SOLVED Windows defender having serious issues/Virus?

[aron4242]

So my windows defender stopped working completely, i noticed it when the scan option disappeared from my context menu. I went and checked to see if windows defender was on and there no sys tray icon and the windows security menu shows as blank when opened. Virus and threat protection menu will not let me scan or update or do anything. i have been through many google posts trying many different things. I will list what i have been through so far to eliminate what I have already tried. I'm fairly well off with computers but am no expert by any means so any help would be greatly appreciated.

1. When I noticed the problem I looked through my settings first and seeing nothing wrong I tried simply restarting security center through services.msc. But upon right clicking it all of my playback options (restart etc.) are greyed out. Its worth mentioning at this point in time I had never installed any third party software for antivirus/anti malware or anything. I only ever had windows security.

2. When that did not work I did a quick search to see troubleshooting options, I did a sfc scan which did say it found errors but was unable to fix them. Also did DISM RestoreHealth, didn't work, so then a component cleanup and retried the first two again. That did not work either.

3. It was suggested to do a clean boot, even though i had not installed any new software and knew there was nothing conflicting there i tried it anyways. Didn't work either.

4. Now I found afew articles about registry edits, and conflicting entries. Changed the DisableAntiSpyware reg value from 1 to 0. Also found one of these named entries "MsMpEng.exe" and I deleted it.

5. Assuming now based on the above my problem was most likely malware. Downloaded and ran malwarebytes/hitmanpro/zemana. There was definitely malware on there, from my skim thorugh of what they were it looked to me mostly like stuff preventing notifications about firewalls etc.... so I removed all of that. Restarted the computer and ran all the scans a second time. Everything came up clean. But still not working.

6. Re-tried steps 1-4, still not working, but while i was poking around the hard drive and settings this time I noticed my UAC was turned off as well as my system restore, Remote desktop had been enabled, and there was 2 random extra user accounts under C:/Users "Default01" and another with a similar name. (some weird s**t) I deleted the UA folders, turned UAC and system restore back on and disabled remote help. Cleaned out all of my temp files everywhere as well. Restarted the PC again but still not working.

7. I downloaded Kaspersky Security, ran a full scan, the only thing it came up with was one riskware file, and its from an unofficial game patch i downloaded for one of my games from nexusmods site. I highly doubt that's the cause of my issues.

(PS) Anything I found to do with group policy controls I could not change or access at all due to not even having gpedit on windows 10 home for whatever reason they did that. I saw a reg hack to supposedly enable it but I wasn't about to give it a shot it didnt seem smart to me

(PPS) Also downloaded a program called RE-image considering the sfc scan said corrupt but didn't realize it was free scan, pay to repair so i opted out. Malwarebytes detects it as an unwanted program but I looked up the software before i used it at all (always do) and its fine.

So that's where i am now..... Lost lol. Sorry for the long post but just trying to be as descriptive as I can for whoever is reading this, and whoever is reading this I thank you kindly for your time. Short of doing a re install of windows i have exhausted all of my capabilities. Please somebody help mee!
I have a feeling that now that my computer is malware/virus clean there is just some dumb thing I am missing or that I don't know about windows 10 that can solve my issue.

Thank you for hearing me out!

 

[Regedit32]

Hi Aron,

Welcome to the Forum.

I was going to ask whether you had any third party Security Software installed, but note you have installed Kaspersky and from the sounds of it the odd cleaning utility [ e.g. MalwareByte ].

Kaspersky when installed will disable Windows Defender, so if your intention is to get Windows Defender functioning again, you'll first need to uninstall Kaspersky and any other antivirus programs [ e.g. McAfee, Norton, etc ].

Malwarebytes is popular for some people and you can safely leave that installed if you like it, as it will work fine with Windows Defender.


You mentioned you deleted MSMpEng.exe - can you confirm whether you mean the literal file, or a Registry entry pointing to this executable?

MSMpEng.exe is part of the Windows Security and runs in the back ground scanning for malware based on scheduled tasks. You definitely want to keep that if you intend on using Windows Defender.

I'm wondering too, whether or not you have tried running Windows Defender in an offline scan mode [ I suspect not given your claim items are greyed out ].

Also, have you attempted to boot your computer into Safe Mode and tested whether or not you can run Windows Defender there, or adjust settings for Windows Defender?

Finally, are you running just the single account on your Windows 10 Home edition? Or are there multiple accounts? If there is more than one account, are any of the other accounts affected the same way?


Regards,

Regedit32

 

[aron4242]

I deleted the registry entry not the file. I came across a help forum marked solved and that was one of the suggestions so I gave it a shot.
Also I didn't install malwarebytes or Kaspersky untill after windows defender stopped working so I could scan for viruses.
I did try an offline scan, I can access those options but anything I click it doesn't react. As soon as the scan goes to initiate after choosing full scan it just does nothing. It is the options in services.msc regarding security center that are greyed out.
I am also the only user account on the pc. Besides the two that showed up and didn't belong there.
I didn't try booting into safe mode, I did do a clean boot tho, disabling all startup programs.
Found out my sfc errors were all related to defender PowerShell modules (known bug I guess) but that doesn't explain to me what the problem is.

Thanks for the reply.

 

[Regedit32]

Do you have your personal files backed up?

Given you've done a lot of things, and in some cases reverted the changes, I'm thinking the simplest solution here would be to open:

Settings | Update & Security | Recover | Reset this computer --- Choosing to delete all personal files and reinstall Windows 10

That would remove any corrupted files as well as any infected files ( assuming you had malware or virus issues ).

