# What is WinDefend?



## 1nf3rn0x (May 23, 2012)

I'm pretty sure I haven't seem this before   If it's normal what's its role?


----------



## brandonwh64 (May 23, 2012)

Looks to be malware.

http://www.sevenforums.com/system-security/129174-windefender-exe-windows-defender.html

Adaware will remove it


----------



## 1nf3rn0x (May 23, 2012)

brandonwh64 said:


> Looks to be malware.
> 
> http://www.sevenforums.com/system-security/129174-windefender-exe-windows-defender.html
> 
> Adaware will remove it



Hmm, where could I have picked it up from? I know I haven't viewed any pr0n or downloaded any torrents


----------



## Solaris17 (May 23, 2012)

Malware iv had to remove this from customer pcs


----------



## 1nf3rn0x (May 23, 2012)

I might post a screenie of everything running to see if there's any other crazy stuff on it. And what does this malware specifically do?

But I'm totally in shock, I haven't download a single torrent, nor looked at a single pr0n and haven't been on any websites that I know aren't safe. D:


----------



## Solaris17 (May 23, 2012)

1nf3rn0x said:


> http://img.techpowerup.org/120523/windefender136.jpg
> 
> I might post a screenie of everything running to see if there's any other crazy stuff on it. And what does this malware specifically do?
> 
> But I'm totally in shock, I haven't download a single torrent, nor looked at a single pr0n and haven't been on any websites that I know aren't safe. D:



its a downloader IIRC and dont be in such shock. Viruses appear in the wild. tighten the settings on your AV and scan more often.


----------



## 1nf3rn0x (May 23, 2012)

Solaris17 said:


> its a downloader IIRC and dont be in such shock. Viruses appear in the wild. tighten the settings on your AV and scan more often.



I'm using Avast free and scan fortnightly, what else can I do 

Any of this out of line? If I have one I probably have more D:


----------



## Solaris17 (May 23, 2012)

1nf3rn0x said:


> I'm using Avast free and scan fortnightly, what else can I do



i mean i guess you could laugh but you did ask. 

well for starters you can go into the avast CP and go to each individual shield control and tighten the security settings on it.

i modify 

"Actions"
"packers"
"Sensitivity"

I suppose while we are being smart asses ill leave it at that. I mean if you cant figure it out thats part of the problem right?


----------



## 1nf3rn0x (May 23, 2012)

Solaris17 said:


> i mean i guess you could laugh but you did ask.
> 
> well for starters you can go into the avast CP and go to each individual shield control and tighten the security settings on it.
> 
> ...



Can you check to see if the processes I have currently running are also not malware XD. I'm running a scan with Ad-aware so i'll be doing my maths homework while I wait


----------



## Solaris17 (May 23, 2012)

all of the service check out. 

make sure you have things like the windows firewall etc set to auto etc and havent made a bunch of custom rules. 

go to gibson research

https://www.google.com/webhp?source....,cf.osb&fp=2eea1a31cbf97609&biw=1366&bih=653

mouse over the services tab click on shields up, press proceed and click on all service ports.

ideally thay should be all green


----------



## 1nf3rn0x (May 23, 2012)

Solaris17 said:


> all of the service check out.
> 
> make sure you have things like the windows firewall etc set to auto etc and havent made a bunch of custom rules.
> 
> ...



Thanks! 

Apparently windefend is not bad afterall?  Open Windows Defender by clicking the Start button . In the search box, type Defender, and then, in the list of results, click Windows Defender. (from Micro$oft)

I have noticed that the program has now stopped as I am running ad-aware for a scan to remove it, when I try run the program (windows defender from start), windows says it has been stopped. I'm not sure but I;d rather be safe


----------



## Solaris17 (May 23, 2012)

um no

windows defender is

MSASCui.exe


windefend is supposed to look like windows defender but it is not.


----------



## 1nf3rn0x (May 23, 2012)

Solaris17 said:


> um no
> 
> windows defender is
> 
> ...



