Maurice Naggar Posted January 17, 2021 ID:1432855 Share Posted January 17, 2021 Give this a try ( assuming that your Windows 10 Settings are the normal default) to get to a ELEVATED Command Prompt To Get the elevated command prompt, press Windows-key + X key and then selected Command prompt ( Admin ) 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 17, 2021 ID:1432856 Share Posted January 17, 2021 It does look to me that the special run has completed. Look real good on the Desktop for the file myprefs.txt That is the one we need to see. 1 Link to post Share on other sites More sharing options...
gonzalo96 Posted January 17, 2021 Author ID:1432857 Share Posted January 17, 2021 When i don't run as administrator, it says access denied. ( i was just confirming.) then i rum as administrator, and it doesn't do anything honestly. I am checking my desktop too and nothing. Its not powershell right? When I press Wind + X it only shows me powershell + powershell (admin) Link to post Share on other sites More sharing options...
gonzalo96 Posted January 17, 2021 Author ID:1432858 Share Posted January 17, 2021 I recorded, please check if I am doing something wrong or if it’s just my computer that’s crazy. IMG_9443.MOV Link to post Share on other sites More sharing options...
gonzalo96 Posted January 17, 2021 Author ID:1432859 Share Posted January 17, 2021 Okay for some reason, this video that i filmed with my iphone, i can see it on my phone, but in my computer its just blank. Can you see it? Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 17, 2021 ID:1432860 Share Posted January 17, 2021 Tell me please. Normally, do you use the regular Command prompt ? ( or is yours set to use Powershell ? BUT I tell you that the screenshot you relayed of the Command prompt run "looked" like it worked. Tell me, which are you most familiar with, Command prompt ? or Powershell ? 1 Link to post Share on other sites More sharing options...
gonzalo96 Posted January 17, 2021 Author ID:1432861 Share Posted January 17, 2021 I've used Command prompt a few times, only few times. I don't think I've ever used Powershell... I really don't understand much about these two. It seems like it worked, but the file is nowhere to be found. maybe we can change the location to another place? Idk Link to post Share on other sites More sharing options...
gonzalo96 Posted January 17, 2021 Author ID:1432863 Share Posted January 17, 2021 Mine is set to use Powershell. Forgot to answer that question I apologize. Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 17, 2021 ID:1432864 Share Posted January 17, 2021 Let's see if you can do this and get a good screen-shot of the result. Copy and Paste this into a Command Prompt powershell get-mppreference Press Enter-key Iy takes a few seconds and then there should be a screen full of information. Can you grab a picture ? 1 Link to post Share on other sites More sharing options...
gonzalo96 Posted January 17, 2021 Author ID:1432865 Share Posted January 17, 2021 yes Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 17, 2021 ID:1432878 Share Posted January 17, 2021 OK. Thank you. These settings look OK. I do not see here something that prevents the GUI of the Windows Settings that affects the current issue. The issue is "why" the full display does not show on Windows Security / Virus & threat protection. However, that aside, the Windows defender service IS running. You should also be able to run a manual on-demand scan of Windows Defender antivirus by using Powershell. Start a Elevated Powershell command prompt-window. On the Windows taskbar, on the Search box, type in powershell Wait and look for the results list. Click on the line that shows Powershell with "Run as Administrator". Then you will see the Powershell window. Into that, we want to Copy & Paste a few specialized command lines. Do one at a time. Tap Enter after each one. Set-MpPreference -PUAProtection 1 At this point, before going any further, you want to Close and save any open work files / documents. This next command will initiate ( should initiate) a offline mode scan of Windows Defender. It should take something under 15 minutes total. Quote Start-MpWDOScan tap Enter-key to proceed. This likely will involve a reboot and at the end, should return you back into normal Windows. 1 Link to post Share on other sites More sharing options...
