Jump to content

I have several allowed threats that I cannot delete


Recommended Posts

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.

 

Go to the saved file, and double click it to get it started.

 

When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.

Link to post
Share on other sites

Additional notes & remarks.

The ESET scanner will look for viruses or malware.  It is a well known & respected tool. We use that as a way to get independent virus check.

Your system uses the Swedish language ?   Please advise.

Further, I need for you to rephrase your original problem description.

Are you saying that the items flagged by Microsoft Defender are exclusions ?

Or, I unhandled repeat items found by Defender ?

Link to post
Share on other sites

Hello there!

To answer some of your questions:

Yes they are flagged by windows defender under "Allowed threats" so exclusions, and cannot be removed, since when I do they just pop back up instantly.

Swedish is the language yes

Link to post
Share on other sites

Then those 2 scans indicate there is not a virus, or malware.

.

As a next step, to checkout your system a bit more, a new scan with Sophos.

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...

 

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

Copy and paste the results in your reply

Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

If no threats were found please confirm that result....

 

The Virus Removal Tool scans the following areas of your computer:

 

Memory, including system memory on 32-bit (x86) versions of Windows

The Windows registry

All local hard drives, fixed and removable

Mapped network drives are not scanned.

 

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

 

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Link to post
Share on other sites

Good morning.  When you have time & opportunity, the following is intended to query the system & export out information details about "exclusions" that are present for Microsoft Defender antivirus.

This will not take a lot of time.

On the Windows taskbar ,  on the Windows search box,  type in

cmd.exe

and then look at the entire list of choices, and click on Run as Administrator.  

 

Once the Command prompt window is up,   copy > paste the line in the code-box below into the command-window.

It is best to  use COPY & Paste for the following 

 

reg export "HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows defender\exclusions" "%USERPROFILE%\Desktop\REXFILE1.txt

 

Tap Enter-key on keyboard to proceed.

After completion, type in 

EXIT

This run will produce a file on the Desktop named Rexfile1.txt 

Please attach that with a Reply here.

After this, I will review & guide you further.

Link to post
Share on other sites

Thank you & bravo. All of the exclusions on the policies for Microsoft Defender are PATH Exclusions.  There are at least 2 things that need doing. First is to get the exclusions out of the registry.

Save the file Rexfiled that I am attaching to your Desktop.  Save it as-is .

Next, go to Desktop.  Right-click on it and select Rename ;

Rename it to Rexfiled.REG

Next, right-click on it and select MERGE 

and allow it to go forward and update the registry.

There should be a confirmation.

Keep me advised.  There is more to do.

Rexfiled.txt

Link to post
Share on other sites

Did you follow all of my last write_up reply ?

We need to save the attachment I sent .  Save it directly.

Then RENAME it with .Reg as the file extension. ( Leaving out the TXT .

The new name should be REXFILED.REG

Then you can just double click on file REXFILED.REG

That ought to start the merge operation automatically.

 

This is all independent of your original report file.

Any merge operation is on the system registry of Windows itself.

Link to post
Share on other sites

My preceding last file that I had attached is Rexfiled.txt

 

Make doubly sure you saved it to the DESKTOP.

Make doubly sure you Renamed it to 

Rexfiled.reg

 

That is so critical ! 

go to the Taskbar search box, type in

 

REGEDIT.exe

and press Enter-key

 

from Regedit menu bar, select File

then select IMPORT

 

navigate the dialog (click on DESKTOP icon on left to select it)

 

type in 

Rexfiled.reg

 the Filename text-box and click Open button.

 

Once the merge is complete, you will see a confirmation message.

Link to post
Share on other sites

Ok so I noticed that when I did rename it it just made the file as Rexfiled.reg.text but I instead opened the text file and did save as and then made it .reg

Now that that was done I hit merge and got this:

image.png.b2021a0f750df61b2ae801b535d72529.png

Link to post
Share on other sites

I regret to read this news.

We need to get a fresh readout report.

First we need to set your Windows to Show All files, folders, including hidden files.  Use this guide. 

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 

Please download the Farbar Recovery Scan Tool 64-bit and save it to your desktop.

 

Right-click on FRST64.exe and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.

_Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._

Click YES when prompted by Windows U A C prompt to allow it to run.

Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.

 

Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

 

Click Yes when the *disclaimer* appears in FRST.

The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

 

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).

Press Scan button and wait.

 

The tool will produce 2 logfiles on your desktop: FRST.txt , Addition.txt 

Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

 

Please attach these 2 files to your next reply.

Thank you.

Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.