Oh. Thanks for clearing that up  .
With me being 15 I haven't delved into this side of windows


----------



## Solaris17 (May 23, 2012)




----------



## 1nf3rn0x (May 23, 2012)

Ad-aware just said it had removed it. Rebooted pc. Now what?







Can I find the exe?

Item Name: Windows Defender
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDEFENDER.EXE
Type: Explorer Run

Item Name: {FF92BFB4-4DDA-FFC7-C394-6D8A0C9D5DEB}
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDEFENDER.EXE
Type: ActiveSetup

Item Name: WinDefender.exe
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDEFENDER.EXE
Type: Running Processes


----------



## Solaris17 (May 23, 2012)

enable hidden files and folders if you havent already check for windefend.exe in these places.

C:\Documents and Settings\User\Application Data\WinDefend.exe

C:\Windows\System\WinDefend.exe

but first kill the process.

then press windows key+R and type

"msconfig"

go to the startup tab and show me everything in it.


----------



## temp02 (May 23, 2012)

Solaris17 said:


> um no
> 
> windows defender is
> 
> ...



Sorry but we are talking about services, and believe it or not, the legit Windows Defender service (Microsoft anti malware that is shipped with Windows Vista, and later, on install) is called WinDefend. And if you don't believe me, try running it yourself: 
	
	



```
sc start WinDefend
```
If you don't want it running (or you have another anti-virus solution running), launch a command prompt in admin mode and do this:

```
sc config WinDefend start="disabled"
sc stop WinDefend
```
Good luck.


----------



## 1nf3rn0x (May 23, 2012)

temp02 said:


> Sorry but we are talking about services, and believe it or not, the legit Windows Defender service (Microsoft anti malware that is shipped with Windows Vista, and later, on install) is called WinDefend. And if you don't believe me, try running it yourself:
> 
> 
> 
> ...



That worked, thanks. I'll reboot and see if it stays. Should I be running it or not?


----------



## temp02 (May 23, 2012)

If you have another Anti-Virus suite installed (like Nod32) you can probably disable Windows Defender and still be protected against malware intrusions (truth be told, Defender without Security Essentials isn't gonna protect you against much anyway ).


----------



## 1nf3rn0x (May 23, 2012)

temp02 said:


> If you have another Anti-Virus suite installed (like Nod32) you can probably disable Windows Defender and still be protected against malware intrusions (truth be told, Defender without Security Essentials isn't gonna protect you against much anyway ).



If I go into my brothers computer I see no such thing in his processes so why is that? Even when I ran the denfender from start menu nothing appeared.


----------



## Solaris17 (May 23, 2012)

1nf3rn0x said:


> If I go into my brothers computer I see no such thing in his processes so why is that? Even when I ran the denfender from start menu nothing appeared.



I think he was trying to correct me. I dont think his post was aimed at you. besides im staring at your infection



1nf3rn0x said:


> Item Name: Windows Defender
> Author: Unknown
> Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WINDEFENDER.EXE
> Type: Explorer Run
> ...


----------



## temp02 (May 23, 2012)

Windows Defender can't be started from the "Run" thingy like any other program, it's a service, if you want to start it on your brothers computer you need to run 
	
	



```
sc start WinDefend
```
 on an admin command prompt.


----------



## 1nf3rn0x (May 23, 2012)

Solaris17 said:


> I think he was trying to correct me. I dont think his post was aimed at you. besides im staring at your infection




So it's a virus?

The data posted is not mine, from a website about WinDefend.

Solaris do you have skype or teamviewer? I think more can be done there!


----------



## Solaris17 (May 23, 2012)

1nf3rn0x said:


> So it's a virus?
> 
> The data posted is not mine, from a website about WinDefend.



well you said adaware found it. and i gave you the paths. i suppose you could always go look.


