Windows 10: WD bogus notification: malware detected and cleaned Solved

  1.    27 Jun 2016 #1

    WD bogus notification: malware detected and cleaned


    Hello.

    I received a notification today from WD (at the notifications area) stating that "malware detected and is being cleaned". Funny enough I checked WD history and nothing was found there. I clicked on the notification and nothing was shown there either.

    What gives?

    I have been scanning several folders (browsers cache, appdata and so on, as well as a quick test) with WD but my system seems to be pretty clean. Could it be that Steam was opened when I got that notification?
      My ComputerSystem Spec


  2. Posts : 11,234
    W10Prox64
       27 Jun 2016 #2

    Hi.
    I don't think Steam would cause that.
    I would run ADWCleaner just to be sure there's not something on the system that Defender is having trouble with. Please make sure all programs are closed as it will require a reboot if there is anything to "clean". If it does indeed find something, please post the log here for us to have a look. C:\AdwCleaner\AdwCleaner.txt
      My ComputerSystem Spec

  3.    27 Jun 2016 #3

    I already ran AdwCleaner. Nothing found.

    Could it be that the notification system itself is wonky? Sometimes I get the "ding" sound from notification area but nothing is found there. I mean, sometimes Windows10 makes that sound without reason.

    But then again, the message "malware found and being cleaned" was clearly there in this case.
      My ComputerSystem Spec


  4. Posts : 11,234
    W10Prox64
       27 Jun 2016 #4

    eLPuSHeR said: View Post
    I already ran AdwCleaner. Nothing found.
    Good!
    eLPuSHeR said: View Post
    Could it be that the notification system itself is wonky? Sometimes I get the "ding" sound from notification area but nothing is found there. I mean, sometimes Windows10 makes that sound without reason.
    I've had that happen a couple of times myself. Not sure what it was all about either - no notifications anywhere.
    eLPuSHeR said: View Post
    But then again, the message "malware found and being cleaned" was clearly there in this case.
    That is suspicious indeed. Have a look here and see if there's anything (this is supposed to be where Defender puts the quarantine):
    Code:
    C:\ProgramData\Microsoft\Windows Defender\LocalCopy
      My ComputerSystem Spec


  5. Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       27 Jun 2016 #5

    See if this sheds any light on the subject.

    PowerShell (run as administrator)
    Get-MpThreatDetection
    Get-MpThreat

    Use PowerShell to See What Windows Defender Detected | Hey, Scripting Guy! Blog

    There were no results when I ran them on my machine.

    And this details WD events

    Troubleshoot Windows Defender in Windows 10 (Windows 10)
      My ComputerSystem Spec

  6.    28 Jun 2016 #6

    @Simrick

    The folder C:\ProgramData\Microsoft\Windows Defender\LocalCopy is empty.

    @Slartybart

    OK. I got it. WD mistakenly flagged ZHPCleaner as a trojan.

    It's a false positive. I think it's because most AV software tends to mistakenly flag all AutoIT software as trojan. It must be some heuristics issue.

    Marking thread as solved now.

    I really appreciate your help.

    Best regards.
      My ComputerSystem Spec


  7. Posts : 11,234
    W10Prox64
       28 Jun 2016 #7

    eLPuSHeR said: View Post
    @Simrick

    The folder C:\ProgramData\Microsoft\Windows Defender\LocalCopy is empty.

    @Slartybart

    OK. I got it. WD mistakenly flagged ZHPCleaner as a trojan.

    It's a false positive. I think it's because most AV software tends to mistakenly flag all AutoIT software as trojan. It must be some heuristics issue.

    Marking thread as solved now.

    I really appreciate your help.

    Best regards.
    Sounds good. Glad you figured it out!
      My ComputerSystem Spec

  8.    29 Jun 2016 #8

    To sum it up, I must say that those Powershell commands pointed me in the right direction.
      My ComputerSystem Spec


 

Related Threads
Windows 10 Giving Bogus Anitvirus Turned Off Messages in AntiVirus, Firewalls and System Security
I'm using WEBROOT Secure Anywhere and have just started receiving messages in the Windows 10 action center stating that my antivirus and windows defender are both turned off. When I check I can clearly see that WEBROOT is turned ON. I went to the...
Solved Windows 10 Bogus Printer Error in Drivers and Hardware
hello, I have an HP Laserjet P1606DN installed and working. I installed windows 10 on April 2 and when ever I print something I get the following error notification " ERROR PRINTING ON HP LASERJET - PRINTER COULDN'T PRINT (NAME OF REPORT)". ...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 20:14.
Find Us