Windows Defender picks up Win32/deplock but cannot get rid of it?
-
Windows Defender picks up Win32/deplock but cannot get rid of it?
Dear All,
I wonder whether you've come across this one: I run Windows 20175 and I use MalwareBytes as main protection software. Yesterday I decided to also enable Windows Defender to fully scan the system.
Windows Defender found two trojans: One (which I can't remember its name!) and Win32/deplock. I got Defender to "take action"; It then showed that "dealt with all threats". Upon restart, I run a second full scan; the first threat has not come back since, but win32/deplock keeps appearing. Each time I get Defender to take action, it claims it does, shows that "threats have been dealt with" but after restart and full scan it appears again.
Interestingly, MalwareBytes has never picked either of these two as threats. Needless to say MalwareBytes and Defender are full up-to-date with latest updates.
I have also run Defender in off-line mode, same result, win32/deplock still being picked up.
Booted in Safe Mode, tried to run Defender but it's not enabled as a service under Safe Mode.
Any thoughts? Could it be a false positive?
Has anyone got a similar experience?
Thanks a lot!
Christos
-
-
Hello.
Try submitting a sample to VirusTotal to see whether it is a false positive or not.
Another idea is to run a Windows Defender Offline Scan.
-
Hello and thanks a lot for your answer, I have run Defender offline, no difference, it still picks up deplock, deals with it and then finds it again.
To submit a sample to VirusTotal I need to know the file location. Defender doesn't show me any file or path and nothing is found from Windows search.
I will attempt to disable MalwareBytes, and run Defender on its own to see if it will show me a file path.
-
-
Always run only one Antivirus (Antimaware) solution (in real mode). Offline scan should work regardless
Nothing in Protection history?
-
Solved!
OK,
I downloaded Hitman Pro, found nothing...I disabled MalwareBytes, this allowed Defender to finally generate the protection report; in my case, Win32/deplock was in a Babylon software in one of my old backups...not sure why Babylon (which I though it's very well-known) got identified as trojan...
Also found some low threat ones, all again from old software..
Got rid of all this old software from the old backup and latest Defender full scan showed no current threats.
Thank you to everyone,
Christos
One more question: From your own personal experience, between Defender and MalwareBytes have you got a personal preference, and why?
Last edited by kokkolis; 29 Jul 2020 at 13:12.
-
Great news (and good work)
Regarding preferences.. You'll find out, that everybody has his own opinion, and there is not an absolute favorite around..
I'm running Windows defender, and have Malwarebytes for occasional offline scan. Also AdwCleaner