Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Removed 2 malwares, now need help with DEP

17 Jul 2012   #11
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

I have said it before and I will say it again:

WINDOWS DEFENDER OFFLINE IS NOT Windows Defender.

Just click on the link for WDO in my signature or on the link given in the write-up and you will get a thorough explanation.

This link is also informative:
Understanding Microsoft Anti-Malware Software 2012 ~ Security Garden


My System SpecsSystem Spec
.
18 Jul 2012   #12
St8kout

MS Windows 7 Professional 64-bit SP1
 
 

It found a Trojan: JS/Redirector.JA and removed it.
However, I ran the Fixit and once again DEP was disabled on startup.*sigh*

Here's what Microsoft says about it:

Technical Information (Analysis)
Trojan:JS/Redirector.JA is a trojan, written in highly obfuscated JavaScript, that redirects users to websites that promote a male enhancement product.


One thing, when I clicked on Full Scan it did not offer an option to select any drives. I found that only on Custom Scan, which I ran afterwards just to make sure. Shows all clean now.

Thought I was home-free for a moment there. Could DEP just be collateral damage from the Trojan now that it's gone, or could there be something else hiding somewhere?

Oh, and thanks for all the help so far. Didn't have a clue about Defender offline until today.
My System SpecsSystem Spec
18 Jul 2012   #13
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

can you now set DEP and it stay set?
My System SpecsSystem Spec
.

18 Jul 2012   #14
St8kout

MS Windows 7 Professional 64-bit SP1
 
 

Sadly, no. It's still being disabled after each restart. Does that mean there could still be something lurking around?
My System SpecsSystem Spec
18 Jul 2012   #15
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

since you say that you have run WDO, then please:
# **********************INSTRUCTIONS**************************
# STEP 1 ** RUN POWERSHELL AS ADMINISTRATOR ******************
# ************************************************************
#
# WIN key | type POWERSHELL | do NOT hit ENTER |
# in the PROGRAMS list, right-click on WINDOWS POWERSHELL |
# choose "Run as administrator" |
# Click on the YES button (if such appears)
#
# WIN key = key with Microsoft log on top
#
# for the guru:
# WIN | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
# ************************************************************
# STEP 2 ** COPY AND PASTE ***********************************
# ************************************************************
#
# COPY the script using CTRL+C,
# COPY every line of script down thru both EXIT statements
#
# PASTE into Powershell
#----Right-Click at the PowerShell Prompt
#----(Ctrl+V does not work)
#
# Start copying with first script line without a # at start of the line
# Note: Actually, you can paste the entire file if you rather
#-------Lines starting with a # are ignored by PowerShell
# ************************************************************
# STEP 3 ** SCRIPT OUTPUT & SCRIPT PURPOSE *******************
# ************************************************************
# --The script output and purpose is given at the very front of the script
#
# --The script output and purpose is given at the very front of the script
#
# ************************************************************
# ***************** NOTE - POWERSHELL VERSION*****************
# if you receive this error msg:
#--The system can not find the path specified
# you may need to update your PowerShell
# you must be using Powershell 2.0 or later.
#
# To determine your Powershell version:
#---Run PowerShell
#---enter $host.version
#---you should see at least:
# Major Minor Build Revision
# ----- ----- ----- --------
# 2......0......-1.....-1
#
# If you do not see the above, update your Vista/Win 7.
# ************************************************************
# *************** NOTE - EXECUTION POLICY*********************
# If you haven't set the execution policy, you may need to:
#---Run PowerShell
#---enter SET-EXECUTIONPOLICY -EXECUTIONPOLICY REMOTESIGNED
# ************************************************************

Script:
# ************************************************************
# Zips up your log files from Windows Defender Offline
#  and extended info about the log files
# Places WDOlogs.ZIP on your Desktop
#
# ************************************************************

function New-Zip {
    
param([Parameter(Mandatory=$truePosition=0ValueFromPipeline=$true)]
    [
String$Path, [Switch] $PassThru, [Switch] $Force )
    
Process { if (Test-Path $path) {if (-not $Force) { return } }
    
Set-Content $path ("PK" + [char]+ [char]+ ("$([char]0)" 18))
    
$item Get-Item $path$item.IsReadOnly $false;if ($passThru) { $item } } }
function 
Copy-ToZip {param(
  [
Parameter(Mandatory=$true,Position=0,ValueFromPipelineByPropertyName=$true)] [Alias('FullName')] 
  [
String]$File, [Parameter(Mandatory=$true,Position=1)] [String]$ZipFile,[Switch]$HideProgress,[Switch]$Force )
  
