1. Joined : Jul 2015
    Posts : 730
    Windows 10 Home x64
       27 Jun 2016 #1

    WD bogus notification: malware detected and cleaned


    Hello.

    I received a notification today from WD (at the notifications area) stating that "malware detected and is being cleaned". Funny enough I checked WD history and nothing was found there. I clicked on the notification and nothing was shown there either.

    What gives?

    I have been scanning several folders (browsers cache, appdata and so on, as well as a quick test) with WD but my system seems to be pretty clean. Could it be that Steam was opened when I got that notification?
      My System SpecsSystem Spec


  2. Joined : Apr 2015
    Posts : 9,142
    W10Prox64
       27 Jun 2016 #2

    Hi.
    I don't think Steam would cause that.
    I would run ADWCleaner just to be sure there's not something on the system that Defender is having trouble with. Please make sure all programs are closed as it will require a reboot if there is anything to "clean". If it does indeed find something, please post the log here for us to have a look. C:\AdwCleaner\AdwCleaner.txt
      My System SpecsSystem Spec


  3. Joined : Jul 2015
    Posts : 730
    Windows 10 Home x64
       27 Jun 2016 #3

    I already ran AdwCleaner. Nothing found.

    Could it be that the notification system itself is wonky? Sometimes I get the "ding" sound from notification area but nothing is found there. I mean, sometimes Windows10 makes that sound without reason.

    But then again, the message "malware found and being cleaned" was clearly there in this case.
      My System SpecsSystem Spec


  4. Joined : Apr 2015
    Posts : 9,142
    W10Prox64
       27 Jun 2016 #4

    eLPuSHeR said: View Post
    I already ran AdwCleaner. Nothing found.
    Good!
    eLPuSHeR said: View Post
    Could it be that the notification system itself is wonky? Sometimes I get the "ding" sound from notification area but nothing is found there. I mean, sometimes Windows10 makes that sound without reason.
    I've had that happen a couple of times myself. Not sure what it was all about either - no notifications anywhere.
    eLPuSHeR said: View Post
    But then again, the message "malware found and being cleaned" was clearly there in this case.
    That is suspicious indeed. Have a look here and see if there's anything (this is supposed to be where Defender puts the quarantine):
    Code:
    C:\ProgramData\Microsoft\Windows Defender\LocalCopy
      My System SpecsSystem Spec


  5. Joined : Oct 2013
    Penns Forrest
    Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       27 Jun 2016 #5

    See if this sheds any light on the subject.

    PowerShell (run as administrator)
    Get-MpThreatDetection
    Get-MpThreat

    Use PowerShell to See What Windows Defender Detected | Hey, Scripting Guy! Blog

    There were no results when I ran them on my machine.

    And this details WD events

    Troubleshoot Windows Defender in Windows 10 (Windows 10)
      My System SpecsSystem Spec


  6. Joined : Jul 2015
    Posts : 730
    Windows 10 Home x64
       28 Jun 2016 #6

    @Simrick

    The folder C:\ProgramData\Microsoft\Windows Defender\LocalCopy is empty.

    @Slartybart

    OK. I got it. WD mistakenly flagged ZHPCleaner as a trojan.

    It's a false positive. I think it's because most AV software tends to mistakenly flag all AutoIT software as trojan. It must be some heuristics issue.

    Marking thread as solved now.

    I really appreciate your help.

    Best regards.
      My System SpecsSystem Spec


  7. Joined : Apr 2015
    Posts : 9,142
    W10Prox64
       28 Jun 2016 #7

    eLPuSHeR said: View Post
    @Simrick

    The folder C:\ProgramData\Microsoft\Windows Defender\LocalCopy is empty.

    @Slartybart

    OK. I got it. WD mistakenly flagged ZHPCleaner as a trojan.

    It's a false positive. I think it's because most AV software tends to mistakenly flag all AutoIT software as trojan. It must be some heuristics issue.

    Marking thread as solved now.

    I really appreciate your help.

    Best regards.
    Sounds good. Glad you figured it out!
      My System SpecsSystem Spec


  8. Joined : Jul 2015
    Posts : 730
    Windows 10 Home x64
       29 Jun 2016 #8

    To sum it up, I must say that those Powershell commands pointed me in the right direction.
      My System SpecsSystem Spec


 


Similar Threads
Thread Forum
Windows 10 Giving Bogus Anitvirus Turned Off Messages
I'm using WEBROOT Secure Anywhere and have just started receiving messages in the Windows 10 action center stating that my antivirus and windows defender are both turned off. When I check I can clearly see that WEBROOT is turned ON. I went to the...
AntiVirus, Firewalls and System Security
Solved Windows 10 Bogus Printer Error
hello, I have an HP Laserjet P1606DN installed and working. I installed windows 10 on April 2 and when ever I print something I get the following error notification " ERROR PRINTING ON HP LASERJET - PRINTER COULDN'T PRINT (NAME OF REPORT)". ...
Drivers and Hardware
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:59.
Find Us
Twitter Facebook Google+



Windows 10 Forums