Jump to content

MS Defender flags Msedge


Recommended Posts

So i have recently, maybe a week, had some unexpected behavior (freezes, launches, etc.) and then this morning Edge (my primary browser) was just gone and Defender showed Trojan found but not remediated (pic attached of one view, at least name is there if not all details).   I tried scans with MB and normal Defender finding nothing but a few weird things Virus still shows in history, for the first time ever System Restore failed/errored out, and Defender Offline runs but then is cancelled somehow programmatically, maybe the virus' work, and finally whenever I try to Windows Update just for a brief second, less than actually, I see updates available, or even some sort of bold red message, but then the screen sorta flashes and it says No Updates All Good (my verbiage obviously but you get the idea).

I'm really freaking as i need this PC for work reasons and it seems this problem, or associated have been with me for awhile and are starting to get worse.  Oh and I have done a Repair Install, created a new user profile, etc. with no joy ... Just wanted to ensure any assistance would be provided knowing I tried my best and didn't just run straight here.

89GEEiwbOE.png

Link to post
Share on other sites

Hello     :welcome:

My name is Maurice.  Let me know what name you prefer to go by.  I will guide you.

I need a report set for review.   This is a report only.

Please download MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

_mb_attach.jpg

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along.

Link to post
Share on other sites

By the way, do not be "flustered".  Have confidence, remain calm.  This is solvable.  First thing I need are reports from above in order to see where the flagged file is (location) & name.

By the way on the Virus & Threat Protection screen, notice the "Start Actions" button.  Click it & follow the prompts to Remove the threat.

Edited by Maurice Naggar
Link to post
Share on other sites

Thank you for the calming words first of all!  I am Brandon and please feel free to call me same.

Attaching what you requested.

I did try the Start Actions process but nothing was there (after pushing that is)...?

Currently shows the two items as the two screenshots attached show,

 

And I can't say enough:  Thank you SO Much!

 

ApplicationFrameHost_oThnpOuyu5.png

ApplicationFrameHost_UpCC05BRpP.png

mbst-grab-results.zip

Link to post
Share on other sites

Hi, Brandon.  Being steady & calm & methodical is what is called for.

If the Virus & threat protection section of Windows Defender only showed "allow" then Exit out of those settings screens.  We will use other tool from Microsoft.

[    1     ]

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

[    2    ]

Next, I suggest a new scan for virsuses & other malware.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

Once after the download is saved & before pressing the "scan" I would ask that you Close the EDGE browser.

Look on Scan Options & select FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

 

Let me know the result of this.    This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply.

P.S.  Do not take other actions or make any other changes without checking with me first.   I will be guiding you.   We will do other steps later.

Edited by Maurice Naggar
Link to post
Share on other sites

After the run of the Safety Scanner has been completed, these are some actions to take for the EDGE browser. They will not take much time.

I noticed in the reports that the EDGE browser is set to "restore previous session".  In a case such as this one here, that will lead to a circular repeating tagging of EDGE browser by the Microsoft Defender antivirus. Hence we will need to remove the setting for "restoring previous pages" and instead pick to just "new tab page".
Open Edge browser. Click the More icon (the triple dot ...  ) and then click Settings.
At the section titled "Open Microsoft Edge with", select "New Tab page" option.
Apply that.

Next, you want to delete all Cache files & all history on Edge. That is, browsing history, download history & cached images & files.
https://stackhowto.com/how-to-delete-browsing-history-on-microsoft-edge-in-windows-10/

After that is done, do a EXIT out of Edge browser. When that is done, the Edge browser should be in a better state.  Let me know when this is done.  We will do other steps, after this.
 

Link to post
Share on other sites

  • AdvancedSetup changed the title to MS Defender flags Msedge

Okay M, I am on the list of provided actions; I will perform these, and no other, and post requested as soon as I see it is available.

Thank you so much, I am definitely feeling a bit better about the situation now!

 

 

PS: Oh couple more irregularities just started occurring: Taskbar seems like possessed for lack of a better term, it locks and unlocks when it wants (not auto-hide, actual locking) and will not allow me to do either; also color all of a sudden crazy.  These things just started occurring.

Back as soon as I have the requested.


B

 

Link to post
Share on other sites

Allow the Safety Scanner to finish.   That is job one.  Then you can do the 2 tips.  And after, I would advise to do one Windows RESTART.

Then be sure to provide the Safety Scanner log.  I need to review it.

The Safety Scanner log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply.

.

Dont fret over the taskbar.  A Restart should help.  and there are Windows keyboard shortcuts you can use to navigate with.   

Winows-flag-logo-key + D  to get to desktop

Windows-flag-logo-key +T to get Taskbar

As I noted before, we will be doing more later.