Begin {$ShellApplication = New-Object -ComObject Shell.Application
  
if (-not (Test-Path $ZipFile)) {New-Zip $ZipFile};$Path Resolve-Path $ZipFile
  $ZipPackage 
=$ShellApplication.Namespace("$Path")}
  
Process {$RealFile Get-Item $File; if (-not $RealFile) { return }        
  if (-
not $hideProgress) {$perc +=5; if ($perc -gt 100) { $perc 
    
Write-Progress "Copying to $ZipFile$RealFile.FullName -PercentComplete $perc}
  
$Flags 0; if ($force) {$flags 16 -bor 1024 -bor 64 -bor 512};Write-Verbose $realFile.Fullname
   $ZipPackage
.CopyHere($realFile.Fullname$flags);Start-Sleep -Milliseconds 500}}

$fileinfo join-path $env:TEMP \wdofileinfo.txt
IF (test-path $fileinfo) {del $fileinfo -ea:silentlycontinue -force:$true}
$dir $env:windir '\Microsoft Antimalware\Support'
$a dir $dir  -rec -force -ea:silentlycontinue sort-object -property lastwritetime 
$b 
$a where {$_.extension -eq '.log'} |Select  modefullnamenamecreationtimelastwritetime,  lastaccesstimelengthextension
$b 
out-file -append $fileinfo
$b 
| foreach ($_.fullname) {get-content -path $_.fullname} | out-file -append $fileinfo 
$ziploc 
$env:userprofile '\desktop\WDOlogs.ZIP'
new-zip $ziploc -verbose:$false -ea:silentlycontinue -force:$true
copy
-tozip  $fileinfo $ziploc -verbose:$false -hideprogress:$true
del $fileinfo

EXIT
EXIT

# ************************************************************ 
My System SpecsSystem Spec
18 Jul 2012   #16
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Quote   Quote: Originally Posted by karlsnooks View Post
I have said it before and I will say it again:

WINDOWS DEFENDER OFFLINE IS NOT Windows Defender.

Just click on the link for WDO in my signature or on the link given in the write-up and you will get a thorough explanation.

This link is also informative:
Understanding Microsoft Anti-Malware Software 2012 ~ Security Garden
Thanks karl great websit.
My System SpecsSystem Spec
18 Jul 2012   #17
grits

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

S'cuse my intrusion, what is DEP & how would I know if mine is enabled or disabled?
My System SpecsSystem Spec
18 Jul 2012   #18
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

My System SpecsSystem Spec
18 Jul 2012   #19
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

My System SpecsSystem Spec
18 Jul 2012   #20
St8kout

MS Windows 7 Professional 64-bit SP1
 
 

Here ya go Karl.


Attached Files
File Type: zip WDOlogs.ZIP (3.7 KB, 4 views)
My System SpecsSystem Spec
Reply

 Removed 2 malwares, now need help with DEP




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Almost 85 PUP Malwares not Detected by Avast Free Antivirus 2015....
I am using "Avast Antivirus Free 2015".When i ran the Full System Scan,the Antivirus didn't found a single Virus or Malware. I had seen somewhere on youtube that,having "Malwarebytes Anti Malware" works great along with your regular Free/Complete Antivirus Software for complete protection.So,i...
System Security
cmd startup in Win 8 after McAfee removed 1 virus + 7 malwares
Dear Sirs and Madams, I was recently given a brand new Acer Aspire E11 to update and install MS Office and other softwares in it but I decided to update McAfee first and run its full scan because every time I plugged in my usb stick, everything in it just turned into shortcuts...sounds familiar...
System Security
Login name removed after ransom virus removed
Please help! After a ransom virus was removed from our desktop computer (originally a display model at Sam's), my administrator account is no longer visible...Only "Kiosk" and "Other User" . I have checked to see that net user administrator /active yes is successful but still do not see my user...
General Discussion
malwares from a wifi router?
can malwares or viruses come from a wifi router in a public; a coffee shop, a public library, a restaurant, or school?
System Security
I removed U3 from FD, but it has old name still?
Ok I was finally able to remove U3 software & format the sandisk flash drive. I have given it a new name, but yet it still has the old name U3 had given it? Here is a couple of pics It SHOULD now be JohnnyScience Cruzer (as it does under disk management) But instead its still showing as...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:04.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App