Jump to content

Only Defender full scan finds these trojans


Go to solution Solved by Maurice Naggar,

Recommended Posts

I had notes about Smart Screen / Windows Defender.

When it displays the block message screen

  • Click on the MORE INFO spot

image.png.9fa88ff579ec37923713583fff3bb47a.png

  •  
  • and  click "Run Anyway"   to  over-ride that and allow it to proceed.

image.png.46198491239417dcb40d1278bf43c338.png

 

  • The  tool is safe.        Smartscreen is overly sensitive.

 

 

 

Link to post
Share on other sites
  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

I didn't get as far as seeing the displays that you show here Maurice, as Defender would not even allow the app to be downloaded onto my PC. I'll disable SmartScreen and try again.

Link to post
Share on other sites

It looks like Windows Defender has falsely grabbed it as a "virus".   That is a false positive.  

Where is that exe file now?

Can you click on the triple dot ...

to look for some option to override ?

Link to post
Share on other sites

The "SecurityCheck.exe" file is not on my PC anywhere. 

I searched "This PC" for "SecurityCheck" with File Explorer, but it only found my "SecurityCheckDownloadProblem05july2020.jpg" file from about and hour ago.

The only option offered by the three dots is "copy download link" - I tried pasting this into a new EDGE tab, but again the download was blocked.

Stumped!

SecurityCheckDownloadProblem05july2020#2.jpg

Link to post
Share on other sites

Lets have you go into Windows'   Settings

then   to “Virus & threat protection”.

then  to look for ‘Protection History

We want to look for some entry about "SecurityCheck"

If you see the SecurityCheck is in quarantine,   see if you could use the Restore option to get it out of there.

.

IF no joy or you do not see it there, it is either a situation of once more, disabling  ( temporarily ) a setting,

or else, we scratch the idea of trying to use the SecurityCheck.

This tool is safe.   I very much regret that you have run into these false positives.

Link to post
Share on other sites

Example of "Protection History" entry for this app is shown below AND that the "Action" to "Allow" is available if wanted, so that's what I've done, with the result also shown below.

I'll now try to download the app again, see what happens and let you know.

Regards, Steve

SecurityCheckDownloadProblem05july2020#4.jpg

SecurityCheckDownloadProblem05july2020#3.jpg

Link to post
Share on other sites
Posted (edited)

This is way to much involved.   However, do you see that Action button at the bottom ?   Does it allow you to restore it  and then use it ??

Use the ALLOW button  that is offered when you click on Actions.

Edited by Maurice Naggar
Link to post
Share on other sites

Hi Maurice, I'm afraid I'm not comfortable to use the "Allow" on this last threat detected, as it seems to me that its the Trojan I'm allowing and not necessarily the app itself - and once I've allowed a Trojan, or a PUA in the case of the previous "Allow" I did, how can I cancel that at a future time?

ALSO, I ran another Defender Full Scan overnight that has now found yet another "Potentially Unwanted Software" as shown below.  I have now quarantined this and Protection History is showing as "App Blocked".

Regards, Steve

 

WDFullScan05july2020.jpg

Link to post
Share on other sites

Hi Steve.

We can just scratch the entire suggestion to run the SecurityCheck tool.   Lets forgo that.  Though I must say that the tool is safe.  I have used it on my own system,  As have countless folks.

On this last finding by the Windows Defender:  note that it is on the Cache area of the EDGE browser.

Go into Edge.  Delete all Cache files.  You can do that from the icon-menu of Edge,  Or use the shortcut keys to bring out the Option to Delete.

SHIFT + CTRL +Delete  keys.   ( Tick the 4 boxes like these  >>> Press Clear button )

image.png.e356cd399c8671b69f36807e0d52cc7d.png

Link to post
Share on other sites

After clearing the EDGE cache & history, etc  as above ^^^^

then lets do what follows to clear out / remove all threats found by Windows Defender.

Start a Elevated Powershell command prompt-window.

On the Windows taskbar, on the Search box, type in

powershell

Wait and look for the results list.  Click on the line that shows Powershell with "Run as Administrator".

Then you will see the Powershell window.

Into that, we want to Copy & Paste

remove-mpthreat

tap Enter key.

Close the powershell window.

Link to post
Share on other sites

Ok Maurice, My version of EDGE came up with a different display than the one you've shown above, but I think I've done what you asked for - images below.

I've also run the Powershell command you gave.

Regards, Steve

EDGEClearBrowsingOptions06july2020#2.jpg

EDGEClearBrowsingOptions06july2020.jpg

Link to post
Share on other sites

Allright.   Thanks.   The Edge cache & history is cleared.  Very good.   ( though you did not need to delete cookies.   But that is ok)

The Windows Defender will have dealt with all recent prior threats.  That is like having a fresh slate.

Link to post
Share on other sites

Thank you Maurice, I'll run daily Defender Full Scans for a few days, see what arises (last night's was clear) and let you know.

Regards, Steve

Link to post
Share on other sites

You should only do the Full scan one time.   It is not necessary to do it more than that.  The Windows Task schedule will have one daily scheduled scan for Windows Defender.

 

I do not believe your system currently has any threats.  And alas, the prior attempts to run independent scanners ( like ESET Online scanner or DrWeb were halted by over-zealousness by Windows Defender).

Link to post
Share on other sites

PS.  After-thought.  The system ought to be able to run the Microsoft Safety Scanner without complaint.

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

The log is named MSERT.log 

the log will be at   C:\Windows\debug\msert.log

Please attach that log with your reply.

 

Link to post
Share on other sites

Ok Maurice, I've run Microsoft Security Scanner and it has come back all clear for viruses, spyware and PUA, although when I look at the log file I see lots of "->Scan ERROR: resource process:" entries. Does this mean that some files didn't actually get scanned?

Also, I see that the log file now includes a previous scan that I did, with similar Scan ERROR entries.

Regards, Steve

msert.log

Link to post
Share on other sites
  • Solution

No infection found as part of the extended scan

Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Wed Jul 08 12:13:59 2020

 

That is a fine result.  The notations  & exception lines are normal  and do not mean there is any need for concern.  These are peculiar to this tool.  Seen all th e time.  This system and this scan is fine.

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.