( more Windows shortcut keys    https://www.techrepublic.com/blog/windows-and-office/the-complete-list-of-windows-logo-keyboard-shortcuts/

Link to post
Share on other sites

Apologies for how long it took to get this back to you work called me away.   :(

Attached is the msert log; I did stay up and watch it for a few hours and saw "Infected files" get  as high as ~18 before the final verdict of 0...?  Also, I did all you asked with Edge including it being shut during msert, as well as the windows reset (and recently creation of a new user profile, that was right before reaching out to you).

That being said the odd or "possessed" behavior is definitely seeming to amplify.  :(

As to Edge by the way, I have suspected it to have some issues if not being at the root for awhile; somewhat 'just a feeling' but also it behaves erratically and while doing things like setting up Start Menu/shortcuts I swear there are multiple, totally separate, but not always seen, instances of Edge on my pc at times.

Anyhow sorry so long and I am front and center, (and doing best to stay calm even though seeing some odd behavior) for any additional instruction; thank you again so much M!

 

msert.log

Link to post
Share on other sites

Thanks for the MSERT log.  The Safety Scanner reports 

Quote

No infection found.

By the way, about what you "saw" on intermediate displays of the Microsoft Safety Scanner,  I would like you to review the remarks by AndyDavid about all that on this Microsoft community venue https://docs.microsoft.com/en-us/answers/questions/326108/mar-1721-msert-detects-items-during-scan-but-at-en.html

Also, the post by EricYin of Microsoft  ( just below that section)
 

Quote

if nothing reported in %SYSTEMROOT%\debug\msert.log, that means no infections.

.

This next run will not take a lot of time.

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then be sure to close all web browsers.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

There does seem to be some sort of complication in or on Edge browser.   Hopefully, the run of Adwcleaner will help.

Link to post
Share on other sites

Yeah I had came across at least on of those articles while doing a little reading up on the results, or lack thereof, so I understand what they're saying (though a, 18 struck me as high, and b, were I a "good" bad guy I'd read these same things and do my best to circumvent).

Just odd because some of the let's say anomalous activities on my pc just seem to be happening more often and a reset didn't help, actually it did a little I think but only briefly.  And Defender alerting to a Trojan, but then responding oddly (the weird flashing screens where I clearly see a different unaltered screen 'behind' what's displaying, i.e. that VERY odd Update behavior I described briefly previously etc.) has happened a couple of times now and has seemed to immediately precede the funky behavior (definitely seems Edge related but as it is really the main way in/out of the "real world" I guess that's to be expected?)

 

Anyhow requested is below, I did not delete Quickset yet as I understand it to be essential to my Tablet function working correctly, though maybe this is referring to an altered / malicious version or something I do not know, I wanted to wait for your take (*Actually that just rang a bell of something else odd I had totally forgot about: Please look at the attached picture for simplest explanation, I have NEVER seen something like that in Windows environment.)

 

Apologies again for the length I know you're super busy I just wanted to make sure you have a sense of where I 'think' things stand on this end.

 

Thanks an absolute million again Maurice!

Quickset_Screenshot .png

AdwCleaner[S06].txt

Link to post
Share on other sites

Hello, Brandon.

About the last Adwcleaner run.  It did not find anything malicious.  and that is fine. The "Dell Quickset" being from Dell, we can ignore that.  We are finished with Adwcleaner.

And the screen grab section on Windows "Power Options"  does not have a bearing on the issues at hand. And beyond that, we have to keep things in focus & with proper perspective.

The EDGE browser seems to be a central factor.  Though perhaps there may be other separate Windows-related quirks also at play.

Potential infections are a separate consideration.  Our main goal here is to insure thare is no malware infection.  What we are mainly pursuing is relates to EDGE browser and why something is being flagged by Microsoft Defender.

I have a custom script below whose main aim is to help a bit on Edge ( like clearing the history cache). I hope that the run will run in under 55 minutes ( speed purely depends on the hardware).

We will use FRSTENGLISH.exe  on Downloads folder to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  Elguapotorres  only / for this machine only.

 

This custom script has some specific things, plus some general aspect to help the system overall.

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.    It will run the Windows DISM tool to check the system. It will also reset the Windows Winsock. It will attempt to get latest update for Microsoft Defender.

NOTE-2:  Avast antivirus is no longer installed; however there are a bunch of scheduled tasks left listing Avast that will be removed.  Also some other scheduled tasks for ESET Online scanner that need removing.

  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   user Downloads  folder

Fixlist.txt

 


Start the Windows Explorer and then, to the Downloads   folder.


RIGHT click on  FRSTENGLISH.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


We will do more after this.  Persistence & patience are called for here.

Stick with me because there will be more for later.

Link to post
Share on other sites

Thanks. The run went well. And the System File Checker (SFC ) found no issue. Also, the DISM reported no issue.

At this point, please run a Windows Update >>> Check for Updates.

From Start menu >>> Settings ( gear ) icon >>> Update & Security >>> Windows Update >>> Check for Updates

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.