Windows Defender Stuck on Removing Severe Threat

Page 1 of 3 123 LastLast

  1. Posts : 54
    Windows 10/64
       #1

    Windows Defender Stuck on Removing Severe Threat


    I scanned my PC's with this Microsoft Safety Scanner - Free Virus Scan with the Microsoft Safety Scanner


    The scan found a lot of malware and removed all but three items - severe -
    and i read that Windows Defender would complete the job/remove the
    malware.

    the three remaining items are:
    VirTool:JS/Obfuscator.HO
    VirTool:JS/Obfuscator.HS
    VirTool:JS/Obfuscator.HN

    my question is - is WD stuck. the message reads "applying your actions
    this might take a few SECONDS.

    Well, I started it at about 7 a.m. this morning and it's been sitting at about
    2/3 the way through the process for almost that entire 13 hours.

    Do i just leave it alone? Restart it? Any suggestions?

    thanks
    Karen
      My Computer

  2. simrick's Avatar
    Posts : 16,150
    W10Prox64
       #2

    kstavert said:
    I scanned my PC's with this Microsoft Safety Scanner - Free Virus Scan with the Microsoft Safety Scanner


    The scan found a lot of malware and removed all but three items - severe -
    and i read that Windows Defender would complete the job/remove the
    malware.

    the three remaining items are:
    VirTool:JS/Obfuscator.HO
    VirTool:JS/Obfuscator.HS
    VirTool:JS/Obfuscator.HN

    my question is - is WD stuck. the message reads "applying your actions
    this might take a few SECONDS.

    Well, I started it at about 7 a.m. this morning and it's been sitting at about
    2/3 the way through the process for almost that entire 13 hours.

    Do i just leave it alone? Restart it? Any suggestions?

    thanks
    Karen
    Hi Karen and welcome to Tenforums.

    No, it shouldn't take that long - it's having difficulty.
    Please run RKILL. Do NOT reboot.
    Then run MBAR.
    You should now be able to run Windows Defender to get rid of those infections..
    Then run TempFile Cleaner.
    Then run JRT (Junkware Removal Tool).
    Finally, run ADWCleaner.

    That should do it. :)
      My Computer

  3. Slartybart's Avatar
    Posts : 3,502
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       #3

    I agree with simrick (I usually do )
    Follow the instructions in post# 2

    I only stopped in to mention that you can run Defender Offline

    Settings > Update and Security > Windows Defender > Defender Offiline

    Sometimes windows just needs o be out of the way to clean malware.

    I haven't run it this way yet, but it beats the old method:
    download the ISO, burn a CD, boot from the CD, scan outside of Windows ... before malware can load..
      My Computer


  4. Posts : 54
    Windows 10/64
    Thread Starter
       #4

    simrick said:
    Hi Karen and welcome to Tenforums.

    No, it shouldn't take that long - it's having difficulty.
    Please run RKILL. Do NOT reboot.
    Then run MBAR.
    You should now be able to run Windows Defender to get rid of those infections..
    Then run TempFile Cleaner.
    Then run JRT (Junkware Removal Tool).
    Finally, run ADWCleaner.

    That should do it. :)
    WD was definitely having trouble... it was in the same spot
    this morning.

    Thank you soooooo very much for your help

    I actually started all of this with ADWCleaner because
    the following two registry files would not be removed.

    type
    Key HKCU\software\Microsoft\Windows\CurrentVersion\Ext\Stats\(10921475-03CE-4E04-90CE-E2E7EF20C814)


    HKCU\software\Microsoft\Windows\CurrentVersion\Ext\Settings\(10921475-03CE-4E04-90CE-E2E7EF20C814)

    I ran ADWCleaner 4 or 5 times to try to get it to delete
    these files...

    then, I ran the Microsoft tool and WD...

    Just ran all of the programs you recommended and finished
    with ADWCleaner... and guess what???

    These two registry files are still there!!!!!!!

    Any suggestions?

    I've not manually cleaned anything from the registry before

    Again, thank you very much

    Karen
      My Computer


  5. Posts : 54
    Windows 10/64
    Thread Starter
       #5

    Slartybart said:
    I agree with simrick (I usually do )
    Follow the instructions in post# 2

    I only stopped in to mention that you can run Defender Offline

    Settings > Update and Security > Windows Defender > Defender Offiline

    Sometimes windows just needs o be out of the way to clean malware.

