Page 1 of 3 123 LastLast
  1.    08 Aug 2016 #1
    Join Date : Aug 2016
    Posts : 47
    Windows 10/64

    Windows Defender Stuck on Removing Severe Threat


    I scanned my PC's with this Microsoft Safety Scanner - Free Virus Scan with the Microsoft Safety Scanner


    The scan found a lot of malware and removed all but three items - severe -
    and i read that Windows Defender would complete the job/remove the
    malware.

    the three remaining items are:
    VirTool:JS/Obfuscator.HO
    VirTool:JS/Obfuscator.HS
    VirTool:JS/Obfuscator.HN

    my question is - is WD stuck. the message reads "applying your actions
    this might take a few SECONDS.

    Well, I started it at about 7 a.m. this morning and it's been sitting at about
    2/3 the way through the process for almost that entire 13 hours.

    Do i just leave it alone? Restart it? Any suggestions?

    thanks
    Karen
      My ComputerSystem Spec
  2.    08 Aug 2016 #2
    Join Date : Apr 2015
    Posts : 12,588
    W10Prox64

    Quote Originally Posted by kstavert View Post
    I scanned my PC's with this Microsoft Safety Scanner - Free Virus Scan with the Microsoft Safety Scanner


    The scan found a lot of malware and removed all but three items - severe -
    and i read that Windows Defender would complete the job/remove the
    malware.

    the three remaining items are:
    VirTool:JS/Obfuscator.HO
    VirTool:JS/Obfuscator.HS
    VirTool:JS/Obfuscator.HN

    my question is - is WD stuck. the message reads "applying your actions
    this might take a few SECONDS.

    Well, I started it at about 7 a.m. this morning and it's been sitting at about
    2/3 the way through the process for almost that entire 13 hours.

    Do i just leave it alone? Restart it? Any suggestions?

    thanks
    Karen
    Hi Karen and welcome to Tenforums.

    No, it shouldn't take that long - it's having difficulty.
    Please run RKILL. Do NOT reboot.
    Then run MBAR.
    You should now be able to run Windows Defender to get rid of those infections..
    Then run TempFile Cleaner.
    Then run JRT (Junkware Removal Tool).
    Finally, run ADWCleaner.

    That should do it.
      My ComputerSystem Spec
  3.    08 Aug 2016 #3
    Join Date : Oct 2013
    Penns Forrest
    Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3

    I agree with simrick (I usually do )
    Follow the instructions in post# 2

    I only stopped in to mention that you can run Defender Offline

    Settings > Update and Security > Windows Defender > Defender Offiline

    Sometimes windows just needs o be out of the way to clean malware.

    I haven't run it this way yet, but it beats the old method:
    download the ISO, burn a CD, boot from the CD, scan outside of Windows ... before malware can load..
      My ComputerSystem Spec
  4.    09 Aug 2016 #4
    Join Date : Aug 2016
    Posts : 47
    Windows 10/64
    Thread Starter

    Quote Originally Posted by simrick View Post
    Hi Karen and welcome to Tenforums.

    No, it shouldn't take that long - it's having difficulty.
    Please run RKILL. Do NOT reboot.
    Then run MBAR.
    You should now be able to run Windows Defender to get rid of those infections..
    Then run TempFile Cleaner.
    Then run JRT (Junkware Removal Tool).
    Finally, run ADWCleaner.

    That should do it.
    WD was definitely having trouble... it was in the same spot
    this morning.

    Thank you soooooo very much for your help

    I actually started all of this with ADWCleaner because
    the following two registry files would not be removed.

    type
    Key HKCU\software\Microsoft\Windows\CurrentVersion\Ext\Stats\(10921475-03CE-4E04-90CE-E2E7EF20C814)


    HKCU\software\Microsoft\Windows\CurrentVersion\Ext\Settings\(10921475-03CE-4E04-90CE-E2E7EF20C814)

    I ran ADWCleaner 4 or 5 times to try to get it to delete
    these files...

    then, I ran the Microsoft tool and WD...

    Just ran all of the programs you recommended and finished
    with ADWCleaner... and guess what???

    These two registry files are still there!!!!!!!

    Any suggestions?

    I've not manually cleaned anything from the registry before

    Again, thank you very much

    Karen
      My ComputerSystem Spec
  5.    09 Aug 2016 #5
    Join Date : Aug 2016
    Posts : 47
    Windows 10/64
    Thread Starter

    Quote Originally Posted by Slartybart View Post
    I agree with simrick (I usually do )
    Follow the instructions in post# 2

    I only stopped in to mention that you can run Defender Offline

    Settings > Update and Security > Windows Defender > Defender Offiline

    Sometimes windows just needs o be out of the way to clean malware.

    I haven't run it this way yet, but it beats the old method:
    download the ISO, burn a CD, boot from the CD, scan outside of Windows ... before malware can load..
    Thank you...

    now, you say to burn a cd... will jump drive do the
    same thing?

    Karen
      My ComputerSystem Spec
  6.    09 Aug 2016 #6
    Join Date : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 16,168
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition

    I'm seeing some references that say some of the Obfuscator variants plant a rootkit, therefore, d/l & run TDSSKiller.

