Jump to content

Windows Defender has gone missing


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello, Hope you all having a great day . so, I have been attacked by malware and my windows defender is gone, tried all sort of solution but nothing worked, have tried following the instructions as mentioned in this forum :https://forums.malwarebytes.com/topic/266996-woke-up-to-find-windows-defender-was-deleted/   " still didn't worked for me please help.

Screenshot (2).png

Malwarebytes.txt 11.txt

Link to post
Share on other sites

Hi, KrisRonaldy ...and :welcome:

 

Please download the Farbar Recovery Scan Tool and save it to your desktop --> IMPORTANT.

Note: You need to run the version compatible with your system.You can check here if you're not sure if your computer is 32-bit or 64-bit

 Note:  Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

  • Double-click to run it. When the tool opens click Yes to the disclaimer.

  • Press the Scan button.

P5SbdZMgD0LXjxa9CY8hUt97QKuTCvadT0fyOEBMTMyF6vfm809W3j-4puHGcl8qpl2IlhuAMss0tBqvAqv07nqVojZi-aDzsx046Nu3GgmRE1LipK5_ObV_5nq7eZiCQky-4nJi

 

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


 

Edited by icotonev
Link to post
Share on other sites

Uninstall a Program

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program(s) on the list:
Quote

SearcherBar

 

 

Please run the following fix:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Edited by icotonev
Link to post
Share on other sites

Quote

PUP.Optional.Avanquest, C:\USERS\SWAGZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_0001E6, No Action By User, 1492, 904416, 1.0.41325, , ame, , 033E724020A1E02C51F2CA9A6F3E572B, BA4AE96033D47014A3785389579487E3CCC1FB6574451B372BA49B9310391277
PUP.Optional.DriverPack, C:\USERS\SWAGZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000225, No Action By User, 670, 884769, 1.0.41325, , ame, , B2E44D9A821A3CA7E7BE9C61033569C7, FA5BA472C2F3629AE581F19D03990265F3A121E00E6EB551147C092BDC7AE5C1
PUP.Optional.QuickSearcher.ChrPRST, C:\USERS\SWAGZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 2394, 526588, , , , , 7E38DB79C2C633DC53011E7509F303D2, 45C546B11E88ABB28EB696B2D4A9D31A4820E4CFED1C03FB0932E1091841ADD1
PUP.Optional.QuickSearcher.ChrPRST, C:\USERS\SWAGZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 2394, 526588, , , , , 81693DF6764425F13E7567A60E6144D8, A27D13E1D90862B4446ADA0B46EB58E7320907CF5039CD1B364E769C8638A7B3
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\swagz\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log, No Action By User, 2394, 526588, , , , , 6E70424E4480A715E3C3969E94F0D000, 1031F4F5DB7BA7CA7ECFCDF17887A0A20AA2E19C19AC0E395BF998BEF360C2DE
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\swagz\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 2394, 526588, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\swagz\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 2394, 526588, , , , , , 
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\swagz\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 2394, 526588, , , , , 4C7B731C579FEEF277BD53143AF21736, 02BDDFE5C67176AE87A5752FF4C7C494D0488D64931B31C53A263718213CE7AA
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\swagz\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 2394, 526588, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.QuickSearcher.ChrPRST, C:\USERS\SWAGZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 2394, 526588, , , , , 81693DF6764425F13E7567A60E6144D8, A27D

 

Тhanks..! Sorry, when you scanned with Malwarebytes, you didn't take any action ... to do so:

 

Malwarebytes Anti-Malware

 

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

 

 

Run AdwCleaner (Scan mode)

 

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

 

Microsoft Safety Scanner

 

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

  • The download links & the how-to-run-the tool are at this link at Microsoft:

 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

  • Please let me know the results of this scan.
  • The log is named MSERT.log
  • the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is C:\Windows\debug\msert.log
  • Please attach that log with your next reply.
Link to post
Share on other sites

1 hour ago, icotonev said:
  • Once the scan is completed make sure you have it quarantine any detections it finds
 
Again, you didn't do that ..! 😀
 
 

AdwCleaner (Clean mode)

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
  • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
  • Check any pre-installed software items you want to remove.
  • Click Quarantine.
  • A prompt to save your work will appear.
  • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
  • Click Restart Now.
  • Once your computer has restarted:
  • If it doesn't open automatically, please start AdwCleaner.
  • Click the Log Files tab.
  • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

 

In your next reply, please post:

  1. The AdwCleaner[C0*].txt
Link to post
Share on other sites

As you mentioned above ; 

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

That's why id dint Quarantine anything but sorry. 😅

 

I did a scan and quarantine them. here is the result.

