Windows Defender Is Becoming the Powerful Antivirus That Windows 10 Needs

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 30, 2016.

  1. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    15,809
    Location:
    UK
    @Floyd 57
    Never ever post live malware links on the forum.
     
  2. Pat MacKnife

    Pat MacKnife Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    551
    Location:
    Belgium
    Even all the big ones can have a bad day, who says other big companys will block this one ? ....
    If you download cracked software there is always a chance to get infected!
     
  3. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    585
    Location:
    Europe
    Well more like, after that I noticed her windows update hasnt been run since 2019... Meaning all the defender defitnitions and **** were outdated as ****. But when I tried to ran it it gave me some error 0x80000005 or smth like that that I couldnt bother to fix at the time. So ye. But also funny how easy it was disabled, no self protection no anything. And completely reliant on virus definitions it seems. Other avs have other stuff but defender? "Nah we guchi with a blacklist" lol
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,855
    Location:
    Slovenia
    If you don't have clean image just format and reinstall...
     
  5. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    585
    Location:
    Europe
    Yeah but she got a lot of stuff and **** like bank certificates I rather not
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,855
    Location:
    Slovenia
  7. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    585
    Location:
    Europe
  8. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    803
    Location:
    Canada
    Floyd, seems like you need an anti-virus that will protect the user from themselves.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,412
    Location:
    The Netherlands
    Sounds pretty bad, but I've just read that the Win Def signatures weren't up to date? But wasn't cloud protection enabled and was this on Win 10? Because Win Def is indeed crap on Win 8.1, I disabled it and it refuses to turn back on again LOL. But that's why it's always a good idea to use a couple of extra tools, perhaps a tool like HMPA or AppCheck would have blocked it.
     
  10. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    585
    Location:
    Europe
    Lmao

    Idk, it should have been activated... Last thing I did before the infection was click Yes on the admin popup of the exe, then seconds later I see no setup opening, I open task manager, I see something like 3E7.exe running and I knew... But too late. U think HMPA or App check would have stopped it AFTER I allowed the exe to run explicitly?
     
  11. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,541
    Location:
    Canada
    :)indeed:)
     
  12. Pat MacKnife

    Pat MacKnife Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    551
    Location:
    Belgium
    We will never know, but an up-to-date OS and MS defender antivirus might have stopped this malware... now you blame MS defender o_O
    Also a good tool is Kasperky virus removal tool , to clean an infected system, but i think its too late.... a clean install with latest windows10.
     
  13. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,235
    Location:
    Milan and Seoul
    I trust MS Defender updated as much as Avira and Kaspersky when I had them, but I would never ever rely on any AV as a first layer of defense, they cannot provide 100% security. Some people, including my 12 years old daughter and my wife, really believe that keeping a computer updated is a hassle and geeky stuff, she refuses to let me restore her computer to fix Windows update...
     
  14. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    2,474
    i suppose that's how wives & 12 year-olds are. :D
     
  15. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,442
    Location:
    Outer space
    Heuristic rules and behaviour detection rules need updates too. In addition to that, if it would be allowed to run initially and was detected and terminated later, it could abuse one of the many unpatched priviledge escalation vulnerabilities in windows to get kernel rights and bypass any protection.
     
  16. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    585
    Location:
    Europe
    Well, other avs certainly wouldnt randomly stop updating themselves out of the blue, u dont want to set up automatic windows updates for someone who is a beginner with computer usage (even tho she uses photoshop quite well, way better than me lol), and then it will randomly stop working out of nowhere cuz of some error idk why, leaving em completely exposed cuz defender cant update, do u? And yeah first I used malwarebytes, detected 56 objects + some rootkit, then KVRT detected 5 things, 3 out of which were manifest.json from chrome and mozilla extensions, hmm... Not sure if completely clean now but not sure what else to do other than to use more scanners I guess?

    And yeah I blame defender cuz, updates were working fine, then they stopped for no reason? I or her didnt touch anything, thats for sure. And an av shouldnt rely on just virus definitions, which apparently defender did, cuz the behavioural stuff or idk what else caught nothing. I mean, what could be suspicious in all your documents being encrypted and renamed ending in .coos extension, right? If this was any other av it would have caught it Im sure. Or, almost any, there is other bad avs out there.

    Aint that how some avs work? Even if they miss the intitial detection with definitions, they can catch it when it starts doin smth bad? Not sure what u mean with the abuse thing. And idk what u mean with heuristic and behaviour rules needing updates, we've had ransomware from a long time, do u need periodic update to detect that encrypting all my documents out of nowhere is bad? Cmon defender u should know this.
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,354
    Location:
    Among the gum trees
    Didn't Tamper Protection get added at a later time?

    Anyway, so someone goes to a dodgy / suspect site, downloads cracked software onto a woefully unpatched machine, accepted a UAC prompt, all without even considering to have an image backup to begin with?!

    Yeah...
    ... right?! :rolleyes: :blink:
     
  18. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,442
    Location:
    Outer space
    You said windows hadn't been updated since 2019, that is a lot of unpatched security vulnerabilities that can be exploited, that is what i meant with abuse.
    And once ransomeware gets detected by behaviour etc of course the ransomeware authors will change the ransomware behaviour, make it encrypt in another way, so they get no longer detected, so that's why you need the updates.
     
    Last edited: Jan 14, 2021
  19. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    969
    Location:
    Baden Germany
    My impression about Flyod 57's story is, that it's all bogus,
    to blame Windows Defender.
    If true, Floyd 57 did everything wrong.
    Instead of maintaining a relatives computer,
    he infected it.

    @Floyd 57 :
    Stop wining, and blame yourself.
     
  20. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    343
    Location:
    Milan, Italia
    Indeed. Touche!
     
  21. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    602
    Location:
    Brooklyn, NY
    I looked up "ransomware with .coos extension"--according to Emsisoft, this is a new-ish variant of STOP ransomware. If nothing Defender-wise like signatures was updated since 2019, well DUH. There's a decrypter Emsi offers, though. :thumb: Look for it on the website if interested.

    Edit: it seems it wasn't possible to decrypt after all. My mistake.
     
    Last edited: Jan 15, 2021
  22. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    585
    Location:
    Europe
    meh that pc needed a reinstall anyway, it was complete mess
    i just speeded up the process a little
     
  23. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,354
    Location:
    Among the gum trees
    First, create a regular backup routine. Macrium Reflect is free.

    Next, ensure Windows Update is kept up to date -- ALWAYS!

    Ensure whatever AV or other security program you choose is also up to date.

    Don't be click happy, downloading cracked software.

    I'll stop there but hopefully you learned a lesson from your experience.
     
  24. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,674
    No antivirus protects against all threats. If you open files from risky sources, you will get infected sooner or later. The most important steps to avoid infection are to keep Windows and vulnerable software updated and to never ever open any file you aren't sure is safe. If you take those simple steps, it usually very hard to get infected, regardless of what antivirus you use.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,412
    Location:
    The Netherlands
    Not all AV's have got advanced local based behavior blocking, that's why tools like HMPA and AppCheck may come in handy sometimes. From what I understood, Win Def relies mostly on cloud protection for behavior blocking. Without the cloud it might miss malware especially if signatures aren't up to date. However, it does have tamper protection, so I don't think it was disabled, but the question is, who disabled Win Update? And that's definitely a weakness of Win Def, it relies on Win Updates to get signatures.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.