gonzalo96 Posted January 17, 2021 Author ID:1432879 Share Posted January 17, 2021 Okay just finished this process quite easily. The system it's already restarted. After the restart, i went to check again the Windows defender page. Still blank with that same message. Windows update, was trying to install again this same update: Atualização de Informações de Segurança para Microsoft Defender Antivirus - KB2267602 (Versão 1.329.2361.0) and may seem odd, but it stays at 0% and then dissapears and says ''updated''. but it never went from 0 to 100. Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 17, 2021 ID:1432887 Share Posted January 17, 2021 Hello. As to this last mention of Windows Update, I will be recommending that you seek assitance at Sysmative.com Forum. Just hold on, until later. Question that you should answer when you make your next reply. Was this computer always your own? Has your system ever been used at a comapny or organozation ? possibly one that had IT Support ? If the latter, it may be that the Support organization had Windows policies so that the computer ( as a endpoint device) had limited access ( by design ) to the Windows Defender GUI. . At this point, I would ask that you review a few Windows services for their status. Press and hold the Windows-flag-key on keyboard and tap the *R* key to get the RUN menu option. type in services.msc and press Enter key. Scroll down the list. Visually examine these services. Microsoft Defender Antivirus Service - it should show Running and set for Automatic start. Security Center -It should be running and set for Automatic (delayed) start. Windows Security Service - Running and set for Manual start. also, let us see about a different report: Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program. In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check". Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes. It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt. Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly! Exit OTL by clicking the X at top right. Attach the report files OTL.txt; & Extras.txt 1 Link to post Share on other sites More sharing options...
gonzalo96 Posted January 17, 2021 Author ID:1432892 Share Posted January 17, 2021 This computer has been always mine, bought for personal use. I could find: -Security Center - Automatic (delayed) and running Microsoft Defender Antivirus Service - Running and Automatic Windows Security Service - I couldn't find this one, maybe because of the translation to Portuguese... I found something that says: Microsoft defender antivirus network inspection service -> this one is set to Manual. I send print screens with this info. I am gonna finish now the other step of Old Timer. Brb Link to post Share on other sites More sharing options...
gonzalo96 Posted January 17, 2021 Author ID:1432893 Share Posted January 17, 2021 Here it goes the OTL files. Thank you advance Maurice! You're awesome. Extras.Txt OTL.Txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 18, 2021 ID:1432931 Share Posted January 18, 2021 What follows is only for this machine. We need to run an OTL Custom Fix. Double click on the icon on your desktop. Copy and Paste all of the following code into the textbox. Copy ALL the content of this code-box :OTL O4:[b]64bit:[/b] - HKLM..\Run: [SecurityHealth] C:\Windows\SysNative\SecurityHealthSystray.exe (Microsoft Corporation) :commands sc queryex securityhealthservice [Reboot] Push OTL will ask to reboot the machine. Please do so if asked. Click the OK button. A report will open. Copy and Paste that report in your next reply. 1 Link to post Share on other sites More sharing options...
gonzalo96 Posted January 18, 2021 Author ID:1432936 Share Posted January 18, 2021 I was having some trouble finding the report. I found it on the C:/ disk though I think. At least the date and time it's correct. It seems there was a problem reading the code. 01182021_110623.log Link to post Share on other sites More sharing options...
gonzalo96 Posted January 18, 2021 Author ID:1432937 Share Posted January 18, 2021 Can i remove these two desktop.ini files on my desktop? when i try they say they belong to the system, might chance something. Am I supposed to leave them there? They appeared now with the OTL Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 18, 2021 ID:1432958 Share Posted January 18, 2021 (edited) To your very last point, Yes you may delete the files named Desktop.ini ( just keep in mind it may impact the way things are arranged on the desktop. But you can always re-arrange to how you prefer. Desktop.ini files are just text-type files / They do not pose any threat. At this point I would like to get 2 new reports from the OTL. Find the OTL on the desktop. Right click the icon and Run as Administrator) to start the program. In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check". Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes. It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt. Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly! Exit OTL by clicking the X at top right. Attach the report files OTL.txt; & Extras.txt Edited January 18, 2021 by Maurice Naggar amended some remarks 1 Link to post Share on other sites More sharing options...
