certain program/opening a file, then it's possible that file could be housing the malware.

    Any files you suspect should be submitted to VirusTotal

    VirusTotal - Free Online Virus, Malware and URL Scanner

    Note: Maximum file size: 128MB

    Meanwhile, there is a program called Norton Power Eraser that uses aggressive scans to try & ferret out deep rooted infections.

    Norton Power Eraser | Free Tool | Easily remove scamware that traditional virus scanning can’t detect.


    Norton Power Eraser Tutorials
     
    Borg 386, Aug 11, 2016
    #17
  3. kstavert Win User
    You guys are a wealth of very useful tools and info...

    thank you.

    I was oblivious to where iObit came from. I did know
    that their software is VERY obtrusive... kept trying to
    install more things...

    I've used Revo for many years... just used it to uninstall
    iObit and will make sure to never install any of their
    software again.

    Currently, Mbar is running on the last computer - the last
    one to be cleaned.

    I don't believe that I ran TDSSKiller... don't think that
    it was on the list? It's now in my arsenal and I will
    run it on all 3 computers once this one is cleaned.

    Any other recommendations/suggestions?

    thank you
    Karen
     
    kstavert, Aug 11, 2016
    #18
  4. Borg 386 Win User

    Windows Defender Stuck on Removing Severe Threat

    Yes, I mentioned it in post #6 (TDSSKiller). Go ahead & run that right away after the current scanner finishes. If you have a rootkit that could be one of the reasons the virus keeps returning.

    The link you are using my be redirecting you to another site that has malware. Check the link by R clicking & look at the Web Document addy to see if there are any misdirecting insertions. You can read how to spot those here:

    How to Recognize a Fake URL | eHow

    How to spot a fake link
     
    Borg 386, Aug 11, 2016
    #19
  5. Here's a TDSSkiller tutorial:

    Kaspersky TDSSKiller: Detect / Repair TDSS Rookits
    There are a few things to note about TDSSkiller:

    • Under options: Tick Loaded modules restarts the machine and loads a Kaspersky monitor - answer yes if prompted on the restart. This option protects the scanner from malware

    • Run TDSSKiller twice
      The first time accept the default recommendations - it will clean up known malware, but copy potential malware to quarantine (it won't remove the Potential malware). This allows you to send the file(s) to VirusTotal or another service for inspection. If the service finds the file harmful, you should clean it on the 2nd run.

    • There is a section on VirusTotal tool which points to another tutorial - you can use that or go directly to the VirusTotal website and upload any suspicious files there.

    • You may also accept that TDSSkiller knows what's it's doing and clean all suspicious files, although I can't honestly recommend doing that (I'd rather get a 2nd opinion BEFORE deleting a file).


    Once you've completed all malware on-demand scans, run the following to check that system files are intact ... each utiltiy might take soem time to complete. Please report back if any integrity errors are shown on the screen.

    Command Prompt (Admin)

    Dism /Online /Cleanup-Image /RestoreHealth

    SFC /ScanNow
    The order I usually run the scanners:

    • Full scan using the installed AV product
      If you use Windows Defender - run it offline
      Settings > Update & security > Defender > Offline

    • TDSSkiller

    • Malwarebytes

    • Temp File Cleaner

    • AdwCleaner

    • JRT

    • Hitman Pro (trial)

    • ESET Online Scanner
      -> This scan takes a long time, many people replace this step with Emsisoft Emergency Kit

    Please post the logs if you require assistance.

    Particularly difficult malware might require another offline scanner, such as Avast or Bitdefender, but the above list is normally more than sufficient to declare victory.

    The entire scanning process should be run in one session so that malware has less of a chance to re-infect. Depending on the work to be performed (clean up), it could take an entire day. You don't have to sit there and watch it, but you shouldn't use the machine while cleansing it. Run the scan, come back and if it's done, start the next one
     
    Slartybart, Aug 11, 2016
    #20
  6. kstavert Win User
    My sincerest apologies... I was trying to work and
    fix 3 computers at the same time... and, didn't pay
    attention to the scan results.

    It took 4 days to scan my main PC - 1 TB internal
    drive and 3 TB external drive ;( and I didin't use
    it the whole time.. YUCK!

    After they were all done, I ran msert on quick scan
    to see if it found anything else... I think/hope/believe
    that all 3 computers are now clean..

    I am making system backup files of all right now.

    I have the scan results if those would be of value?

    thank you with all my heart for your very complete
    and generous assistance.

    Karen
     
    kstavert, Aug 15, 2016
    #21
  7. kstavert Win User
    I had asked if it's possible that a link
    contains a virus... would anyone know?

    I run a live skype support room. More
    and more frequently, when people
    try to send files to me - or any link
    for that matter, it shows up as the
    malware link. (I no longer download
    anything that is sent to me)

    I have not touched it again...

    and, I don't know whether the
    link is being transformed to malware
    because of something on my computer
    or a virus on their computer?

    Any thoughts?

