Jump to content

Remove Trojan (windefender.exe + rss)


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hi. That is good to know.  :D 

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.

 

Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

and save the tool on the desktop.

If Windows's  SmartScreen block that with a message-window, then

Click on the MORE INFO spot and over-ride that and allow it to proceed.

This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward

Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.

You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Link to post
Share on other sites

Thanks. Go to Windows 10 Settings. Then to Programs & Features.   If you see "Sophos Virus Removal Tool " as an installed program then Uninstall it.

It is no longer needed. Also, delete the Sophos download file.

.

 On this next step, just only take a few seconds .

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center 

 

Click the Security Tab. Scroll down to 

"Windows Security Center"

 

Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center".

{ We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. )

Exit the program when done.

We will do more later.

Edited by Maurice Naggar
Link to post
Share on other sites

Take a look at this list of add-on programs / apps / applications. There are several that need updates.

OpenOffice 4.1.6 v.4.16.9790 Warning! Download Update

WinRAR 5.61 (64-Bit) v.5.61.0 Warning! Download Update --

WhatsApp v.2.2049.10 Warning! Download Update

 

Zoom v.4.6 Warning! Download Update

Link to post
Share on other sites

  • Solution

OK. The following is important to insure that the Windows 10 Operating system is all up to date & that Windows Update works.

 

open your Windows Update settings (Settings > Update & Security > Windows Update) and select Check for updates

Be sure to accept all security updates if offered.

If offered the new Windows Feature update, click on Download and Install.

Keep me advised.

 

  • Thanks 1
Link to post
Share on other sites

That is terrific. :cool:

Now, It would be a great time to do a Quick scan with the Microsoft Defender.

Click the Windows Start menu button on the Taskbar, select Settings icon. Then choose Update and Security.

 

In Windows Settings >>> click on Windows Security from the left side list.

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

 

next click on the line in blue Scan options 

Do a Quick scan.  Let me know the results.  And let me know if you need other help.

I will guide you on cleanup of tools we used when we are all done.

:D

  • Thanks 1
Link to post
Share on other sites

Windows scan didn't find new threats, but there were some locked out file, which he passed to scan i think. Can i just delete them and it's fine? I made a screenshot of it.

And in the "Notifications" section are several things that say, they are being launched, but they don't launch. (2nd screenshot)

locked out files.png

Visual C is starting.png

Link to post
Share on other sites

Due to the language difference, & the way the Defender displays, I cannot tell if the list is about old findings. or if these are new.  But the first 4 listed on the white screen are old.

Let's be careful. Let's get a new report with FRSTENGLISH.

Right-click on FRSTENGLISH.exe and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.

 

_Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._

Click YES when prompted by Windows U A C prompt to allow it to run.

Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.

Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

 

Click Yes when the *disclaimer* appears in FRST.

The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

 

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).

Press Scan button and wait.

The tool will produce 2 logfiles on your desktop: FRST.txt , Addition.txt 

Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

 

Please attach these 2 files to your next reply.

Thank you.

Link to post
Share on other sites

Thank you for the fresh reports.  On these, the last notable events noted by Microsoft Windows Defender were on the 18th.  Not yesterday.  Not today.

.

I would like you to use the Windows Powershell & to do the 2 commands like listed in this one post of mine.

https://forums.malwarebytes.com/topic/261558-issues-with-start-button-and-taskbar/?do=findComment&comment=1393840

 

 

Let me know about this.

 

 

Link to post
Share on other sites

After "Start-MpScan"  it began to scan. After it went back to the first line i copy pasted "remove-mpthreat" and tapped Enter, but nothing happend, just a new line appeared for typing. Then i closed Powershell.

Link to post
Share on other sites

I think there could be a translation issue.  What I guess there is, perhaps, that those are exclusions.

When you have time & opportunity, the following is intended to query the system & export out information details about "exclusions" that may be  present for Microsoft Defender antivirus.

 

This will not take a lot of time.

 

On the Windows taskbar , on the Windows search box, type in

cmd.exe

and then look at the entire list of choices, and click on Run as Administrator.  

 

Once the Command prompt window is up, copy > paste the line in the code-box below into the command-window.

 

It is best to use COPY & Paste for the following 

 

reg export "HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows defender\exclusions" "%USERPROFILE%\Desktop\REXFILE1.txt

 

Tap Enter-key on keyboard to proceed.

 

After completion, type in 

 

EXIT

 

This run will produce a file on the Desktop named Rexfile1.txt 

 

Please attach that with a Reply here.

Later on, I will review & guide you further.

Link to post
Share on other sites

Did you fully copy all 4 lines exactly as is ?

The other thing is:

Your language setting is German.  I only know English.

Schutzuverlauf means "protection course ".

Now, I wonder if that last screen picture is about history of old detections.

1.  I need you to translate the top 4 middle lines on your picture.

2.  Look at the middle list.  One at a time, click on the shield icon in blue.  Then see if there is a option to Delete the old history.

Link to post
Share on other sites

Sorry, which 4 lines? I had to copy just the 1 long line, no? I've made a picture of what i copy pasted.

Yeah sorry for making it more difficult for you again. I'll try to explain better.

 

1. The window shows the "Protection History". i found the same window, but in english. It's not mine, just a random picture from the internet.(2nd picture)

Unter "All recent items" it says:

1st line

"maintenance incomplete" - "serious"

2+3+4th line

"threat blocked"                 - "serious"

 

2. No, there is no option to delete them. I can only select allow for 2 of the "serious" marked. The rest have no option at all.

 

Bild_2021-04-21_011328.png

protection history.png

Link to post
Share on other sites

That section of Defender is History (of old detections ).

Start a Elevated Powershell command prompt-window.

 

On the Windows taskbar, on the Search box, type in

powershell

Wait and look for the results list. Click on the line that shows Powershell with "Run as Administrator".

 

Then you will see the Powershell window.

 

Into that, we want to Copy & Paste 

Set-MpPreference -ScanPurgeItemsAfterDelay 2

 

Then press ENTER key on keyboard to proceed.

When done type in 

EXIT 

.

The specified number 2 is the number of days after which the protection history log and items in the log folder will be cleared.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.