----------



## qubit (May 23, 2012)

@1nf3rn0x

As you have malware on your system, the only _guaranteed_ way of removing it, plus ensuring that Windows works reliably and properly, is to format your system disc and reinstall from scratch - or just put an image over it instead if you have one, which accomplishes the same thing. Make sure to back up any data first...

And how did it get on your system? The reason is in what you said: manual virus scan every two weeks with a free a/v. You might as well not bother. It's critical to have realtime scans done from a reputable a/v company. Personally, I've used the excellent Kaspersky Internet Security for years and its stopped a few nasties in its time.


----------



## Solaris17 (May 23, 2012)

qubit said:


> @1nf3rn0x
> 
> As you have malware on your system, the only _guaranteed_ way of removing it, plus ensuring that Windows works reliably and properly, is to format your system disc and reinstall from scratch - or just put an image over it instead if you have one, which accomplishes the same thing. Make sure to back up any data first...
> 
> And how did it get on your system? The reason is in what you said: manual virus scan every two weeks with a free a/v. You might as well not bother. It's critical to have realtime scans done from a reputable a/v company. Personally, I've used the excellent Kaspersky Internet Security for years and its stopped a few nasties in its time.



but avast is reputable?


----------



## 1nf3rn0x (May 23, 2012)

Solaris17 said:


> well you said adaware found it. and i gave you the paths. i suppose you could always go look.



Adaware said it found some trojans but didn't give me a path, but during the scan windefend was not running. Yet now it runs. Got skype or something like that?


----------



## Red_Machine (May 23, 2012)

Microsoft Security Essentials has real-time defence, as does AVG Free and any other decent free offering I've tried over the years.


----------



## 1nf3rn0x (May 23, 2012)

Solaris17 said:


> enable hidden files and folders if you havent already check for windefend.exe in these places.
> 
> C:\Documents and Settings\User\Application Data\WinDefend.exe
> 
> ...



Under the startup processes it is not there. I'm confused if it is actually just a general windows process or a virus


----------



## Frick (May 23, 2012)

qubit said:


> And how did it get on your system? The reason is in what you said: manual virus scan every two weeks with a free a/v. You might as well not bother. It's critical to have realtime scans done from a reputable a/v company. Personally, I've used the excellent Kaspersky Internet Security for years and its stopped a few nasties in its time.



There are good free AV software. Some free ones have better protection than paid ones (AVG vs McAffe for instance). IS packs are a different story, but for just AV the free ones are more than enough.


----------



## 1nf3rn0x (May 23, 2012)

Fixed. /end


----------



## Frick (May 23, 2012)

1nf3rn0x said:


> Fixed. /end http://images.community.wizards.com...95aadfe16db4581fd07c0fb8dd3e9919.jpg?v=135040



No, now there will be three pages of paid AV vs free. Flaming and trolling will run rampant, infractions will be handed out. Then closing.


----------



## brandonwh64 (May 23, 2012)

Did you no try my sugestion and that of the link is sent you. The OP on that thread removed it using adaware. :shadedshu

*EDIT*

Just seen like 6 new posts since I was checking the thread. glad you got rid of it


----------



## qubit (May 23, 2012)

Solaris17 said:


> but avast is reputable?





Frick said:


> There are good free AV software. Some free ones have better protection than paid ones (AVG vs McAffe for instance). IS packs are a different story, but for just AV the free ones are more than enough.



Yes, Avast is reputable and I don't mean to suggest that it isn't. However, running a manual scan every two weeks is pointless regardless of what you have. You need the realtime protection of any a/v software to have any real protection and even then it's flakey - yes, even with my beloved Kaspersky. The biggest part of the security strategy is using a hardware firewall (found in most routers) and using your computer sensibly, avoiding exposure to any unecessary threats wherever possible.



Frick said:


> No, now there will be three pages of paid AV vs free. Flaming and trolling will run rampant, infractions will be handed out. Then closing.



You're just _so_ bad! 

I mean I found it hilariously funny, not the other kinda bad.


----------

