What is WinDefend?

[1nf3rn0x]

I'm pretty sure I haven't seem this before If it's normal what's its role?

 

[brandonwh64]

Looks to be malware.

http://www.sevenforums.com/system-security/129174-windefender-exe-windows-defender.html

Adaware will remove it

 

[1nf3rn0x]

Looks to be malware.

http://www.sevenforums.com/system-security/129174-windefender-exe-windows-defender.html

Adaware will remove it

Hmm, where could I have picked it up from? I know I haven't viewed any pr0n or downloaded any torrents

 

[Solaris17]

Malware iv had to remove this from customer pcs

 

[1nf3rn0x]

I might post a screenie of everything running to see if there's any other crazy stuff on it. And what does this malware specifically do?

But I'm totally in shock, I haven't download a single torrent, nor looked at a single pr0n and haven't been on any websites that I know aren't safe. D:

 

[Solaris17]

http://img.techpowerup.org/120523/windefender136.jpg

I might post a screenie of everything running to see if there's any other crazy stuff on it. And what does this malware specifically do?

But I'm totally in shock, I haven't download a single torrent, nor looked at a single pr0n and haven't been on any websites that I know aren't safe. D:

its a downloader IIRC and dont be in such shock. Viruses appear in the wild. tighten the settings on your AV and scan more often.

 

[1nf3rn0x]

its a downloader IIRC and dont be in such shock. Viruses appear in the wild. tighten the settings on your AV and scan more often.

I'm using Avast free and scan fortnightly, what else can I do

Any of this out of line? If I have one I probably have more D:

 

[Solaris17]

I'm using Avast free and scan fortnightly, what else can I do

i mean i guess you could laugh but you did ask.

well for starters you can go into the avast CP and go to each individual shield control and tighten the security settings on it.

i modify

"Actions"
"packers"
"Sensitivity"

I suppose while we are being smart asses ill leave it at that. I mean if you cant figure it out thats part of the problem right?

 

[1nf3rn0x]

i mean i guess you could laugh but you did ask.

well for starters you can go into the avast CP and go to each individual shield control and tighten the security settings on it.

i modify

"Actions"
"packers"
"Sensitivity"

I suppose while we are being smart asses ill leave it at that. I mean if you cant figure it out thats part of the problem right?

Can you check to see if the processes I have currently running are also not malware XD. I'm running a scan with Ad-aware so i'll be doing my maths homework while I wait

 

[Solaris17]

all of the service check out.

make sure you have things like the windows firewall etc set to auto etc and havent made a bunch of custom rules.

go to gibson research

https://www.google.com/webhp?source....,cf.osb&fp=2eea1a31cbf97609&biw=1366&bih=653

mouse over the services tab click on shields up, press proceed and click on all service ports.

ideally thay should be all green

 

[1nf3rn0x]

all of the service check out.

make sure you have things like the windows firewall etc set to auto etc and havent made a bunch of custom rules.

go to gibson research

https://www.google.com/webhp?source....,cf.osb&fp=2eea1a31cbf97609&biw=1366&bih=653

mouse over the services tab click on shields up, press proceed and click on all service ports.

ideally thay should be all green

Thanks!

Apparently windefend is not bad afterall? Open Windows Defender by clicking the Start button . In the search box, type Defender, and then, in the list of results, click Windows Defender. (from Micro$oft)

I have noticed that the program has now stopped as I am running ad-aware for a scan to remove it, when I try run the program (windows defender from start), windows says it has been stopped. I'm not sure but I;d rather be safe

 

[Solaris17]

um no

windows defender is

MSASCui.exe


windefend is supposed to look like windows defender but it is not.

 

[1nf3rn0x]

um no

windows defender is

MSASCui.exe


windefend is supposed to look like windows defender but it is not.

Oh. Thanks for clearing that up .
With me being 15 I haven't delved into this side of windows

 

[Solaris17]

 

[1nf3rn0x]

Ad-aware just said it had removed it. Rebooted pc. Now what?