AdwCleaner (Clean mode)

AdwCleaner[C01].txt

Link to post
Share on other sites

 
Would you do the following scans for me:

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Link to post
Share on other sites

Hi, KrisRonaldy...because it's too late, it's 11:00 PM for me. I'm pretty tired ...! I suggest we continue tomorrow ..! For now, just one more thing:

 

Fresh FRST Scan

You should still have FRST64.exe on your Desktop, if it is not here, copy it here!

  • Please close all open programs and windows.
  • Right-click FRST64.exe and select "Run as administrator..." to run it.
  • When the tool opens click Yes to the disclaimer if it is occurred.
  • Please be sure that 90 Days Files check box under Optional Scan section is checked.
  • Please be sure that Addition.txt check box under Optional Scan section is checked.
  • Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
  • Please post the content of the both FRST.txt and Addition.txt in your next reply.
Link to post
Share on other sites

Good morning..! Yes, the system is clean, but we need to restore the consequences ..in your case a damaged windows defender..! 

 

Please do the following:

 

 

Tweaking.com Registry Backup

  • Download Tweaking.com Registry Backup from here, and save tweaking.com_registry_backup_portable.zip to your desktop.
  • Now we need to create a new folder to extract the zipped contents into. Right click on the zipped folder you just downloaded and select "Extract All".
  • Click the "Browse" button and from the list, expand "Computer", then expand "Windows (C:)", and click the "Make New Folder" button.
  • Call this folder something you will remember...like "RegBackup" then click "Ok", and then click "Extract".
  • From the newly extracted files, right click on hPxdDvj.png and select Run as Administrator (XP users just double click) to start Tweaking.com Registry Backup.
    (Windows Vista/7/8 users: Accept UAC warning if it is enabled.)
  • A screen like this should appear:
    wol_error.gif

    This image has been resized. Click this bar to view the full image.


    60piPeq.png
  • Type a custom name in Backup Name if you want, then choose Backup Now.
  • If backup is successful, a message will appear at the lower half of the screen with an option to view logs.
  • The registry backup will be created in %WindowsDrive%\RegBackup by default. You can customize the path in Settings.
  • Close Tweaking.com Registry Backup when done.

 

 

VERY IMPORTANT* 

Registry Script

  • Download the attached files (SecurityHealthService , wscsvc.regwuauserv.reg and windefend.reg) and save them to your desktop.

  SecurityHealthService  

 wscsvc.reg 

wuauserv.reg

windefend.reg

  • Double-click SecurityHealthService
  • Allow the information to be merged into the registry if prompted. (click Yes)
  • Restart the computer.
  • Repeat the process for  wscsvc.reg
  • Restart the computer.
  • Repeat the process for wuauserv.reg
  • Restart the computer.
  • Repeat the process for windefend.reg
  • Restart the computer.

 

Re-scan with Farbar Service Scanner

  • Right-click FSS.exe on your desktop and select Run as Administrator.
  • Check the following boxes:
Quote


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

---------------------------------------------------

In your next reply, please include:

  • FSS.txt
Edited by icotonev
Link to post
Share on other sites

thank you.! But before doing I just don't get this line. "

Click the "Browse" button and from the list, expand "Computer", then expand "Windows (C:)", and click the "Make New Folder" button

 

Do I need to create a Folder in "Windows C" and extract tweaking.com_registry_backup_portable.zip?

Here what I did.

1213964747_Screenshot2021-06-06123437.thumb.png.f955ca73d7cace45dbe80d0ccc9a95bc.png

 

 

Please tell me what I am doing wrong before I run hPxdDvj.png

Link to post
Share on other sites

Unfortunately the fixes didn't work..Something prevents this from happening ..?!? Very strange...! Has any antivirus software been installed besides windows defender (For example Аvast)..?

 

 

Fresh FRST Scan

You should still have FRST64.exe on your Desktop, if it is not here, copy it here!

  • Please close all open programs and windows.
  • Right-click FRST64.exe and select "Run as administrator..." to run it.
  • When the tool opens click Yes to the disclaimer if it is occurred.
  • Please be sure that 90 Days Files check box under Optional Scan section is checked.
  • Please be sure that Addition.txt check box under Optional Scan section is checked.
  • Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
  • Please post the content of the both FRST.txt and Addition.txt in your next reply.
Link to post
Share on other sites

Hello KrisRonaldy.   My name is Maurice.   pardon the seeming intrusion here.   Just want to suggest that a pre-existing Task for Avast (seemingly from 2 days ago) be deleted.  That thing should be removed.

On this system, look for this folder

C:\WINDOWS\system32\Tasks\Avast Software

If still there, then Delete that folder and any of its content. 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.