New
#11
Run Windows defender offline.
These are additional methods to scan for HTML/Brocoiner!rfn
TrojansHow to remove Trojan:HTML/Brocoiner adware (Virus Removal Guide)December 9, 2017 by Stelian Pilici
Trojan:HTML/Brocoiner!rfn threat description - Windows Defender Security Intelligence
How to remove Trojan:HTML/Brocoiner adware (Virus Help Guide)
Troubleshoot detection and removal of viruses, malware, and other threats - Windows Defender Security Intelligence
Free Antivirus Replacement & Anti-Malware Tool | Malwarebytes
HitmanPro Malware Removal Tool: Secondary Anti-Virus Scanner | Download HitmanPro 3.7
Emsisoft | Emergency Kit: Free Portable Malware Scan and Removal
It does say under 'Quarantined threats' that "Quarantined threats have been isolated and prevented from running on your device. They will be periodically removed". It could just be that by now they have been automatically removed. It's a possibility as your detections were a few days ago on the 5th. My test was less than 24 hours ago so the quarantined file has not (yet) been automatically removed.
Just reassurance that it's working as designed.Since Defender did it's job by identifying and quarantined the threat, what will I gain by testing it as you suggest?
OK Bree. I ran the EICAR test file, and Defender intercepted it immediately. Guess it's working as designed. It shows up as being quarantined, but still no option to Remove from quarantine. So your thought about the Trojan entries possibly being already removed seems to be shot down. Would also believe that when they are automatically removed, I would no longer see the entries, don't you think?
"My uneducated guess is that the tool does not look in the area where it is already quarantined."
That is true. The scans are looking for infections but the computer isn't infected. I've seen what you are seeing a some computers recently.
On the computers in which I have removed similar quarantines those computers were on 1709: it appears that shouldn't make a difference as mentioned in a prior post.
But in order for me to remove the quarantined items , I wasn't able to remove them all at once. I had to select each one individually, what I don't recall is whether I used the Severe arrow, the See details choice or just selected the Trojan itself. See what happens when you try to clear each one at a time.
Already tried that - No Remove button anyplace. BUT...
Just went back to try individually removing the Test file (Previously only tried it on the Trojans). Now the History page shows only the EICAR Test file; the 3 Trojans are gone... AND now I have a Remove All button!
Looks like the auto removal waits 3 days (June 5 when it was detected to today, June8). Guess that makes sense, but absolutely no idea why I didn't have a Remove button until now. Probably doesn't matter since all seems to be working fine now - I did click on the Remove All button, and the EICAR Test file was removed.
Thanks you ever so much for your attention and help on this!
I'll be able to confirm that in a couple of days, I've deliberately not removed my EICAR test file from quarantine
I've noticed that there's often a short delay between detection/blocking and the file appearing in quarantine.Just went back to try individually removing the Test file ... now I have a Remove All button!
Thanks ALN, very informative.
I'd like to share this information I had found
How to configure quarantine files removal on Windows Defender Antivirus
How to configure quarantine files removal on Windows Defender Antivirus | Windows Central
In my case on my computer (NOTE: I don't have a quarantined threats, I just wanted to find out what my configuration is) there wasn't any configuration for quarantine files removal on Windows Defender Antivirus and I left the it alone.
In my prior post about my experience of removing the quarantined items individually, they were done the same day as the attempted infection occurred. The owner in each situation saw that Windows Defender recommended a restart which they did and called me up. I was able to remove each one individually as I mentioned but if I get more experience as time goes on, this is an excellent thread to refer to.
Thanks MeAndMyComputer for the link. Very well written and easy to follow. My system is set at "Not configured." I elected not to change it at this time because there seems to be conflicting information that I hope somebody can clear up:
When I open Threat History, I see this
it clearly says Quarantined threats will be periodically removed. My Group Policy Editor shows "Not configured," and the explanation there (and in the site you referenced) says if not configured, the quarantined items will stay in the quarantined folder forever. So the Threat History says they will be periodically removed (and in my case, the 3 Trojans were removed, and not manually by me) but the Group Policy Editor says they will stay forever. I'm confused.