Jump to content

Windows Defender missing and cant be started


Go to solution Solved by AdvancedSetup,

Recommended Posts

So i had a problem with the cause (downloaded some pirated file) with the results similarly as this thread in 2020 ;

After i downloaded the pirated files (has not yet been installed), i got several notifications about threat from Windows Defender service which i proceed to remove. But after that, I found out that my Windows Defender screen went blank. Then i restarted my laptop and got a warning from Windows Script that "The system cannot find the files specified" from Run.vbs. I surf the internet for solution and i found the thread above and followed the intructions (without the third party antivirus steps beacuse i dont have any) . Until the final step where i need to enter 2 command below

WMIC SERVICE WHERE Name="windefend" set startmode="auto"

And then :

net start windefend

But it says "System error 2 has occured" and "The system cannot find the files specified". Windows Defenders still cant be start and still blank. So is there any solution for this without resetting my computer?

I have provided some information below that may help.

blank.png

Screenshot (1392).png

SecurityCheck.txt

Link to post
Share on other sites

  • Root Admin

Hello  and  :welcome:     @Jasas

 

My screen name is AdvancedSetup and I will assist you with your system issues.
 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow all steps in the provided order and post back all requested logs
  • Please attach all log files to your post, unless otherwise requested
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans have been completed.
  • Temporarily disable Microsoft SmartScreen to download the software below if needed. Make sure to turn it back on once the scans are completed.
  • Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing.
  • Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Cracked, Hacked, or Pirated programs are not only illegal but also can make a computer a malware victim. Having such programs installed is the easiest way to get infected. It is the leading cause of ransomware encryption. It is at times also a big source of current Trojan infections. If there are any on the system you should uninstall them before we proceed.
  • Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours.
  • If your system is running Discord, please be sure to Exit it while this case is ongoing.

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting. This is a report only.

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

 

 

Please, also run the following tool

 

Farbar Service Scanner and run it on the computer with the issue
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

 

Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click "Scan"

It will create a log (FSS.txt) in the same directory the tool is run.
Please attach the log to your next reply.

 

Thank you

 

Link to post
Share on other sites

  • Root Admin

Please start an elevated admin command prompt. Then copy and past the following into the command prompt windows and press the Enter key

echo > 0 & dir /a /s "C:\ProgramData\Microsoft\Windows Defender\Platform"  >> 0 & echo >> 0 & notepad 0 | ECHO >NUL  & DEL 0

Post back that log and I'll check it out when I get back from dinner

 

 

Link to post
Share on other sites

  • Root Admin

Please save the attached zip file to your computer.

Then extract the files to a new folder named C:\FIX

It must be extracted to C:\FIX or it will not work to run the fix.

 

 

Once you have extracted the files, then restart the computer into Safe Mode

Find the file named:  c:\fix\repair_services.bat and run that batch file with Admin rights in Safe Mode

It will also create a file named:  C:\FIX\WinDefend_info.txt

RestoreServices_Win10.zip

 

Attach the file C:\FIX\WinDefend_info.txt to your next reply and let me know if there were any errors.

 

Please pay attention to any errors and try to write down or capture them and let me know when you reply

 

Then restart the computer back into Normal Mode and run the FSS scanner again and post back that new log too.

 

Thanks @Jasas

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

  • Root Admin

Save the attached zip file to your computer. Then extract the zip file to the C:\FIX folder as before.    Make sure the files are in C:\FIX or it will not work      @Jasas

Then restart the computer back into Safe Mode again.

Then right-click over the file:  C:\FIX\Fix_WinDefendPath.bat  and select "Run as administrator"

image.png

It will run a System File Check let me know what that says.

Then it will also create a new file called:  C:\FIX\security_center_status.txt  Please attach that file on your next reply

 

Then restart into Windows Normal mode and again run the FSS scanner and send me the new log.

 

security_center_status.txt
FSS.txt

 

 

 

Fix_WinDefendPath.zip

Link to post
Share on other sites

Hello. Pardon the intrusion. While you are waiting for AdvancedSetup, this here is intended to assist on Microsoft Defender antivirus. This will be a very quick one-time run.

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app.

We will use FRSTENGLISH.exe  on the Downloads folder to run a custom script.    

This custom script is for  Jasas  machine  only / for this machine only.

  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt    <<< - - - -

Then, Start the Windows Explorer and then, go  to the Downloads    folder.


RIGHT click on FRSTENGLISH.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  •    If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.
  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.  👈

Afterwards, do a visual check Windows Start >> Settings >> Windows Security

Edited by Maurice Naggar
Link to post
Share on other sites

1. We have to have the Fixlog.txt report file. Kindly attach in reply.

2. This machine needs yet more guided help.

3. 

Let's pause and make time and just get a set of fresh reports to see what is running, what is active. Your machine has the FRSTENGLISH report tool on the Downloads folder. We will use that. Go to Downloads folder. RIGHT-click on FRSTENGLISH and select 

Run as Administrator

and tap ENTER. And reply YES to allow to proceed.  

  •  When the tool opens click Yes to the disclaimer.  And be very sure to TICK the box for Addition.txt
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run
  • Have patience since the run may take something like 10 or so minutes  (less depending on your hardware speed)
  • Close Notepad IF those show up on Notepad.
  • Just please Attach the 2 files FRST.txt +Addition.txt  with your next reply.

 

Link to post
Share on other sites

  • Root Admin

Please download the attached FIXLIST.TXT to the same location as Farbar

Then run Farbar with Admin rights and click on the FIX button.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

This may take 30 minutes or more to run

fixlist.txt

Thank you @Jasas

  • Like 1
Link to post
Share on other sites

  • Root Admin

Great, overall that was a pretty good run. @Jasas

Let me have you run the following please.

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

 

It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Then it writes into the log on your computer what it found.

 

 

  • Like 1
Link to post
Share on other sites

  • Root Admin

Well, it's a good thing you ran it. It found and removed a worm driver from the system. @Jasas

With that said, we should run another antivirus scan. This one will probably run faster but still take a LONG time so run it when you have time. As long as your Power Management doesn't put the computer to sleep, you can run it while you're sleeping.

 

 

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g. their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.