gonzalo96 Posted January 18, 2021 Author ID:1432979 Share Posted January 18, 2021 Sorry i tried everywhere but i can't fimd the ''Extras.txt''. Normally it goes to the same place as OTL.txt or to the past in C:/ folder. But its not there also. Can only send the OTL.text OTL.Txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted January 18, 2021 Solution ID:1432999 Share Posted January 18, 2021 Thanks for the OTL. I know this has been a very long saga. Thanks for hanging on with me. I think we may be about to turn the final corner. Next, I need you to run one more custom script fix. The main goal on this is to have a proper Securityhealthservice for this version of the Windows 10 OS. Find the old FIXLIST.TXT on Downloads folder & then Delete it. This custom script is for Gonzalo96 only / for this machine only. Lets do a new run with a new script. The system will be rebooted after the script has run. The custom Fix script is going to be used by the ENGLISHFRST tool. They will both work together as a pair. Please save the (attached file named) FIXLIST.txt to the Downloads folder The tool named ENGLISHFRST .exe tool is already on the Downloads Start the Windows Explorer and then, to the Downloads folder. RIGHT click on ENGLISHFRST.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. Do let me know how things are overall, after all this Fixlist..txt 1 Link to post Share on other sites More sharing options...
gonzalo96 Posted January 18, 2021 Author ID:1433016 Share Posted January 18, 2021 My friend, first of all, I am the one that should be thankful for you keeping the effort in this long matter. I seriously can't believe this, but it's working! The system has restarted and Windows Defender came back to life. You're freaking awesome I seriously have no words to thank you enough. Everyone was telling me to just make a reset and forget about this, it would be impossible. You made it possible. Thank you so much for helping me fix this issue, you are the man Maurice! I send a print screen of the success of this long effort of yours! Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 18, 2021 ID:1433025 Share Posted January 18, 2021 YAY ! That is great. I am very happy to read & see this. It has been quite a saga. And the last thing discovered was that about the status of a Windows service that is named SecurityHealthService. My theory is that a malicious element of a recent infection had set that to be off and out of the way on purpose. This case here seems to be a rare one. It is great to see this result. At this point, what you could do for me is to look at one or 2 of my most recent posts to you and look athe bottom RIGHT side and click on the Like button. What I need from you is to attach a copy of the Fixlog report file. Then to do a manual on demand scan with Microsoft Defender thru the Settings >> Virus & Protection GUI. Lets be sure it ca update definitions when you click a "Check for updates" and then do a Quick Scan with Defender. 1 Link to post Share on other sites More sharing options...
gonzalo96 Posted January 18, 2021 Author ID:1433049 Share Posted January 18, 2021 Hello again! Sure will do that for you! I can update it, although it's already updated, quick scan finished without any problem: 0 detected. Everything is green, everything is good man life is good now. I will send the Fix log report file. It's interesting to see how malware can be underestimated, at it was by me. Malware sure can't mess things up pretty bad. Glad there are geniuses like you Maurice. Hopefully the Fixlog is fine too! Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 19, 2021 ID:1433072 Share Posted January 19, 2021 Thank you for the log. I do appreciate your comments. Yes, some malware take extra oridinary measures to prevent their detection. I think we can wrap things up. Insure that you make a Backup of this system soon to offline baclup media. Here are a few steps to cleanup the tools I had you use. First for OTL. Find OTL. Start it. Look on the top far right side and click on the button "Cleanup". That will remove itself. For ENGLISHFRST: To remove the tool & its work files, do this. Go to your Desktop folder. Do a RIGHT-click on ENGLISHFRST.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Any other download file I had you download, you may delete. Stay safe. I wish you all the very best. Sincerely, Maurice Link to post Share on other sites More sharing options...
Recommended Posts