1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

What is WinDefend?

Discussion in 'General Software' started by 1nf3rn0x, May 23, 2012.

  1. 1nf3rn0x

    1nf3rn0x

    Joined:
    Sep 15, 2009
    Messages:
    2,029 (1.15/day)
    Thanks Received:
    361
    I'm pretty sure I haven't seem this before :laugh: If it's normal what's its role?


    [​IMG]
  2. brandonwh64

    brandonwh64 Addicted to Bacon and StarCrunches!!!

    Joined:
    Sep 6, 2009
    Messages:
    18,414 (10.41/day)
    Thanks Received:
    5,983
    Location:
    Chatsworth, GA
  3. 1nf3rn0x

    1nf3rn0x

    Joined:
    Sep 15, 2009
    Messages:
    2,029 (1.15/day)
    Thanks Received:
    361
  4. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,063 (5.25/day)
    Thanks Received:
    3,501
    Location:
    Florida
    Malware iv had to remove this from customer pcs
    1nf3rn0x says thanks.
  5. 1nf3rn0x

    1nf3rn0x

    Joined:
    Sep 15, 2009
    Messages:
    2,029 (1.15/day)
    Thanks Received:
    361
    [​IMG]

    I might post a screenie of everything running to see if there's any other crazy stuff on it. And what does this malware specifically do?

    But I'm totally in shock, I haven't download a single torrent, nor looked at a single pr0n and haven't been on any websites that I know aren't safe. D:
  6. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,063 (5.25/day)
    Thanks Received:
    3,501
    Location:
    Florida
    its a downloader IIRC and dont be in such shock. Viruses appear in the wild. tighten the settings on your AV and scan more often.
  7. 1nf3rn0x

    1nf3rn0x

    Joined:
    Sep 15, 2009
    Messages:
    2,029 (1.15/day)
    Thanks Received:
    361
    I'm using Avast free and scan fortnightly, what else can I do :laugh:

    Any of this out of line? If I have one I probably have more D:


    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]
    Last edited: May 23, 2012
  8. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,063 (5.25/day)
    Thanks Received:
    3,501
    Location:
    Florida
    i mean i guess you could laugh but you did ask. :slap:

    well for starters you can go into the avast CP and go to each individual shield control and tighten the security settings on it.

    i modify

    "Actions"
    "packers"
    "Sensitivity"

    I suppose while we are being smart asses ill leave it at that. I mean if you cant figure it out thats part of the problem right?
  9. 1nf3rn0x

    1nf3rn0x

    Joined:
    Sep 15, 2009
    Messages:
    2,029 (1.15/day)
    Thanks Received:
    361
    Can you check to see if the processes I have currently running are also not malware XD. I'm running a scan with Ad-aware so i'll be doing my maths homework while I wait :ohwell:
  10. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,063 (5.25/day)
    Thanks Received:
    3,501
    Location:
    Florida
    1nf3rn0x says thanks.
  11. 1nf3rn0x

    1nf3rn0x

    Joined:
    Sep 15, 2009
    Messages:
    2,029 (1.15/day)
    Thanks Received:
    361
    Thanks! :respect:

    Apparently windefend is not bad afterall? Open Windows Defender by clicking the Start button . In the search box, type Defender, and then, in the list of results, click Windows Defender. (from Micro$oft)

    I have noticed that the program has now stopped as I am running ad-aware for a scan to remove it, when I try run the program (windows defender from start), windows says it has been stopped. I'm not sure but I;d rather be safe
  12. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,063 (5.25/day)
    Thanks Received:
    3,501
    Location:
    Florida
    um no

    windows defender is

    MSASCui.exe


    windefend is supposed to look like windows defender but it is not.
  13. 1nf3rn0x

    1nf3rn0x

    Joined:
    Sep 15, 2009
    Messages:
    2,029 (1.15/day)
    Thanks Received:
    361
    Oh. Thanks for clearing that up :toast: .
    With me being 15 I haven't delved into this side of windows :eek:
  14. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,063 (5.25/day)
    Thanks Received:
    3,501
    Location:
    Florida
    [​IMG]
    1nf3rn0x says thanks.
  15. 1nf3rn0x

    1nf3rn0x

    Joined:
    Sep 15, 2009
    Messages:
    2,029 (1.15/day)
    Thanks Received:
    361
    Ad-aware just said it had removed it. Rebooted pc. Now what?


