Jump to content

Windows Defender no Longer working.


Go to solution Solved by Maurice Naggar,

Recommended Posts

So I need some help.

 

My Windows Defender stopped working.  

 

I followed most of the instructions in the below thread and I still cannot get it to restart or work.  

I ran the Microsoft safety scanner removed, got all the detected malware removed.

When I run cmd prompt as admin 

WMIC SERVICE WHERE Name="windefend" CALL ChangeStartMode "Automatic"

I get return value 2

 

When I run cmd prompt 

WMIC SERVICE WHERE Name="windefend" CALL ChangeStartMode "Automatic"

I get return value 8

Also my windows security at a glance screen is blank.  

Any help is appreciated!

 

Link to post
Share on other sites

Hello @Abe1947  :welcome:

My name is Maurice. We will start with getting a report.

This next is just a report to check on some Windows services  

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

  • Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
    Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file. 

Link to post
Share on other sites

The FSS report indicates that this Windows Operating system has 2 Windows services that are disabled. The 2 services are SecurityHealthService Service + wscsvc Service (Windows Security Center) .
These next steps are how to go about getting those back to standard-default for Windows 10 OS.
There will be 2 downloads, each one to be saved first, before applying.
 download, save, Merge for each of the other 2 services.

RIGHT click each link with your mouse-pointer and select SAVE ...as.... & guide the folder for saving to a folder ( do not double click / do not 'run' the file / nor open

win 10 SecurityHealthService 

With you mouse, do a RIGHT-click on the .reg file  and select Merge

Let it do that & insure it finishes ok.

[ 2 ]

Windows 10 Windows Security Center service

Save, then Merge Wscsvc.reg

With you mouse, do a RIGHT-click on the .reg file  and select Merge

Let it do that & insure it finishes ok. NEXT, please do a Windows RESTART. After that, wait till system is settled in. Then run the FSS report another time & attach report. Dont go away. We will need to do other checks.

Link to post
Share on other sites

Here is the next report to run. I am presuming this Windows is 64-bit.
Download & save a copy of the tool FRST64.exe ( Farbar FRST) from this link SAVE it to the Downloads folder. Do not click on any popup window. disregard the running ads.

Close the browser window when done with download. Close other open windows just to get a clear field of view on monitor-screen.

Go to Downloads folder. RIGHT-click on FRST64 and select 

Run as Administrator

and tap ENTER. And reply YES to allow to proceed.  

  •  When the tool opens click Yes to the disclaimer.  And be very sure to TICK the box for Addition.txt
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run
  • Have patience since the run may take something like 10 or so minutes  (less depending on your hardware speed)
  • Close Notepad IF those show up on Notepad.
  • Just please Attach the 2 files FRST.txt +Addition.txt  with your next reply.
Edited by Maurice Naggar
Link to post
Share on other sites

Stick with me. Meantime, do not do anything online until I give the all clear. No shopping, banking, games, web-surfing, etc

Just only go to this forum. Stick with me. I am reviewing all the reports. There is a very serious infection that looks like a persistent trojan with many hooks. I will be posting a special custom script.

Edited by Maurice Naggar
Link to post
Share on other sites

I see many malicious EXE files + malicious scheduled tasks here. It was not just a case that the antivirus was messed with. Be sure you isolate this machine so that it is only used to get to this forum or the sites I may guide you to for other tools. We are looking at this critical run, plus, there will be more to follows.

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do  checks & some  cleanups.

We will use FRST64.exe  on the Downloads folder to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  Abe1947  only / for this machine only.

 

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed 60 minutes in execute time.

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. .  It will rebuild the Winsock. It will reset the firewall rules.

NOTE-2: It will attempt to do 1 quick scan + 1 custom path scan with Microsoft Defender antivirus. It will attempt to set MS Defender antivirus to stronger protection settings. It will attempt to remove the malicious EXE files & related scheduled tasks. There are many !!!

NOTE-3: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. 

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome,  and Opera  & BRAVE caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

  •  
  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt            <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


RIGHT click on FRST64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Link to post
Share on other sites

That run did a lot of cleanups. But there is still other checks and scans to be done. Keep up your patience. 

One other action:  Malwarebytes for Windows  can detect and remove most malware with no further actions required for free.
Since it does not appear that this machine has it, go and install Malwarebytes for Windows.
See https://support.malwarebytes.com/hc/en-us/articles/360038479134-Download-and-install-Malwarebytes-for-Windows

After the setup has completed, run a Threat Scan, open Malwarebytes for Windows and click the blue Scan button.

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Link to post
Share on other sites

These are the next steps. There are a few "startup settings" that the boogers had put in place; which we want to be sure are gone. This is a 2nd run of custom script.

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do  checks & some  cleanups.

Delete the file named Fixlist.txt  that I had had you save on Downloads folder

We will use FRST64.exe  on the Downloads folder to run a 2nd custom script.    The system will be rebooted after the script has run.

This custom script is for  Abe1947  only / for this machine only.

 

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed say 25 minutes.

  •  
  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.
  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt          <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


RIGHT click on FRST64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Link to post
Share on other sites

This log looks so very much like the very first that I had you run ( before).

PLEASE be very sure that you first Delete the old existing Fixlist on the Downloads.

and then re -do the run list I listed above including downloading that Fixlist off of that post. https://forums.malwarebytes.com/topic/285090-windows-defender-no-longer-working/?do=findComment&comment=1508465

I have the proper 2nd script on that link.

Link to post
Share on other sites

The proper Fixlist is on my last post.  I have checked & know that is so. I need you to be very sure you get & save the Fixlist.txt attached ...saved to Downloads.

Then re-do the run like posted ....please.  Thanks.  Do not rush. we want to be sure to do it right.

Edited by Maurice Naggar
Link to post
Share on other sites

I see that.  I cannot find the fixlist files that I have downloaded in my downloads folder.  After I run the program, the fixlist file itself, disappears from the downloads folder.  See the screenshot I attached.  So I am not sure how to delete a file that I cannot find

Screenshot.PNG

Link to post
Share on other sites

what I am saying is that ( from what I saw) you did not grab / download the new Fixlist.txt in my last post.  Please look again on my post here & see the attachment there.

https://forums.malwarebytes.com/topic/285090-windows-defender-no-longer-working/?do=findComment&comment=1508465

IF you do not see the old file .....just get the new one off my link  and re-do the procedure as listed.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.