    I haven't run it this way yet, but it beats the old method:
    download the ISO, burn a CD, boot from the CD, scan outside of Windows ... before malware can load..
    Thank you...

    now, you say to burn a cd... will jump drive do the
    same thing?

    Karen
      My Computer

  6. Borg 386's Avatar
    Posts : 29,469
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       #6

    I'm seeing some references that say some of the Obfuscator variants plant a rootkit, therefore, d/l & run TDSSKiller.

    TDSSKiller Download

    I see you started with AdwCleaner, the recommended action would be to run RKill first to attempt to terminate the malicious processes. After running this, do not reboot, proceed to scanning with your malware scanners. Please take a moment to read the documentation on the d/l page.

    RKill Download

    As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.
    Being that the malware scanners cannot remove the reg keys, you may have to navigate to those points in the registry & manually delete them.
      My Computer

  7. simrick's Avatar
    Posts : 16,150
    W10Prox64
       #7

    kstavert said:
    WD was definitely having trouble... it was in the same spot
    this morning.

    Thank you soooooo very much for your help

    I actually started all of this with ADWCleaner because
    the following two registry files would not be removed.

    type
    Key HKCU\software\Microsoft\Windows\CurrentVersion\Ext\Stats\(10921475-03CE-4E04-90CE-E2E7EF20C814)


    HKCU\software\Microsoft\Windows\CurrentVersion\Ext\Settings\(10921475-03CE-4E04-90CE-E2E7EF20C814)


    I ran ADWCleaner 4 or 5 times to try to get it to delete
    these files...

    then, I ran the Microsoft tool and WD...

    Just ran all of the programs you recommended and finished
    with ADWCleaner... and guess what???

    These two registry files are still there!!!!!!!

    Any suggestions?

    I've not manually cleaned anything from the registry before

    Again, thank you very much

    Karen
    So these 2 keys were identified by ADWCleaner as rogue and needing to be removed? Have you tried running ADWCleaner in safe mode to get rid of them?
    Borg is right, you may have to go in and delete them yourself. Just be sure to back up your registry and create a restore point first.
      My Computer

  8. Slartybart's Avatar
    Posts : 3,502
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       #8

    kstavert said:
    now, you say to burn a cd... will jump drive do the
    same thing?
    Sure, you can put Windows Defender Offline on a jump drive.

    But the emphasis of my post is that you no longer have to do that ...
    you can launch Defender Offline from Settings > Update and Security > Defender > Defender Offline
    as described here: Defender Offline

    simrick (safe mode Adwcleaner with a question about the reg entires) and Borg (tdssKiller, Rkill, possible manual reg entries removal) have offered other suggestions - it helps troubleshooting if you always follow the order of the suggestions and report the results.

    When you've completed all on-demand scans and other remediation steps, run the following (both commands take a while to complete).

    If there are any integrity issues reported in the results on the screen,

    Launch Command Prompt (Admin)

    Dism /Online /Cleanup-Image /RestoreHealth

    SFC /ScanNow
      My Computer

  9. Slartybart's Avatar
    Posts : 3,502
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       #9

    If you have any IObit software on your machine - please uninstall those
    If you paid for the software make sure you have a key to reinstall (not recommended)
      My Computer


  10. Posts : 54
    Windows 10/64
    Thread Starter
       #10

    Borg 386 said:
    I'm seeing some references that say some of the Obfuscator variants plant a rootkit, therefore, d/l & run TDSSKiller.

    TDSSKiller Download

    I see you started with AdwCleaner, the recommended action would be to run RKill first to attempt to terminate the malicious processes. After running this, do not reboot, proceed to scanning with your malware scanners. Please take a moment to read the documentation on the d/l page.

    RKill Download



    Being that the malware scanners cannot remove the reg keys, you may have to navigate to those points in the registry & manually delete them.
    I followed the recommendations that I was given here...

    when I wrote, "I started with ADWClearner" - that was
    BEFORE I came here... the Reg Keys that would not
    delete are why i started looking for answers and how
    I ended up here.

    I ran everything I was advised to run - in the order as
    listed and now one of my PC's is squeaky clean...

    I can't thank you enough... another has the same
    crap on it and I'm going through the same process
    on it.

    You guys are the best. thanks

    Karen
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 06:31.
Find Us




Windows 10 Forums