    TDSSKiller Download

    I see you started with AdwCleaner, the recommended action would be to run RKill first to attempt to terminate the malicious processes. After running this, do not reboot, proceed to scanning with your malware scanners. Please take a moment to read the documentation on the d/l page.

    RKill Download

    As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.
    Being that the malware scanners cannot remove the reg keys, you may have to navigate to those points in the registry & manually delete them.
      My ComputerSystem Spec
  7.    09 Aug 2016 #7
    Join Date : Apr 2015
    Posts : 12,588
    W10Prox64

    Quote Originally Posted by kstavert View Post
    WD was definitely having trouble... it was in the same spot
    this morning.

    Thank you soooooo very much for your help

    I actually started all of this with ADWCleaner because
    the following two registry files would not be removed.

    type
    Key HKCU\software\Microsoft\Windows\CurrentVersion\Ext\Stats\(10921475-03CE-4E04-90CE-E2E7EF20C814)


    HKCU\software\Microsoft\Windows\CurrentVersion\Ext\Settings\(10921475-03CE-4E04-90CE-E2E7EF20C814)


    I ran ADWCleaner 4 or 5 times to try to get it to delete
    these files...

    then, I ran the Microsoft tool and WD...

    Just ran all of the programs you recommended and finished
    with ADWCleaner... and guess what???

    These two registry files are still there!!!!!!!

    Any suggestions?

    I've not manually cleaned anything from the registry before

    Again, thank you very much

    Karen
    So these 2 keys were identified by ADWCleaner as rogue and needing to be removed? Have you tried running ADWCleaner in safe mode to get rid of them?
    Borg is right, you may have to go in and delete them yourself. Just be sure to back up your registry and create a restore point first.
      My ComputerSystem Spec
  8.    09 Aug 2016 #8
    Join Date : Oct 2013
    Penns Forrest
    Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3

    Quote Originally Posted by kstavert View Post
    now, you say to burn a cd... will jump drive do the
    same thing?
    Sure, you can put Windows Defender Offline on a jump drive.

    But the emphasis of my post is that you no longer have to do that ...
    you can launch Defender Offline from Settings > Update and Security > Defender > Defender Offline
    as described here: Defender Offline

    simrick (safe mode Adwcleaner with a question about the reg entires) and Borg (tdssKiller, Rkill, possible manual reg entries removal) have offered other suggestions - it helps troubleshooting if you always follow the order of the suggestions and report the results.

    When you've completed all on-demand scans and other remediation steps, run the following (both commands take a while to complete).

    If there are any integrity issues reported in the results on the screen,

    Launch Command Prompt (Admin)

    Dism /Online /Cleanup-Image /RestoreHealth

    SFC /ScanNow
      My ComputerSystem Spec
  9.    09 Aug 2016 #9
    Join Date : Oct 2013
    Penns Forrest
    Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3

    If you have any IObit software on your machine - please uninstall those
    If you paid for the software make sure you have a key to reinstall (not recommended)
      My ComputerSystem Spec
  10.    09 Aug 2016 #10
    Join Date : Aug 2016
    Posts : 47
    Windows 10/64
    Thread Starter

    Quote Originally Posted by Borg 386 View Post
    I'm seeing some references that say some of the Obfuscator variants plant a rootkit, therefore, d/l & run TDSSKiller.

    TDSSKiller Download

    I see you started with AdwCleaner, the recommended action would be to run RKill first to attempt to terminate the malicious processes. After running this, do not reboot, proceed to scanning with your malware scanners. Please take a moment to read the documentation on the d/l page.

    RKill Download



    Being that the malware scanners cannot remove the reg keys, you may have to navigate to those points in the registry & manually delete them.
    I followed the recommendations that I was given here...

    when I wrote, "I started with ADWClearner" - that was
    BEFORE I came here... the Reg Keys that would not
    delete are why i started looking for answers and how
    I ended up here.

    I ran everything I was advised to run - in the order as
    listed and now one of my PC's is squeaky clean...

    I can't thank you enough... another has the same
    crap on it and I'm going through the same process
    on it.

    You guys are the best. thanks

    Karen
      My ComputerSystem Spec

 
Page 1 of 3 123 LastLast


Similar Threads
Thread Forum
Windows Defender Advanced Threat Protection (ATP) - for consumers?
Just wondering if there is any way that consumers like us can enroll in this service? WDATP - Windows Defender Advanced Threat Protection
AntiVirus, Firewalls and System Security
Windows Defender Advanced Threat Protection Preview Expands
Source: Windows Defender Advanced Threat Protection Preview Expands | Windows For Your Business
Windows 10 News
Announcing Windows Defender Advanced Threat Protection for Enterprise
Source: Announcing Windows Defender Advanced Threat Protection | Windows Experience Blog
Windows 10 News
Windows Defender Update KB2267602 Stuck at 17% Downloaded
I began to use my SP3 this morning and received a notification that I was to address an issue with Windows Defender. I followed the prompts to update the definitions, after a very brief 9 file scan that also "hung" during the process. I am hung...
Windows Updates and Activation
Windows Defender Update Stuck at 57%
I'm on Win10 Build 10130 and have just noticed this problem for the first time. From the Updates window (http://i.imgur.com/R4DooGc.png) this update just sits at 57%. I can't cancel, restart or anything and there are multiple other updates that are...
Windows Updates and Activation
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 09:32.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums