Solved

defender windows 7 error message

Posted on 2014-10-21
16
302 Views
Last Modified: 2014-10-25
computer different language ran combofix
can not run windows defender
0
Comment
Question by:rgb192
  • 6
  • 5
  • 4
  • +1
16 Comments
 
LVL 14

Accepted Solution

by:
Geisrud earned 84 total points
ID: 40394561
I'm assuming that if you ran Combofix that you have some manner of malware infection.  

My initial reaction is that if Win Defender won't run, that the infection is not gone.
0
 
LVL 50

Assisted Solution

by:jcimarron
jcimarron earned 250 total points
ID: 40394851
rgb192 --
Windows Defender will not run if you have another Antivirus or Antimalware app installed.  The version for Win 7 is limited to removing spyware.  
http://blogs.microsoft.com/cybertrust/2013/11/14/windows-defender-and-microsoft-security-essentials-which-one-do-i-need/
Rather MS Security Essentials is recommended unless you want a third party (non-MS) app).
Windows Defender is the app recommended for Win 8, but not Win 7.
0
 

Author Comment

by:rgb192
ID: 40395811
http://blogs.microsoft.com/cybertrust/2013/11/14/windows-defender-and-microsoft-security-essentials-which-one-do-i-need/

There is no fix, just words

Could you please send a fix to make windows defender work?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 50

Assisted Solution

by:jcimarron
jcimarron earned 250 total points
ID: 40395820
rgb192--
You are right.  I was not suggesting a fix.  I am suggesting you uninstall Windows Defender and install MS Security Essentials (or a third party app like Avast, Avira, etc.).  WD only does a partial job of protecting you.

" The version for Win 7 is limited to removing spyware.  
http://blogs.microsoft.com/cybertrust/2013/11/14/windows-defender-and-microsoft-security-essentials-which-one-do-i-need/
 Rather MS Security Essentials is recommended unless you want a third party (non-MS) app)."
0
 

Author Comment

by:rgb192
ID: 40396225
install MS Security Essentials

how?

and does this do both spyware and virus
0
 
LVL 92

Assisted Solution

by:nobus
nobus earned 166 total points
ID: 40396281
i suggest running these :
http://www.malwarebytes.org/mbam.php                         MBAM
http://majorgeeks.com/RogueKiller_d6983.html                  Roguekiller
0
 

Author Comment

by:rgb192
ID: 40396880
0
 
LVL 50

Assisted Solution

by:jcimarron
jcimarron earned 250 total points
ID: 40396963
rgb192--
You install MSSE just like any other program--click on the downloaded file.

"does this do everything with windows 7? "
Did you read
http://blogs.microsoft.com/cybertrust/2013/11/14/windows-defender-and-microsoft-security-essentials-which-one-do-i-need/  ?  But an occasional scan with MalwareBytes is always a good idea.  No one security app can do it all.
0
 

Author Comment

by:rgb192
ID: 40399800
anti-rootkit is the only tab with information

2nd time running scan2nd time running scan
should i delete these files


this is the report
RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robert [Administrator]
Mode : Scan -- Date : 10/23/2014  17:45:27

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 34 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SweetIM : C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe  -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Windows\CurrentVersion\Run | Yahoo! Search : C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Windows\CurrentVersion\Run | Yahoo! Search : C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe  -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0AyDzzyEtA0C0DyByEyCtN0D0Tzu0CyCyCtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=116513266&ir=  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0AyDzzyEtA0C0DyByEyCtN0D0Tzu0CyCyCtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=116513266&ir=  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://rts.dsrlte.com?affID=na  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://rts.dsrlte.com?affID=na  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\Yahoo! Search -- C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe -> Found
[Suspicious.Path] \\Yahoo! Search Udpater -- C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1	localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUP][FIREFX:Addon] f0mfwzvp.default : mysearchdial.com [ffxtlbr@mysearchdial.com] -> Found
[PUP][FIREFX:Addon] f0mfwzvp.default : MySearchDial [{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}] -> Found
[PUM.HomePage][FIREFX:Config] f0mfwzvp.default : user_pref("browser.startup.homepage", "http://rts.dsrlte.com?affID=na"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 419715f6912ab3416d80402d76f7d4c6
[BSP] 2c1614e2c06e79278a040ed2b5ff4bd1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17408 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 35653632 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 35858432 | Size: 697894 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10232014_173605.log

Open in new window

0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40399817
rgb192--
How is this related to your original question?  Has that been solved?
0
 
LVL 92

Assisted Solution

by:nobus
nobus earned 166 total points
ID: 40399904
if it returns annything, i delete it
if you doubt it - make a backup first
0
 

Author Comment

by:rgb192
ID: 40403477
I've requested that this question be closed as follows:

Accepted answer: 0 points for rgb192's comment #a40396225
Assisted answer: 167 points for jcimarron's comment #a40394851
Assisted answer: 167 points for nobus's comment #a40396281
Assisted answer: 166 points for nobus's comment #a40399904

for the following reason:

tnanks for tools
0
 
LVL 92

Expert Comment

by:nobus
ID: 40401133
tx for feedback
0
 

Author Closing Comment

by:rgb192
ID: 40403478
so I should use security esentials instead of windows defender and combofix / rogue killer for a badly infected machine.

Thanks.
0
 
LVL 92

Expert Comment

by:nobus
ID: 40403606
on a fresh system, i install an AV (free for personal use) - paid for business
that's all
i only install the others when needed
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40404072
rgb192--
"so I should use security esentials instead of windows defender and combofix / rogue killer for a badly infected machine."
I suggest you also install the free edition of MalwareBytes and run a scan every week or so.

Glad to have helped.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 7s template 4 62
M2 SSD questions 14 32
Windows Updates question 2 30
see android hidden files 10 25
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question