Windows Defender picks up Win32/deplock but cannot get rid of it?

Dear All,

I wonder whether you've come across this one: I run Windows 20175 and I use MalwareBytes as main protection software. Yesterday I decided to also enable Windows Defender to fully scan the system.

Windows Defender found two trojans: One (which I can't remember its name!) and Win32/deplock. I got Defender to "take action"; It then showed that "dealt with all threats". Upon restart, I run a second full scan; the first threat has not come back since, but win32/deplock keeps appearing. Each time I get Defender to take action, it claims it does, shows that "threats have been dealt with" but after restart and full scan it appears again.

Interestingly, MalwareBytes has never picked either of these two as threats. Needless to say MalwareBytes and Defender are full up-to-date with latest updates.

I have also run Defender in off-line mode, same result, win32/deplock still being picked up.

Booted in Safe Mode, tried to run Defender but it's not enabled as a service under Safe Mode.

Any thoughts? Could it be a false positive?

Has anyone got a similar experience?


Thanks a lot!
Christos

Hello.

Try submitting a sample to VirusTotal to see whether it is a false positive or not.
Another idea is to run a Windows Defender Offline Scan.

Hello and thanks a lot for your answer, I have run Defender offline, no difference, it still picks up deplock, deals with it and then finds it again.

To submit a sample to VirusTotal I need to know the file location. Defender doesn't show me any file or path and nothing is found from Windows search.

I will attempt to disable MalwareBytes, and run Defender on its own to see if it will show me a file path.