Stuck Defender Issue in Action Center

[bloort]

the thread title explains it all i guess. Windows Defender is long gone, yet there is an action center issues telling me that defender found a potential threat. There is a detial button, and a clean system link, but there is no way no how that i can figure out how to just dismiss the message.

If i disable all reporting in action center, that message still sits there and stares at me.
I've also cleared the problem history.

How on earth to you rip this thing out by the roots?

 

[cottonball]

bloort,

How did you remove Windows Defender?

The reason for asking is that uninstalling WD poses a challenge. Its Registry keys, files and folders are all protected with enhanced permissions and you have to take ownership of them...


Let's see what the following shows...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the following into the main text field:
  
  :service
  windefend
  :regfind
  D8559EB9-20C0-410E-BEDA-7ED416AECC2A

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan.
  :ar: Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Also, please use the following...
Security Check:
Download > http://screen317.spywareinfoforum.org/
Save to your Desktop.
Double-click: SecurityCheck.exe
Follow the onscreen instructions inside the black box.

When done, a Notepad report opens automatically, called: checkup.txt

:ar: Without taking any corrective actions, please post the checkup.txt in your reply

 

[bloort]

I was grasping at straws, and as a last gasp, i gave this a try. raymond explaind it was a work in progress, and it did seem to work pretty good...it only failed on deleting the actual program directory. http://files.raymond.cc/Defender_Uninstaller.exe

i'll have some logfiles for you soon. thanks for taking a look. There was of course still a few registry keys to be found, but not much. and wmi still had a gui entry under security(?) i think.

 

[bloort]

SystemLook 30.07.11 by jpshortstuff
Log created at 23:15 on 27/04/2015 by JM
Administrator - Elevation successful

========== service ==========

windefend - Unable to open Service Handle.

:regfind - Unable to open Service Handle.

D8559EB9-20C0-410E-BEDA-7ED416AECC2A - Unable to open Service Handle.

-= EOF =-

===================================

Results of screen317's Security Check version 1.00
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 8 Update 40
Adobe Flash Player 17.0.0.169
Adobe Reader XI
Google Chrome (42.0.2311.90)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

 

[cottonball]

Good job, bloort!!

The Windows Defender Uninstaller is exactly where we would have headed to. It is the only WD uninstaller that I know of. No idea if there are other programs availanble.

The reports would have shown whether WD was still 'live', since you were getting a threat warning
from WD. There is no WD running, and SystemLook could not find its service, etc.

 

[bloort]

poor action center still has defender stuck in it's throat though! lol it's funny, because even if i configure AC to not report on anything (all unchecked and rebooted) the issue flag is still there. how do you heimlick a computer? lol for this particular issue, the "ignore" link does not exist.

 

[cottonball]

The Action Center is programmed to react to Windows Defender findings, but WD got nuked. So, now you are on your own as far as Security goes, and, under these circumstances would suggest adding Malwarebytes Anti-Malware to the system:
Download > https://www.malwarebytes.org/products/
Select the FREE version!

Did you disable the Action Center alerts as follows:
Go to: Control Panel
On the CP window, change the View by option to either large or small icons
Click on the Action Center icon, and then, from the left pane, click: Change Action Center Settings

On this window, under Security Messages, unselect the folliwing:
Internet Security Settings
Spyware and unwanted software protection
Virus protection

From what I have read, it appears notifications are set in this Registry for each user:
HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks

However, modifying those values is another story. Have no clue which one would deal with WD.

 

[bloort]

i've unchecked all the option in action center with no effect, and i've been to that registry key and deleted the works, all the keys reappear on the next boot. no joy. yup, and MB is no doubt the best choice and have been using that since day 1 on my personal machines and i recommend it also. It annoys me that somewhere in this computer or it's registry, is a little entry that needs to be found and obliterated, but where? lol

I'm thinking that those registry keys referring to the users action center setting choices, and not the alert history (which has been cleared by the way). amazingly, google has not been my friend on this case!

 

[cottonball]

Malwarebytes is not appearing on the Security Check report. That is why it was suggested.

Also, please check your PMs (Private Messages).

 

[bloort]

MB was installed a day or two before i ran your software. tx for the link.