Jump to content

Recommended Posts

Thank you.

  • On the Windows taskbar , on the Windows search box, type in
cmd.exe

and then look at the entire list of choices, and click on Run as Administrator.

 

  • Once the Command prompt window is up, copy > paste the line in the code-box below into the command-window.
WMIC SERVICE WHERE Name="windefend" CALL ChangeStartMode "automatic"

tap ENTER-key to run that.

 

  • Next, copy & paste this whole line onto the command-prompt-window
WMIC SERVICE WHERE Name="windefend" CALL startservice

tap ENTER-key to run that.

 

  • When that completes, place your mouse-pointer on the top bar of the command-window

& do a RIGHT-click & choose  "Select all"
& then choose " COPY "

then into the next Reply box on this topic, right-click on the white box and choose PASTE
You may then close the command window

.

Next I would suggest you run a Update run on Malwarebytes for Windows.

Start Malwarebytes for Windows. Click on the Settings ( gear icon)

Now click on the tab "General". 

Then scroll up a bit. and then click on "Check for Updates " button.

 

Watch & follow all prompts.

 

That ought to do a check with the update server, and hopefully offer the newest component update.

Link to post
Share on other sites

Microsoft Windows [Version 10.0.19043.1023]
(c) Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>WMIC SERVICE WHERE Name="windefend" CALL ChangeStartMode "automatic"
Executing (\\DESKTOP-EBKPDUU\ROOT\CIMV2:Win32_Service.Name="WinDefend")->ChangeStartMode()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 2;
};


C:\WINDOWS\system32>WMIC SERVICE WHERE Name="windefend" CALL startservice
Executing (\\DESKTOP-EBKPDUU\ROOT\CIMV2:Win32_Service.Name="WinDefend")->startservice()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 8;
};


C:\WINDOWS\system32>

Link to post
Share on other sites

Please state some details on what you mean of the current issue as of now.   What exactly is it ?  Is it the Block notices from Malwarebytes web protection ?

If the latter is what it is, I need specific detail, such as IP  address or URL link  & whther a web browser is open  ( running).

Please ....always ...state for me the what , where, when, how & detail of what the current issue is.

 

and know that as of the last round, the real-time protections of Windows Defender are ON.

Link to post
Share on other sites

The anti-virus section of Windows security still shows real time protection as "off" and greyed out. Quick scan still hangs on 0:00 and 0 files scanned. 

It seems your test indicates Defender is running OK, but on my end this is not indicated. 

I have attached a screenshot.

screenshot AV.png

Link to post
Share on other sites

Hi.  Thanks for the screen grab.   Let me ask this. Is this a home computer ?

I notice that bottom line in red.

 

Let me ask this too.  Has this machine ever had a 3rd party ( non-Microsoft) antivirus ?  Like Norton or McAfee, or Avast or AVG, etc ?

Link to post
Share on other sites

Next action step, please.

This section involves saving  distinct file from a very very trusted source , saving them AS-IS , saving to the Desktop is preferred ( but if needed you may save to Downloads folder. Just be sure you know where.

Windows 10 SecurityHealthService

Once it is saved, then we are needing to merge the file onto the system, as follows

 

With you mouse, do a RIGHT-click on the  .reg  file  and select Merge

Let it do that & insure it finishes ok.  You should see a visual on-screen confirmation.
After this step is finished, do a Windows RESTART.
Once it is all settled back in, then do a new check on Virus & Threat protection.

Link to post
Share on other sites

I have followed your instructions.

Checking the anti-virus and Windows security panel yields the same result - quickscan is stuck at 0:00 and no files scanned, options are greyed out. 

Link to post
Share on other sites

If the MS Defender scan begins but then seems to stall or is stuck .....it may be due to some problem with the definitions it has, or perhaps even may not have at all.

Anyhow, this needs some digging into.  Hopefully we can get some good clues.   Lets do what follows.

There is a procedure to do a query, using Powershell.

Listed on this post of mine 

https://forums.malwarebytes.com/topic/273193-malware-deleted-my-windows-defender-service-and-has-admin-access/?do=findComment&comment=1456605

please do that & then attach.

 

Link to post
Share on other sites

Please see below for the requested PowerShell procedure. 

 

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Try the new cross-platform PowerShell https://aka.ms/pscore6

PS C:\WINDOWS\system32> get-mpcomputerstatus
get-mpcomputerstatus : Provider load failure
At line:1 char:1
+ get-mpcomputerstatus
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpComputerStatus:ROOT\Microsoft\...pComputerStatus) [Get-MpComputerS
   tatus], CimException
    + FullyQualifiedErrorId : HRESULT 0x80041013,Get-MpComputerStatus

PS C:\WINDOWS\system32>

Link to post
Share on other sites

Hello Ryan.

Sorry to see the repeat glitch with Powershell trying to get a status inquiry. Doing several searches online on Microsoft, it seems that one possibility as to source of that type problem is the need to re-register one DLL related to Microsoft's Net Framework.  We will attempt to do that in the new script below.

This script will also run a new check with the Windows System File Checker tool, plus also the Microsofot Windows 10 DISM tool.

That will be the custom script in the first section.   The second section will be to get a new / fresh copy of the Microsoft Defender service registry file & insure to merge it in.

Hopefully all told, at the finish of all this, that Microsoft Defender will fully be available when looking at the GUI section of the Security module. ( Virus & Threat Protection Settings )

[   1    ]  

The custom script on this post is ONLY for this machine and NO other.   

First, delete old Fixlist.txt on Desktop.

This new, latest  script Fixlist.txt  needs to be saved to the same folder that contains FRST64.exe   /  you have yours saved on Desktop

 

Fixlist.txt

 

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

 

The system will be rebooted after the script has run.

 

  • Start the Windows Explorer and then, to the Desktop folder.

 

RIGHT click on  FRST64.exe   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run

 the tool.

  • If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

  • IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

  • on the FRST window:

Click the Fix button just once, and wait.

 

PLEASE have lots  of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.

  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.

The tool will complete its run after restart.

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

[    2    ]  

This next links listed below is to  registry files that we need for you to SAVE as is to the Desktop

 

RIGHT click the link with your mouse-pointer and select SAVE ...as.... & guide the folder for saving to DESKTOP ( do not double click / do not 'run' the file / nor open

Microsoft Defender Antivirus service 

Once it is saved, then we are needing to merge the files onto the system, as follows

 

With you mouse, do a RIGHT-click on the file windefend.reg and select Merge

Let it do that & insure it finishes ok.

.

RIGHT click the link with your mouse-pointer and select SAVE ...as.... & guide the folder for saving to DESKTOP ( do not double click / do not 'run' the file / nor open

Windows 10 Windows Security Center service

Save, then Merge Wscsvc.reg.     

With you mouse, do a RIGHT-click on the file Wscsvc.reg and select Merge

Let it do that & insure it finishes ok.

.

Now RESTART Windows & let it settle back on.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.