Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 328
  • Last Modified:

defender windows 7 error message

computer different language ran combofix
can not run windows defender
0
rgb192
Asked:
rgb192
  • 6
  • 5
  • 4
  • +1
6 Solutions
 
GeisrudCommented:
I'm assuming that if you ran Combofix that you have some manner of malware infection.  

My initial reaction is that if Win Defender won't run, that the infection is not gone.
0
 
jcimarronCommented:
rgb192 --
Windows Defender will not run if you have another Antivirus or Antimalware app installed.  The version for Win 7 is limited to removing spyware.  
http://blogs.microsoft.com/cybertrust/2013/11/14/windows-defender-and-microsoft-security-essentials-which-one-do-i-need/
Rather MS Security Essentials is recommended unless you want a third party (non-MS) app).
Windows Defender is the app recommended for Win 8, but not Win 7.
0
 
rgb192Author Commented:
http://blogs.microsoft.com/cybertrust/2013/11/14/windows-defender-and-microsoft-security-essentials-which-one-do-i-need/

There is no fix, just words

Could you please send a fix to make windows defender work?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
jcimarronCommented:
rgb192--
You are right.  I was not suggesting a fix.  I am suggesting you uninstall Windows Defender and install MS Security Essentials (or a third party app like Avast, Avira, etc.).  WD only does a partial job of protecting you.

" The version for Win 7 is limited to removing spyware.  
http://blogs.microsoft.com/cybertrust/2013/11/14/windows-defender-and-microsoft-security-essentials-which-one-do-i-need/
 Rather MS Security Essentials is recommended unless you want a third party (non-MS) app)."
0
 
rgb192Author Commented:
install MS Security Essentials

how?

and does this do both spyware and virus
0
 
nobusCommented:
i suggest running these :
http://www.malwarebytes.org/mbam.php                         MBAM
http://majorgeeks.com/RogueKiller_d6983.html                  Roguekiller
0
 
rgb192Author Commented:
0
 
jcimarronCommented:
rgb192--
You install MSSE just like any other program--click on the downloaded file.

"does this do everything with windows 7? "
Did you read
http://blogs.microsoft.com/cybertrust/2013/11/14/windows-defender-and-microsoft-security-essentials-which-one-do-i-need/  ?  But an occasional scan with MalwareBytes is always a good idea.  No one security app can do it all.
0
 
rgb192Author Commented:
anti-rootkit is the only tab with information

2nd time running scan2nd time running scan
should i delete these files


this is the report
RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robert [Administrator]
Mode : Scan -- Date : 10/23/2014  17:45:27

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 34 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SweetIM : C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe  -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Windows\CurrentVersion\Run | Yahoo! Search : C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Windows\CurrentVersion\Run | Yahoo! Search : C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe  -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0AyDzzyEtA0C0DyByEyCtN0D0Tzu0CyCyCtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=116513266&ir=  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0AyDzzyEtA0C0DyByEyCtN0D0Tzu0CyCyCtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=116513266&ir=  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://rts.dsrlte.com?affID=na  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://rts.dsrlte.com?affID=na  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\Yahoo! Search -- C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe -> Found
[Suspicious.Path] \\Yahoo! Search Udpater -- C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1	localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUP][FIREFX:Addon] f0mfwzvp.default : mysearchdial.com [ffxtlbr@mysearchdial.com] -> Found
[PUP][FIREFX:Addon] f0mfwzvp.default : MySearchDial [{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}] -> Found
[PUM.HomePage][FIREFX:Config] f0mfwzvp.default : user_pref("browser.startup.homepage", "http://rts.dsrlte.com?affID=na"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 419715f6912ab3416d80402d76f7d4c6
[BSP] 2c1614e2c06e79278a040ed2b5ff4bd1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17408 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 35653632 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 35858432 | Size: 697894 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10232014_173605.log

Open in new window

0
 
jcimarronCommented:
rgb192--
How is this related to your original question?  Has that been solved?
0
 
nobusCommented:
if it returns annything, i delete it
if you doubt it - make a backup first
0
 
rgb192Author Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for rgb192's comment #a40396225
Assisted answer: 167 points for jcimarron's comment #a40394851
Assisted answer: 167 points for nobus's comment #a40396281
Assisted answer: 166 points for nobus's comment #a40399904

for the following reason:

tnanks for tools
0
 
nobusCommented:
tx for feedback
0
 
rgb192Author Commented:
so I should use security esentials instead of windows defender and combofix / rogue killer for a badly infected machine.

Thanks.
0
 
nobusCommented:
on a fresh system, i install an AV (free for personal use) - paid for business
that's all
i only install the others when needed
0
 
jcimarronCommented:
rgb192--
"so I should use security esentials instead of windows defender and combofix / rogue killer for a badly infected machine."
I suggest you also install the free edition of MalwareBytes and run a scan every week or so.

Glad to have helped.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 5
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now