It ought to also deal with the additional user accounts you mentioned.


The only alternative to this, would be to take one step at a time, and explore precisely what you did, and reverse that if needed.

I realize you installed Kaspersky and Malwarebytes after the issue began, but you had mentioned you changed a Registry value from 1 to 0 in regards to DisableAntiSpyware. That key would only be present if you previously had manually added it yourself, or because you had a third party security software installed that automatically added it.

So apart from dealing with the alterations you made based on what you read online, we'd also need to completely review your installed applications.

Hence me leaning towards either the Recovery ( built into Windows ) or failing that downloading a Windows 10 iso and doing a Full in-place upgrade - which essentially means, to install Windows 10 over the top of the current image [ choosing the option here, to remove all personal files and data ] to ensure a clean install. There is an article on how to do this in our Article Section. This option may be best, given your access to normal actions seems limited [ e.g. being able to access and modify services in your case seems a challenge, suggesting there is almost certainly an issue with your Profile and Windows recognizing you as someone with administrative privileges. ]

Let me know how you want to tackle this.

 

[davehc]

". That key would only be present if you previously had manually added it yourself, or because you had a third party security software installed that automatically added it. "
Right!
I know Kaspersky adds this key, and some others probably!
I don't read exactly how the op is using Malwarebytes, but, if it is the free edition, you can opt to run it only on demand -- no monitoring .etc.. IMO the safest way to use it as a backup.

 

[aron4242]

Okay, I ended up doing a clean install with the downloaded .iso as you suggested. I didn't realize you could simply mount the iso in explorer and run it while windows is operating. (i dont have a cd burner and read before usb can be faulty)

Took maybe an hour to download/install and when I came back my security screen wasn't black anymore! Detected my kaspersky and can run along side it even if I wish for periodic scans. No more odd user accounts, both windows and kaspersky icons in sys tray. Scans come up clean on my SSD and HDD. Its still going to bug me what went wrong..... just my curiosity, but I thank you for your help. Everything is back to normal.

I decided to keep the kaspersky total security for now. Just based on the fact i seem to like it more with the secure connection features etc.. And yes I did opt to only run malwarebytes on demand as a scanner tool basically. It does not monitor,nor does it start with windows.

Thanks again!

 

[Regedit32]

Thanks for the update Aron.

I'm glad an in-place upgrade resolve your issues satisfactorily.

It's difficult to say precisely what went wrong, but with all the symptoms you were experiencing I feel your account profile was severely hindered - that may have been the result of a malware attack, or the result of some mistakes when editing the Registry, or a combination of the both.

It is possible a Windows update went wrong at some point - but so far as I am aware no one else is reporting such radical issues as yours in the last month.

If you feel there was a virus infection, and have an idea of what file caused that infection - then it'd be wise to stay well away from the files source in future - which may be an online gaming site, video site, etcetera.

Likewise, when downloading free software to use, be that Kaspersky, a game, or some other utility - ALWAYS scan that file before installing, and ideally install it isolated using Sandbox or something else, if you are unsure what affects it will have.

As a general rule of thumb, I always create a restore point BEFORE I open a downloaded file, or open, run and install a new downloaded update from Windows or a third party application provider. That way if things go wrong I have an option to get pc back to a working state.

If you have not all ready done so - type create a restore point in your search bar, and follow prompts to create one now of your functioning system.

 

[aron4242]

Yea thats what i am leaning towards too, I read a post where someone had similar issues as I did (namely the blank security screen) and it was a corrupt user account, most likely due to malware, so that mixed with what I did as well was probably the culprit. Also now that you mention it my windows update also had an error during that time too. Got stuck on something.

I did create a restore point now, and have been researching the whole sandbox/virtual machine thing. I thank you for all your help/advice/input. In my pc days (XP-7) I couldn't afford a nice enough machine to use a virtual desktop. Now that I am getting back to it with a nice machine there's alot more to learn.

Lesson 1....be more careful! Haha

Thanks again for your help and cheers!

 

[PA-WOODCHUCK]

Having a issue somewhat related to wanting to force a defender scan as that option is missing. Wife's computer with no 3rd party virus software... today clicked a link of persons obituary on FB. Now can't close or delete window but request to call Microsoft support 866-910-8111

 

[aron4242]

... request to call Microsoft support 866-910-8111...

That is not a microsoft number and is likely a hijacker that will try and scam you out of some money to "fix" your computer. Quick search reveals the number is unsafe and this kind of thing happens alot. Can you do anything on the pc at all or did they lock it out?

 

[Regedit32]

Have you tried running Microsoft's Malicious Software Removal tool?

Type mrt into search bar and hit enter then follow prompts.

 

[Garyw]

Having a issue somewhat related to wanting to force a defender scan as that option is missing. Wife's computer with no 3rd party virus software... today clicked a link of persons obituary on FB. Now can't close or delete window but request to call Microsoft support 866-910-8111

Usually, when you see a screen like this, your browser will be locked up. Activate Task Manager by right clicking on the task bar, or push [Ctrl] [Alt] [Del]. Click on More details. Then find and click on your browser (Chrome, Edge, Fire Fox, etc.), then click on end task. Has worked numerous times for my clients and myself.

When you restart your browser, DO NOT select RESTORE PREVIOUS PAGES, or you'll most likely be right back to the phony message.