    [​IMG]

    Can I find the exe?

    Item Name: Windows Defender
    Author: Unknown
    Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDEFENDER.EXE
    Type: Explorer Run

    Item Name: {FF92BFB4-4DDA-FFC7-C394-6D8A0C9D5DEB}
    Author: Unknown
    Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDEFENDER.EXE
    Type: ActiveSetup

    Item Name: WinDefender.exe
    Author: Unknown
    Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDEFENDER.EXE
    Type: Running Processes
  16. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,063 (5.25/day)
    Thanks Received:
    3,501
    Location:
    Florida
    enable hidden files and folders if you havent already check for windefend.exe in these places.

    C:\Documents and Settings\User\Application Data\WinDefend.exe

    C:\Windows\System\WinDefend.exe

    but first kill the process.

    then press windows key+R and type

    "msconfig"

    go to the startup tab and show me everything in it.
  17. temp02 New Member

    Joined:
    Mar 18, 2009
    Messages:
    493 (0.25/day)
    Thanks Received:
    166
    Sorry but we are talking about services, and believe it or not, the legit Windows Defender service (Microsoft anti malware that is shipped with Windows Vista, and later, on install) is called WinDefend. And if you don't believe me, try running it yourself:
    Code:
    sc start WinDefend
    If you don't want it running (or you have another anti-virus solution running), launch a command prompt in admin mode and do this:
    Code:
    sc config WinDefend start="disabled"
    sc stop WinDefend
    Good luck.
    1nf3rn0x says thanks.
  18. 1nf3rn0x

    1nf3rn0x

    Joined:
    Sep 15, 2009
    Messages:
    2,029 (1.15/day)
    Thanks Received:
    361
    That worked, thanks. I'll reboot and see if it stays. Should I be running it or not?
  19. temp02 New Member

    Joined:
    Mar 18, 2009
    Messages:
    493 (0.25/day)
    Thanks Received:
    166
    If you have another Anti-Virus suite installed (like Nod32) you can probably disable Windows Defender and still be protected against malware intrusions (truth be told, Defender without Security Essentials isn't gonna protect you against much anyway :p).
  20. 1nf3rn0x

    1nf3rn0x

    Joined:
    Sep 15, 2009
    Messages:
    2,029 (1.15/day)
    Thanks Received:
    361
    If I go into my brothers computer I see no such thing in his processes so why is that? Even when I ran the denfender from start menu nothing appeared. :wtf:
  21. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,063 (5.25/day)
    Thanks Received:
    3,501
    Location:
    Florida
    I think he was trying to correct me. I dont think his post was aimed at you. besides im staring at your infection

  22. temp02 New Member

    Joined:
    Mar 18, 2009
    Messages:
    493 (0.25/day)
    Thanks Received:
    166
    Windows Defender can't be started from the "Run" thingy like any other program, it's a service, if you want to start it on your brothers computer you need to run
    Code:
    sc start WinDefend
    on an admin command prompt.
  23. 1nf3rn0x

    1nf3rn0x

    Joined:
    Sep 15, 2009
    Messages:
    2,029 (1.15/day)
    Thanks Received:
    361

    So it's a virus?

    The data posted is not mine, from a website about WinDefend.

    Solaris do you have skype or teamviewer? I think more can be done there!
    Last edited: May 23, 2012
  24. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,063 (5.25/day)
    Thanks Received:
    3,501
    Location:
    Florida
    well you said adaware found it. and i gave you the paths. i suppose you could always go look.
  25. qubit

    qubit Overclocked quantum bit

    Joined:
    Dec 6, 2007
    Messages:
    9,821 (4.08/day)
    Thanks Received:
    3,479
    @1nf3rn0x

    As you have malware on your system, the only guaranteed way of removing it, plus ensuring that Windows works reliably and properly, is to format your system disc and reinstall from scratch - or just put an image over it instead if you have one, which accomplishes the same thing. Make sure to back up any data first...

    And how did it get on your system? The reason is in what you said: manual virus scan every two weeks with a free a/v. You might as well not bother. It's critical to have realtime scans done from a reputable a/v company. Personally, I've used the excellent Kaspersky Internet Security for years and its stopped a few nasties in its time.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page