G
Gacorek11
Hi! About two weeks ago I've got a virus, which not only wasn't found or blocked by Windows Defender but it has completely deleted Defender from system! I've used Malwarebytes to delete malware and then I used system restore to have Defender back. But two days ago the same thing happen! There is no Defender in system tray, nor working in the background. Manually launching an app shows an empty window with "At glance" text like on a screenshot below: 
There is also no WinDefend or SecurityHealthService in Windows Registry.
Windows Update is also broken - gives an 0x80070424 error.
Here is a report from my Malwarebytes scan:
Registry key: 3
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\STARTUPCHECKLIBRARY, Dodano do kwarantanny, 490, 735770, , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B07CFF68-8ED4-4020-998B-0DAD7FDF806D}, Dodano do kwarantanny, 490, 735770, , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{B07CFF68-8ED4-4020-998B-0DAD7FDF806D}, Dodano do kwarantanny, 490, 735770, , , ,
Registry Value: 2
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B07CFF68-8ED4-4020-998B-0DAD7FDF806D}|PATH, Dodano do kwarantanny, 490, 782993, 1.0.23708, , ame,
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WINLOGUI, Dodano do kwarantanny, 854, 604807, 1.0.23708, , ame,
Registry Data: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Zastąpiono, 13646, 293294, 1.0.23708, , ame,
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Zastąpiono, 13646, 293295, 1.0.23708, , ame,
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Zastąpiono, 13646, 293296, 1.0.23708, , ame,
Folder: 3
PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Dodano do kwarantanny, 325, 455070, , , ,
File: 16
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, Dodano do kwarantanny, 490, 735770, 1.0.23708, , ame,
RiskWare.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, Dodano do kwarantanny, 854, 604807, , , ,
Trojan.FakeMS.TskLnk, C:\WINDOWS\SYSTEM32\STARTUPCHECKLIBRARY.DLL, Dodano do kwarantanny, 4082, 676770, 1.0.23708, 5A74DC805B2D0D63F8E75887, dds, 00716168
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000102.ldb, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000104.ldb, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000105.log, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000106.ldb, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Zastąpiono, 325, 455070, 1.0.23708, , ame,
PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Zastąpiono, 325, 455070, 1.0.23708, , ame,
PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Zastąpiono, 325, 455070, 1.0.23708, , ame,
("zastąpiono" = replaced; "Dodano do kwarantanny" = Added to quarantine)
All quarantined items were deleted later.
Windows 10 Home 64-bit
Version: 1909
Compilation: 18363.815
I know that I have to reinstall system now, but first of all, Defender does not fulfill it's task, and second - I don't know where the virus comes from and how to become immune for it.
I'm sorry for my bad english. I hope you can help me!
Continue reading...
There is also no WinDefend or SecurityHealthService in Windows Registry.
Windows Update is also broken - gives an 0x80070424 error.
Here is a report from my Malwarebytes scan:
Registry key: 3
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\STARTUPCHECKLIBRARY, Dodano do kwarantanny, 490, 735770, , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B07CFF68-8ED4-4020-998B-0DAD7FDF806D}, Dodano do kwarantanny, 490, 735770, , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{B07CFF68-8ED4-4020-998B-0DAD7FDF806D}, Dodano do kwarantanny, 490, 735770, , , ,
Registry Value: 2
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B07CFF68-8ED4-4020-998B-0DAD7FDF806D}|PATH, Dodano do kwarantanny, 490, 782993, 1.0.23708, , ame,
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WINLOGUI, Dodano do kwarantanny, 854, 604807, 1.0.23708, , ame,
Registry Data: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Zastąpiono, 13646, 293294, 1.0.23708, , ame,
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Zastąpiono, 13646, 293295, 1.0.23708, , ame,
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Zastąpiono, 13646, 293296, 1.0.23708, , ame,
Folder: 3
PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Dodano do kwarantanny, 325, 455070, , , ,
File: 16
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, Dodano do kwarantanny, 490, 735770, 1.0.23708, , ame,
RiskWare.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, Dodano do kwarantanny, 854, 604807, , , ,
Trojan.FakeMS.TskLnk, C:\WINDOWS\SYSTEM32\STARTUPCHECKLIBRARY.DLL, Dodano do kwarantanny, 4082, 676770, 1.0.23708, 5A74DC805B2D0D63F8E75887, dds, 00716168
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000102.ldb, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000104.ldb, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000105.log, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000106.ldb, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\Users\gacor\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Dodano do kwarantanny, 325, 455070, , , ,
PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Zastąpiono, 325, 455070, 1.0.23708, , ame,
PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Zastąpiono, 325, 455070, 1.0.23708, , ame,
PUP.Optional.Delta, C:\USERS\GACOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Zastąpiono, 325, 455070, 1.0.23708, , ame,
("zastąpiono" = replaced; "Dodano do kwarantanny" = Added to quarantine)
All quarantined items were deleted later.
Windows 10 Home 64-bit
Version: 1909
Compilation: 18363.815
I know that I have to reinstall system now, but first of all, Defender does not fulfill it's task, and second - I don't know where the virus comes from and how to become immune for it.
I'm sorry for my bad english. I hope you can help me!
Continue reading...