New
#11
Actually, you need only one anti-malware, namely, WDO.
The two programs F5ing listed for keeping your system up-to-date are excellent. I've used and use both occasionally to make sure that I've not missed an update.
Actually, you need only one anti-malware, namely, WDO.
The two programs F5ing listed for keeping your system up-to-date are excellent. I've used and use both occasionally to make sure that I've not missed an update.
Bobke,
Run WDO.
When finished, report back and I will walk you thru reading, cutting and pasting.
Bobke,
I did not understand the end of your post. Is that a script I have to execute when I fire up Win 7 after the execution of Windows Defender Offline? Or are those steps (STEP 1, STEP 2 as instructions inside the script) that I need to execute manually?
Yes. That's a script to execute when you fire up Win 7 after execution of Windows Defender Offline.
I'm including herein the instructions.
Actually, since all lines with # are ignored, you can copy that entire script with CTRL + C and then paste using right-click.
You fire up POWERSHELL.
You paste the script into PowerShell by right-clicking at a powershell prompt.
Ctrl + V does NOT WORK. Annoying feature of PowerShell.
Now here's the explanation:
# **********************INSTRUCTIONS**************************
# STEP 1 *****************************************************
# RUN PowerShell as administrator
# WIN key | type POWERSHELL | do NOT hit ENTER |
# in the resulting PROGRAMS list, right-click on WINDOWS POWERSHELL |
# choose "Run as administrator" from the resulting list
# Click on the YES button (if such appears)
#
# WIN key = key with Microsoft log on top
# for the guru:
# WIN key | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
# ************************************************************
# STEP 2 *****************************************************
# COPY, using CTRL+C, every line of script down thru both EXIT statements
# PASTE into Powershell
#----Right-Click at the PowerShell Prompt
#----(Ctrl+V does not work)
# Start copying with first line without a # at start of the line
# Note: Actually, you can paste the entire file if you rather
#-------Lines starting with a # are ignored by PowerShell
# ************************************************************
# ***************** NOTE - POWERSHELL VERSION*****************
# if you receive this error msg:
#--Get-WinEvent: The system can not find the path specified
# you need to update your PowerShell
# you must be using Powershell 2.0 or later.
#
# To determine your Powershell version:
#---Run PowerShell
#---enter $host.version
#---you should see at least:
# Major Minor Build Revision
# ----- ----- ----- --------
# 2......0......-1.....-1
#
# If you do not see the above, update your Vista/Win 7.
# ************************************************************
# *************** NOTE - EXECUTION POLICY*********************
# If you haven't set the execution policy, you may need to:
#---Run PowerShell
#---enter Set-ExecutionPolicy -executionpolicy remotesigned
# ************************************************************
Hi F5ing,
Thanks for your reply. Those are very interesting tools!
But, if you don't mind, I will first follow the advise of Karlsnooks to execute WDO. So it will be a while before I can try PSI or Belarc. But I surely will!
Bobke,
Since I moved the instructions out of the script, then here is the script without the instructions:
Script:
# ************************************************************
# Zips up your log files from Windows Defender Offline
# and extended info about the log files
# Places WDOlogs.ZIP on your Desktop
#
# ************************************************************
function New-Zip {
param([Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true)]
[String] $Path, [Switch] $PassThru, [Switch] $Force )
Process { if (Test-Path $path) {if (-not $Force) { return } }
Set-Content $path ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
$item = Get-Item $path; $item.IsReadOnly = $false;if ($passThru) { $item } } }
function Copy-ToZip {param(
[Parameter(Mandatory=$true,Position=0,ValueFromPipelineByPropertyName=$true)] [Alias('FullName')]
[String]$File, [Parameter(Mandatory=$true,Position=1)] [String]$ZipFile,[Switch]$HideProgress,[Switch]$Force )
Begin {$ShellApplication = New-Object -ComObject Shell.Application
if (-not (Test-Path $ZipFile)) {New-Zip $ZipFile};$Path = Resolve-Path $ZipFile
$ZipPackage =$ShellApplication.Namespace("$Path")}
Process {$RealFile = Get-Item $File; if (-not $RealFile) { return }
if (-not $hideProgress) {$perc +=5; if ($perc -gt 100) { $perc = 0 }
Write-Progress "Copying to $ZipFile" $RealFile.FullName -PercentComplete $perc}
$Flags = 0; if ($force) {$flags = 16 -bor 1024 -bor 64 -bor 512};Write-Verbose $realFile.Fullname
$ZipPackage.CopyHere($realFile.Fullname, $flags);Start-Sleep -Milliseconds 500}}
$fileinfo = join-path $env:TEMP \wdofileinfo.txt
IF (test-path $fileinfo) {del $fileinfo -ea:silentlycontinue -force:$true}
$dir = $env:windir + '\Microsoft Antimalware\Support'
$a = dir $dir -rec -force -ea:silentlycontinue | sort-object -property lastwritetime
$b = $a | where {$_.extension -eq '.log'} |Select mode, fullname, name, creationtime, lastwritetime, lastaccesstime, length, extension
$b | out-file -append $fileinfo
$b | foreach ($_.fullname) {get-content -path $_.fullname} | out-file -append $fileinfo
$ziploc = $env:userprofile + '\desktop\WDOlogs.ZIP'
new-zip $ziploc -verbose:$false -ea:silentlycontinue -force:$true
copy-tozip $fileinfo $ziploc -verbose:$false -hideprogress:$true
del $fileinfo
EXIT
EXIT
# ************************************************************
No offence guys but are you being paid by microsoft to tell everyone to use WDO, I have noticed that every problem concerning viruses etc, that is about the only thing you now recommend. Just curious.
Hi Karlsnooks,
I have run WDO.
When I selected Full Scan, I did not see an option to select drives, so I just started the scan.
I presume it did all of them, since it took several hours.
When that was finished, I exited WDO, pulled out the USB-stick, and let it reboot to Windows 7.
I do see that there is indeed a folder \Windows\Microsoft Antimalware\Support.
I copied your script in Powershell, following the instructions. I used the first version that you posted, I was not aware at that time that you have posted a new version without the instructions, but I presume this does not matter.
The Powershell window closed almost immediately, and then it must have run in the background, no displayed window, I see nothing happening anymore.
Did it run well? What is the result of the script?
I also can confirm that I have Powershell version 2.0, when I checked that (earlier), I got the response:
Major Minor Build Revision
----- ----- ----- --------
2 0 -1 -1
One other thing. When I typed powershell after pressing the Win key, there were 3 different lines in the list:
Windows Powershell
Windows Powershell ISE
Windows Powershell Modules
I used (right-clicked) the first one. Was that the correct choice?
What to do next?
# ************************************************************
# Zips up your log files from Windows Defender Offline
# and extended info about the log files
# Places WDOlogs.ZIP on your Desktop
#
# ************************************************************
# in the resulting PROGRAMS list, right-click on WINDOWS POWERSHELL |