1.    27 Jun 2016 #1
    Join Date : Jul 2015
    Posts : 902
    Windows 10 Home x64

    WD bogus notification: malware detected and cleaned


    Hello.

    I received a notification today from WD (at the notifications area) stating that "malware detected and is being cleaned". Funny enough I checked WD history and nothing was found there. I clicked on the notification and nothing was shown there either.

    What gives?

    I have been scanning several folders (browsers cache, appdata and so on, as well as a quick test) with WD but my system seems to be pretty clean. Could it be that Steam was opened when I got that notification?
      My ComputerSystem Spec
  2.    27 Jun 2016 #2
    Join Date : Apr 2015
    Posts : 12,982
    W10Prox64

    Hi.
    I don't think Steam would cause that.
    I would run ADWCleaner just to be sure there's not something on the system that Defender is having trouble with. Please make sure all programs are closed as it will require a reboot if there is anything to "clean". If it does indeed find something, please post the log here for us to have a look. C:\AdwCleaner\AdwCleaner.txt
      My ComputerSystem Spec
  3.    27 Jun 2016 #3
    Join Date : Jul 2015
    Posts : 902
    Windows 10 Home x64
    Thread Starter

    I already ran AdwCleaner. Nothing found.

    Could it be that the notification system itself is wonky? Sometimes I get the "ding" sound from notification area but nothing is found there. I mean, sometimes Windows10 makes that sound without reason.

    But then again, the message "malware found and being cleaned" was clearly there in this case.
      My ComputerSystem Spec
  4.    27 Jun 2016 #4
    Join Date : Apr 2015
    Posts : 12,982
    W10Prox64

    Quote Originally Posted by eLPuSHeR View Post
    I already ran AdwCleaner. Nothing found.
    Good!
    Quote Originally Posted by eLPuSHeR View Post
    Could it be that the notification system itself is wonky? Sometimes I get the "ding" sound from notification area but nothing is found there. I mean, sometimes Windows10 makes that sound without reason.
    I've had that happen a couple of times myself. Not sure what it was all about either - no notifications anywhere.
    Quote Originally Posted by eLPuSHeR View Post
    But then again, the message "malware found and being cleaned" was clearly there in this case.
    That is suspicious indeed. Have a look here and see if there's anything (this is supposed to be where Defender puts the quarantine):
    Code:
    C:\ProgramData\Microsoft\Windows Defender\LocalCopy
      My ComputerSystem Spec
  5.    27 Jun 2016 #5
    Join Date : Oct 2013
    Penns Forrest
    Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3

    See if this sheds any light on the subject.

    PowerShell (run as administrator)
    Get-MpThreatDetection
    Get-MpThreat

    Use PowerShell to See What Windows Defender Detected | Hey, Scripting Guy! Blog

    There were no results when I ran them on my machine.

    And this details WD events

    Troubleshoot Windows Defender in Windows 10 (Windows 10)
      My ComputerSystem Spec
  6.    28 Jun 2016 #6
    Join Date : Jul 2015
    Posts : 902
    Windows 10 Home x64
    Thread Starter

    @Simrick

    The folder C:\ProgramData\Microsoft\Windows Defender\LocalCopy is empty.

    @Slartybart

    OK. I got it. WD mistakenly flagged ZHPCleaner as a trojan.

    It's a false positive. I think it's because most AV software tends to mistakenly flag all AutoIT software as trojan. It must be some heuristics issue.

    Marking thread as solved now.

    I really appreciate your help.

    Best regards.
      My ComputerSystem Spec
  7.    28 Jun 2016 #7
    Join Date : Apr 2015
    Posts : 12,982
    W10Prox64

    Quote Originally Posted by eLPuSHeR View Post
    @Simrick

    The folder C:\ProgramData\Microsoft\Windows Defender\LocalCopy is empty.

    @Slartybart

    OK. I got it. WD mistakenly flagged ZHPCleaner as a trojan.

    It's a false positive. I think it's because most AV software tends to mistakenly flag all AutoIT software as trojan. It must be some heuristics issue.

    Marking thread as solved now.

    I really appreciate your help.

    Best regards.
    Sounds good. Glad you figured it out!
      My ComputerSystem Spec
  8.    29 Jun 2016 #8
    Join Date : Jul 2015
    Posts : 902
    Windows 10 Home x64
    Thread Starter

    To sum it up, I must say that those Powershell commands pointed me in the right direction.
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Windows 10 Giving Bogus Anitvirus Turned Off Messages
I'm using WEBROOT Secure Anywhere and have just started receiving messages in the Windows 10 action center stating that my antivirus and windows defender are both turned off. When I check I can clearly see that WEBROOT is turned ON. I went to the...
AntiVirus, Firewalls and System Security
Solved Windows 10 Bogus Printer Error
hello, I have an HP Laserjet P1606DN installed and working. I installed windows 10 on April 2 and when ever I print something I get the following error notification " ERROR PRINTING ON HP LASERJET - PRINTER COULDN'T PRINT (NAME OF REPORT)". ...
Drivers and Hardware
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:50.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums