Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Removed 2 malwares, now need help with DEP

17 Jul 2012   #11
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

I have said it before and I will say it again:

WINDOWS DEFENDER OFFLINE IS NOT Windows Defender.

Just click on the link for WDO in my signature or on the link given in the write-up and you will get a thorough explanation.

This link is also informative:
Understanding Microsoft Anti-Malware Software 2012 ~ Security Garden


My System SpecsSystem Spec
.
18 Jul 2012   #12
St8kout

MS Windows 7 Professional 64-bit SP1
 
 

It found a Trojan: JS/Redirector.JA and removed it.
However, I ran the Fixit and once again DEP was disabled on startup.*sigh*

Here's what Microsoft says about it:

Technical Information (Analysis)
Trojan:JS/Redirector.JA is a trojan, written in highly obfuscated JavaScript, that redirects users to websites that promote a male enhancement product.


One thing, when I clicked on Full Scan it did not offer an option to select any drives. I found that only on Custom Scan, which I ran afterwards just to make sure. Shows all clean now.

Thought I was home-free for a moment there. Could DEP just be collateral damage from the Trojan now that it's gone, or could there be something else hiding somewhere?

Oh, and thanks for all the help so far. Didn't have a clue about Defender offline until today.
My System SpecsSystem Spec
18 Jul 2012   #13
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

can you now set DEP and it stay set?
My System SpecsSystem Spec
.

18 Jul 2012   #14
St8kout

MS Windows 7 Professional 64-bit SP1
 
 

Sadly, no. It's still being disabled after each restart. Does that mean there could still be something lurking around?
My System SpecsSystem Spec
18 Jul 2012   #15
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

since you say that you have run WDO, then please:
# **********************INSTRUCTIONS**************************
# STEP 1 ** RUN POWERSHELL AS ADMINISTRATOR ******************
# ************************************************************
#
# WIN key | type POWERSHELL | do NOT hit ENTER |
# in the PROGRAMS list, right-click on WINDOWS POWERSHELL |
# choose "Run as administrator" |
# Click on the YES button (if such appears)
#
# WIN key = key with Microsoft log on top
#
# for the guru:
# WIN | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
# ************************************************************
# STEP 2 ** COPY AND PASTE ***********************************
# ************************************************************
#
# COPY the script using CTRL+C,
# COPY every line of script down thru both EXIT statements
#
# PASTE into Powershell
#----Right-Click at the PowerShell Prompt
#----(Ctrl+V does not work)
#
# Start copying with first script line without a # at start of the line
# Note: Actually, you can paste the entire file if you rather
#-------Lines starting with a # are ignored by PowerShell
# ************************************************************
# STEP 3 ** SCRIPT OUTPUT & SCRIPT PURPOSE *******************
# ************************************************************
# --The script output and purpose is given at the very front of the script
#
# --The script output and purpose is given at the very front of the script
#
# ************************************************************
# ***************** NOTE - POWERSHELL VERSION*****************
# if you receive this error msg:
#--The system can not find the path specified
# you may need to update your PowerShell
# you must be using Powershell 2.0 or later.
#
# To determine your Powershell version:
#---Run PowerShell
#---enter $host.version
#---you should see at least:
# Major Minor Build Revision
# ----- ----- ----- --------
# 2......0......-1.....-1
#
# If you do not see the above, update your Vista/Win 7.
# ************************************************************
# *************** NOTE - EXECUTION POLICY*********************
# If you haven't set the execution policy, you may need to:
#---Run PowerShell
#---enter SET-EXECUTIONPOLICY -EXECUTIONPOLICY REMOTESIGNED
# ************************************************************

Script:
# ************************************************************
# Zips up your log files from Windows Defender Offline
#  and extended info about the log files
# Places WDOlogs.ZIP on your Desktop
#
# ************************************************************

function New-Zip {
    
param([Parameter(Mandatory=$truePosition=0ValueFromPipeline=$true)]
    [
String$Path, [Switch] $PassThru, [Switch] $Force )
    
Process { if (Test-Path $path) {if (-not $Force) { return } }
    
Set-Content $path ("PK" + [char]+ [char]+ ("$([char]0)" 18))
    
$item Get-Item $path$item.IsReadOnly $false;if ($passThru) { $item } } }
function 
Copy-ToZip {param(
  [
Parameter(Mandatory=$true,Position=0,ValueFromPipelineByPropertyName=$true)] [Alias('FullName')] 
  [
String]$File, [Parameter(Mandatory=$true,Position=1)] [String]$ZipFile,[Switch]$HideProgress,[Switch]$Force )
  
Begin {$ShellApplication = New-Object -ComObject Shell.Application
  
if (-not (Test-Path $ZipFile)) {New-Zip $ZipFile};$Path Resolve-Path $ZipFile
  $ZipPackage 
=$ShellApplication.Namespace("$Path")}
  
Process {$RealFile Get-Item $File; if (-not $RealFile) { return }        
  if (-
not $hideProgress) {$perc +=5; if ($perc -gt 100) { $perc 
    
Write-Progress "Copying to $ZipFile$RealFile.FullName -PercentComplete $perc}
  
$Flags 0; if ($force) {$flags 16 -bor 1024 -bor 64 -bor 512};Write-Verbose $realFile.Fullname
   $ZipPackage
.CopyHere($realFile.Fullname$flags);Start-Sleep -Milliseconds 500}}

$fileinfo join-path $env:TEMP \wdofileinfo.txt
IF (test-path $fileinfo) {del $fileinfo -ea:silentlycontinue -force:$true}
$dir $env:windir '\Microsoft Antimalware\Support'
$a dir $dir  -rec -force -ea:silentlycontinue sort-object -property lastwritetime 
$b 
$a where {$_.extension -eq '.log'} |Select  modefullnamenamecreationtimelastwritetime,  lastaccesstimelengthextension
$b 
out-file -append $fileinfo
$b 
| foreach ($_.fullname) {get-content -path $_.fullname} | out-file -append $fileinfo 
$ziploc 
$env:userprofile '\desktop\WDOlogs.ZIP'
new-zip $ziploc -verbose:$false -ea:silentlycontinue -force:$true
copy
-tozip  $fileinfo $ziploc -verbose:$false -hideprogress:$true
del $fileinfo

EXIT
EXIT

# ************************************************************ 
My System SpecsSystem Spec
18 Jul 2012   #16
Layback Bear

Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
 
 

Quote   Quote: Originally Posted by karlsnooks View Post
I have said it before and I will say it again:

WINDOWS DEFENDER OFFLINE IS NOT Windows Defender.

Just click on the link for WDO in my signature or on the link given in the write-up and you will get a thorough explanation.

This link is also informative:
Understanding Microsoft Anti-Malware Software 2012 ~ Security Garden
Thanks karl great websit.
My System SpecsSystem Spec
18 Jul 2012   #17
grits

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

S'cuse my intrusion, what is DEP & how would I know if mine is enabled or disabled?
My System SpecsSystem Spec
18 Jul 2012   #18
Layback Bear

Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
 
 

My System SpecsSystem Spec
18 Jul 2012   #19
Layback Bear

Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
 
 

My System SpecsSystem Spec
18 Jul 2012   #20
St8kout

MS Windows 7 Professional 64-bit SP1
 
 

Here ya go Karl.


Attached Files
File Type: zip WDOlogs.ZIP (3.7 KB, 4 views)
My System SpecsSystem Spec
Reply

 Removed 2 malwares, now need help with DEP




Thread Tools




Similar help and support threads
Thread Forum
look up removing malwares
In a while ago, firewall caught and removed 2 malwares. can i look this actions in a log? I can't find them in event viewer.
Performance & Maintenance
Is my PC really weak against virus, malwares, hackers, and etc?
I just used Belarc to analyze my pc and this is the results. http://content.screencast.com/users/urabus/folders/Default/media/ce3b9488-cec8-46a4-b0bc-c7911e6e6222/2016-01-02_2129.png I have Avast Premium and Free Malwarebytes on my PC.
System Security
Low Performance HDD with no bad sectors or malwares.
Hello Sevenforums.com, It's my first time I'm posting here, any problem I ever find, I'll solve it by myself or by a simple search on google but not in this case, If you can't help me, then nobody can. I have Windows 7 x64 Ultimate edition, last install was on 2012, since then no more...
Hardware & Devices
cmd startup in Win 8 after McAfee removed 1 virus + 7 malwares
Dear Sirs and Madams, I was recently given a brand new Acer Aspire E11 to update and install MS Office and other softwares in it but I decided to update McAfee first and run its full scan because every time I plugged in my usb stick, everything in it just turned into shortcuts...sounds familiar...
System Security
malwares from a wifi router?
can malwares or viruses come from a wifi router in a public; a coffee shop, a public library, a restaurant, or school?
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:17.
Twitter Facebook Google+