Can I find the exe?

Item Name: Windows Defender
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDEFENDER.EXE
Type: Explorer Run

Item Name: {FF92BFB4-4DDA-FFC7-C394-6D8A0C9D5DEB}
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDEFENDER.EXE
Type: ActiveSetup

Item Name: WinDefender.exe
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDEFENDER.EXE
Type: Running Processes

 

[Solaris17]

enable hidden files and folders if you havent already check for windefend.exe in these places.

C:\Documents and Settings\User\Application Data\WinDefend.exe

C:\Windows\System\WinDefend.exe

but first kill the process.

then press windows key+R and type

"msconfig"

go to the startup tab and show me everything in it.

 

[temp02]

um no

windows defender is

MSASCui.exe


windefend is supposed to look like windows defender but it is not.

Sorry but we are talking about services, and believe it or not, the legit Windows Defender service (Microsoft anti malware that is shipped with Windows Vista, and later, on install) is called WinDefend. And if you don't believe me, try running it yourself:

sc start WinDefend

If you don't want it running (or you have another anti-virus solution running), launch a command prompt in admin mode and do this:

sc config WinDefend start="disabled"
sc stop WinDefend

Good luck.

 

[1nf3rn0x]

Sorry but we are talking about services, and believe it or not, the legit Windows Defender service (Microsoft anti malware that is shipped with Windows Vista, and later, on install) is called WinDefend. And if you don't believe me, try running it yourself:

sc start WinDefend

If you don't want it running (or you have another anti-virus solution running), launch a command prompt in admin mode and do this:

sc config WinDefend start="disabled"
sc stop WinDefend

Good luck.

That worked, thanks. I'll reboot and see if it stays. Should I be running it or not?

 

[temp02]

If you have another Anti-Virus suite installed (like Nod32) you can probably disable Windows Defender and still be protected against malware intrusions (truth be told, Defender without Security Essentials isn't gonna protect you against much anyway ).

 

[1nf3rn0x]

If you have another Anti-Virus suite installed (like Nod32) you can probably disable Windows Defender and still be protected against malware intrusions (truth be told, Defender without Security Essentials isn't gonna protect you against much anyway ).

If I go into my brothers computer I see no such thing in his processes so why is that? Even when I ran the denfender from start menu nothing appeared.

 

[Solaris17]

If I go into my brothers computer I see no such thing in his processes so why is that? Even when I ran the denfender from start menu nothing appeared.

I think he was trying to correct me. I dont think his post was aimed at you. besides im staring at your infection

Item Name: Windows Defender
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDEFENDER.EXE
Type: Explorer Run

Item Name: {FF92BFB4-4DDA-FFC7-C394-6D8A0C9D5DEB}
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDEFENDER.EXE
Type: ActiveSetup

Item Name: WinDefender.exe
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDEFENDER.EXE
Type: Running Processes

 

[temp02]

Windows Defender can't be started from the "Run" thingy like any other program, it's a service, if you want to start it on your brothers computer you need to run

sc start WinDefend

on an admin command prompt.

 

[1nf3rn0x]

I think he was trying to correct me. I dont think his post was aimed at you. besides im staring at your infection

So it's a virus?

The data posted is not mine, from a website about WinDefend.

Solaris do you have skype or teamviewer? I think more can be done there!

 

[Solaris17]

So it's a virus?

The data posted is not mine, from a website about WinDefend.

well you said adaware found it. and i gave you the paths. i suppose you could always go look.

 

[qubit]

@1nf3rn0x

As you have malware on your system, the only guaranteed way of removing it, plus ensuring that Windows works reliably and properly, is to format your system disc and reinstall from scratch - or just put an image over it instead if you have one, which accomplishes the same thing. Make sure to back up any data first...

And how did it get on your system? The reason is in what you said: manual virus scan every two weeks with a free a/v. You might as well not bother. It's critical to have realtime scans done from a reputable a/v company. Personally, I've used the excellent Kaspersky Internet Security for years and its stopped a few nasties in its time.