    I took a screenshot of the malware
    link and uploaded it to prnt.sc... here's
    the link to that screenshot:

    Screenshot

    Thank you again

    Karen
     
    kstavert, Aug 15, 2016
    #22
  8. simrick Win User

    Windows Defender Stuck on Removing Severe Threat

    Hi.
    Please have a read here:
    Solved: Re: Spoofed message from contact - Page 32 - Skype Community

    It is important that every account "sending" these malicious links have a password change immediately. It looks to be the result of hacked usernames+passwords; many time the passwords are being reused across multiple logins/applications. It could also be a spoofing issue, but changing the password would be the best course of action at this point. Unfortunately, I don't think Skype offer 2-factor authentication (yet?).

    Someone mentioned that you can delete the spam message(s) if you log into the Skype Web app (Skype for Web BETA?).

    You can check if your email has shown up on hacked lists at these 2 websites:

    Find the source of your leaks

    Have I been pwned? Check if your email has been compromised in a data breach

    You can run this command in a skype chat window to see how many logins exist for your account: /showplaces
    If you see unfamiliar logins, you can try the command /remotelogout to get rid of them.

    And finally, here's a good page on Skype security:
    Protecting your online safety, security and privacy

    It has a link to contact support and report this stuff.
     
    simrick, Aug 15, 2016
    #23
  9. No apologies necessary

    4 days is a long time, but that's a lot to scan. msert isn't the best tool - a quick scan in Mbam would be better in the future to get a snapshot. BTW, what AV product is running on your machine (Defender or a 3rd party solution ... Avast, Panda, BitDefender ....?)

    *Arrow Yes, please put the scan logs in a compressed folder and attach them to a new post.

    You're welcome Karen,

    Bill
    .
     
    Slartybart, Apr 5, 2018
    #24
Thema:

Windows Defender Stuck on Removing Severe Threat

Loading...
  1. Windows Defender Stuck on Removing Severe Threat - Similar Threads - Defender Stuck Removing

  2. Windows Defender failing to remove threats.

    in AntiVirus, Firewalls and System Security
    Windows Defender failing to remove threats.: Hi! Recently an old computer of mine had its data transferred from its disk to this computer. What happens is that the old computer seems to have had some kind of riskware, malware installed or "potentially unwanted apps" as windows defender calls them. Windows Defender is...
  3. Severe Threat removal

    in Windows 10 Gaming
    Severe Threat removal: I did a full scan of my laptop and a Trojan was detected. I selected to have it removed and 40 minutes later it still hasn't completed the task. Is there a problem? https://answers.microsoft.com/en-us/windows/forum/all/severe-threat-removal/46aed1f3-cb71-4da2-8281-c85d177ed140
  4. Severe Threat removal

    in Windows 10 Software and Apps
    Severe Threat removal: I did a full scan of my laptop and a Trojan was detected. I selected to have it removed and 40 minutes later it still hasn't completed the task. Is there a problem? https://answers.microsoft.com/en-us/windows/forum/all/severe-threat-removal/46aed1f3-cb71-4da2-8281-c85d177ed140
  5. windows defender not removing threat

    in AntiVirus, Firewalls and System Security
    windows defender not removing threat: today windows defender has found a threat with high severity, i clicked on the remove option and clicked "start action", nothing happened; i also tried running some quick scans and a full scan, still nothing. Also tried restarting my laptop but the threat is still...
  6. Threats identified by Windows Defender not removed

    in AntiVirus, Firewalls and System Security
    Threats identified by Windows Defender not removed: Hi, my OS is Windows 10 Pro 64bit Version 2004 Build 19041.450. After performing a full scan of my SSD, Windows Defender identified a number of threats such as APP:CDisplayEx_BundleInstaller, PUA:Win32/Vtools, PUA:Win32/InstallCore, PUA:Win32/SystemChecker,...
  7. WINDOWS DEFENDER IS NOT REMOVING THREATS

    in AntiVirus, Firewalls and System Security
    WINDOWS DEFENDER IS NOT REMOVING THREATS: I'm having a problem with Windows Defender the threats found after I ran a full scan that last maybe around 10 hours cannot be removed by windows defender. I selected the remove option and it shows processing but after a while the threats are still listed and active. I...
  8. removing threats with windows defender

    in AntiVirus, Firewalls and System Security
    removing threats with windows defender: So iv chosen what actions to perform which are to remove and made no action on the threats blocked as i dont want them to be allowed to stay. So how do i tell windows to caring out these actions? Im currently looking under Protection history...
  9. Windows Defender Stuck while removing "Threat"

    in AntiVirus, Firewalls and System Security
    Windows Defender Stuck while removing "Threat": It discovered a thread which isn't a real threat. Now it is stuck for an hour trying to removing it, while it is not progressing at all and at the same time it wastes 25% of my CPU constantly. I can't terminate the process either, not even as administrator. The only thing I...
  10. severe threat is windows defender?! What?!

    in AntiVirus, Firewalls and System Security
    severe threat is windows defender?! What?!: I dont get it is this false positive? [img] 60008