ALL browser downloads report as viruses

ComputerRepairTech said:
interesting was there a symlink there? did you notice what the permissions were? I was just wondering to try to duplicate it over here.
Click to expand...

Yes, it was a symlink to c:\windows\system32\config but the files in windows defender were not symlinked. I don't recall the permissions as I have deleted it now.

Now that's over I can spend the day doing FBI virus cleanups. I should be drinking and watching TV right now but, whatever.....
 
well in my case what I did previously seeing that defender was corrupt I removed all files and folders relating to defender in programs and in the registry and tried to download and reinstall it but it will not reinstall getting a message saying it comes with the OS even though its no longer installed. and the download issue still remained. Anyone know of a way to get it installed? Don't think putting the folder back in my case in programs 86 will work? thanks,
 
glad yall provided the info for this one, its had me stumped for several days.

I was getting the download has a virus and was deleted warning on everything I tried to download. This was the only thing left before returning to customer.

It fixed mine by doing:
Renamed "windows Defender" folder
Copying a known good "Windows Defender" folder from another Win 7 machine.
Rebooted and all is good!!!!

THANKS GUYS
 
tminer said:
glad yall provided the info for this one, its had me stumped for several days.

I was getting the download has a virus and was deleted warning on everything I tried to download. This was the only thing left before returning to customer.

It fixed mine by doing:
Renamed "windows Defender" folder
Copying a known good "Windows Defender" folder from another Win 7 machine.
Rebooted and all is good!!!!

THANKS GUYS
Click to expand...

So yours was a Win 7 box ? Ok, I guess I got to make zips of vista and win7 (32 and 64 bit ?) defender folders and keep them on my usb.

Nice how this turned out, I really didn't want to give in to a reformat since so little was left to fix.
 
tminer said:
not sure, left the office to go home, tornado warnings here! Will check in the morning
Click to expand...

At the very least go into control panel, admin tools, services, sort by "startup type" and look for automatic stuff that isn't running. That's always a good way to get a quick feel for whats wrong with windows internal business.
 
I've never seen FBI mess with firewall or other services. If a customer had FBI and the services are tubed, then that usually means that machine also (or previously had) has 0A.

0A FUBARs 8 different services: BITS, BFE, IP Helper, MPSSvc, SharedAccess, Windows Defender, Windows Security, Windows Update.

Those will all need to be fixed. In addition, within SharedAccess, the BFE and MPSSvc permissions will need to be reset.

I usually just run services.msc and see if BITS and BFE are missing. If they are, then you can almost guarantee the other 6 are FUBARed as well.
 
Last edited:
numnutz said:
well in my case what I did previously seeing that defender was corrupt I removed all files and folders relating to defender in programs and in the registry and tried to download and reinstall it but it will not reinstall getting a message saying it comes with the OS even though its no longer installed. and the download issue still remained. Anyone know of a way to get it installed? Don't think putting the folder back in my case in programs 86 will work? thanks,
Click to expand...

Unless you backed up the registry before you made changes, no... you're hosed. You could try to manually re-install the registry entries you deleted. I wouldn't be of any help there, but maybe someone else could tell you how to copy them from a working machine and re-install them on the hosed machine just by double-clicking a .reg file. I know it can be done... just couldn't tell you how, lol.

Does anyone know if running a Win7 Repair from the disc would reinstall Defender if Windows saw that it was missing like in numnutz's situation?
 
Bubbajoe said:
I've never seen FBI mess with firewall or other services. If a customer had FBI and the services are tubed, then that usually means that machine also (or previously had) has 0A.

0A FUBARs 8 different services: BITS, BFE, IP Helper, MPSSvc, SharedAccess, Windows Defender, Windows Security, Windows Update.

Those will all need to be fixed. In addition, within SharedAccess, the BFE and MPSSvc permissions will need to be reset.

I usually just run services.msc and see if BITS and BFE are missing. If they are, then you can almost guarantee the other 6 are FUBARed as well.
Click to expand...

Just because you have never seen something doesn't mean it doesn't exist. We had a FBI in yesterday with a screwed up firewall and no 0A.

I have had plently of OA that never had Defender screwed up like this.
 
DocGreen said:
Does anyone know if running a Win7 Repair from the disc would reinstall Defender if Windows saw that it was missing like in numnutz's situation?
Click to expand...

Don't think it would hurt to try, I also see chatter that Windows Installer Cleanup Utility might fix it.
 
NYJimbo said:
Just because you have never seen something doesn't mean it doesn't exist. We had a FBI in yesterday with a screwed up firewall and no 0A.

I have had plently of OA that never had Defender screwed up like this.
Click to expand...

Yup new variants come along constantly plus you got the ones with modules that allow plugins and external downloads so you really never know what you are going to get. Wouldn't be hard to include another infection in the original infection method for the ones that don't have plugins and modules anyway.
 
Here is some info on Windows Defender and Vista repair/re-install.

You will need to scroll down a bit to get to the fix, it didn't come from Microsoft of course.

Don't know hoe relevant it is at this point, but just wanted to throw it out there. I didn't look back through the entire thread again, so if it was already mention....my apologies.

http://answers.microsoft.com/en-us/...r-wvista/32fddb1c-1d24-408c-aa8f-0ac82baa237a
 
NYJimbo said:
Just because you have never seen something doesn't mean it doesn't exist.....
Click to expand...

Did I say that? No I didn't.

NYJimbo said:
...We had a FBI in yesterday with a screwed up firewall and no 0A.
Click to expand...

Did you run MBAR on it and get 0 hits?

That hasn't been my experience with FBI. Again, I've done plenty of FBI and the only time services were screwed up, 0A was active or there were 0A remnant files present (found by MBAR. TDSS killer won't blink an eye at 0A $recyclebin version.)

NYJimbo said:
I have had plently of OA that never had Defender screwed up like this.
Click to expand...

I have yet to see a 0A case that didn't have Defender totally removed from the registry.
 
Luckily it veered of its path, missed me by 3 miles. did a lot of damages in the area though, probably most destructive tornado on record.
 
This post just saved me a headache I probably never would have found the cure for. Thanks!

Same bogus download error via any browser after malware cleanup of 0access and other trojans. I renamed and then copied the contents of a clean Windows Defender folder and all is well.

BTW, I inadvertently used a Win 7/64 copy and it worked in a Vista/32 system.
 
We've just got one of these in the workshop.
However the system is clean, no malware or viruses found at all.
Done offline scans etc as well.
Windows defender is working fine.
No nonstandard symlinks.
It did have avg 2013 on it so have removed that and now it looks like avg8 is still hiding in the system so will need to clean that up and see what happens.
 
We had one, win7 home premium.. Cleaned up viruses, ran d7 and tweaking repairs, copied over windows defender folders.. Still had the same problem.. Doing a repair/upgrade install fixed it.
 
You must log in or register to reply here.

Similar threads

frase
Acer Swift 3 SF314-41 Charging Issue
Replies
14
Views
779
NviGate Systems
NviGate Systems
Billed1954
HP Pavilion All-in-One - 24-k0024 BIOS and CMOS Issues
Replies
8
Views
899
Billed1954
Billed1954
thecomputerguy
Client email all the sudden swarmed with spam (O365)
Replies
8
Views
872
Sky-Knight
Sky-Knight
britechguy
Anyone ever have a touchpad "spontaneously die" only for pointer movement, and when not in use?
Replies
14
Views
827
Philippe
Philippe
britechguy
Outlook 365 - What's all this?!
2
Replies
34
Views
3K
britechguy
britechguy
Back
Top