I am running Vista SP1. I can launch defender; however, the scan will hangup
on a file and never complete. The Scan can be a complete scan or a quicj
scan, any ideas.

Hello JLEHM,


Can you let us know what the trojan is and where its being detected ?

It will be alot easier to help you remove it once we know what it is and
where its saved into.

-=-


Ǝиçεl
-=-



"JLEHM" wrote:

> I am running Vista SP1. I can launch defender; however, the scan will hangup
> on a file and never complete. The Scan can be a complete scan or a quicj
> scan, any ideas.

Defender is not referencing a trojan it just sits there and says it is
scanning.

"Engel" wrote:

> Hello JLEHM,
>
>
> Can you let us know what the trojan is and where its being detected ?
>
> It will be alot easier to help you remove it once we know what it is and
> where its saved into.
>
> -=-
>
>
> Ǝиçεl
> -=-
>
>
>
> "JLEHM" wrote:
>
> > I am running Vista SP1. I can launch defender; however, the scan will hangup
> > on a file and never complete. The Scan can be a complete scan or a quicj
> > scan, any ideas.

Hi JLEHM,


You can go to the System Event log:

Start, Run, eventvwr.msc <enter>

Click on the System event log

Go to View, choose Filter, and choose "windefend" in the source control.

Look for yellow triangle entries that give the precise path and location of
what was detected, and use the button provided to paste the content of the
detection back to a message here.
-=-



Run in safe mode Windows Malicious Software Removal Tool – (KB890830) MRT

Delete Cookies and Temp Files and included all offline cºntent
Empty your IE cache
To run in safe mode.
http://www.computerhope.com/issues/chsafe.htm


Try running the "chkdsk /r" command at the command prompt
< http://support.microsoft.com/kb/315265>

Reboot


Run a Full scan with MRT

The programme can be found at C:\Windows\System32\MRT.exe ; MRT standing for
MicroSoft Removal Tool.

I find it easier to create a "short-cut icon" and locate the icon on my
"desktop"...... a double click and away she goes.
The icon is apt in design being the image of a Window with accompanying
sponge and soap suds.
If you don't believe me test by executing/running MRT upper or lower case
letters makes no difference,
Also you can double click C:\Windows\System32\MRT.exe and select the scan.

After finish the scan Reboot


Let us know if you still have the problem.


Good luck



Ǝиçεl
-=-






"JLEHM" wrote:

> Defender is not referencing a trojan it just sits there and says it is
> scanning.
>
> "Engel" wrote:
>
> > Hello JLEHM,
> >
> >
> > Can you let us know what the trojan is and where its being detected ?
> >
> > It will be alot easier to help you remove it once we know what it is and
> > where its saved into.
> >
> > -=-
> >
> >
> > Ǝиçεl
> > -=-
> >
> >
> >
> > "JLEHM" wrote:
> >
> > > I am running Vista SP1. I can launch defender; however, the scan will hangup
> > > on a file and never complete. The Scan can be a complete scan or a quicj
> > > scan, any ideas.

Below is content of the message

Log Name: System
Source: Microsoft-Windows-Windows Defender
Date: 11/7/2008 6:39:02 PM
Event ID: 3004
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: Compaq-Notebook
Description:
Windows Defender Real-Time Protection agent has detected changes. Microsoft
recommends you analyze the software that made these changes for potential
risks. You can use information about how these programs operate to choose
whether to allow them to run or remove them from your computer. Allow
changes only if you trust the program or the software publisher. Windows
Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {38CE2B7F-3841-47C8-BFD4-B8B475F88AB6}
User: Compaq-Notebook\John
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: driver:mchInjDrv
Alert Type: Unclassified software
Detection Type:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Windows Defender"
Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" EventSourceName="WinDefend" />
<EventID Qualifiers="0">3004</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-11-08T00:39:02.000Z" />
<EventRecordID>45653</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Compaq-Notebook</Computer>
<Security />
</System>
<EventData>
<Data Name="Product Name">%%827</Data>
<Data Name="Product Version">1.1.1600.0</Data>
<Data Name="Scan ID">{38CE2B7F-3841-47C8-BFD4-B8B475F88AB6}</Data>
<Data Name="Unused">
</Data>
<Data Name="Unused">
</Data>
<Data Name="Unused">
</Data>
<Data Name="Unused">
</Data>
<Data Name="Domain">Compaq-Notebook</Data>
<Data Name="User">John</Data>
<Data Name="SID">S-1-5-21-2883898654-1166958187-1743476954-1000</Data>
<Data Name="Threat Name">Unknown</Data>
<Data Name="Threat Id">
</Data>
<Data Name="Threat Severity">
</Data>
<Data Name="Threat Category">
</Data>
<Data Name="FWLink">%%832</Data>
<Data Name="Path Found">driver:mchInjDrv</Data>
<Data Name="Threat Classification Index">0</Data>
<Data Name="Threat Classification">%%807</Data>
<Data Name="Unused">
</Data>
<Data Name="Unused">
</Data>
<Data Name="Detection Type Index">
</Data>
<Data Name="Detection Type">
</Data>
</EventData>
</Event>

"Engel" wrote:

> Hi JLEHM,
>
>
> You can go to the System Event log:
>
> Start, Run, eventvwr.msc <enter>
>
> Click on the System event log
>
> Go to View, choose Filter, and choose "windefend" in the source control.
>
> Look for yellow triangle entries that give the precise path and location of
> what was detected, and use the button provided to paste the content of the
> detection back to a message here.
> -=-
>
>
>
> Run in safe mode Windows Malicious Software Removal Tool – (KB890830) MRT
>
> Delete Cookies and Temp Files and included all offline cºntent
> Empty your IE cache
> To run in safe mode.
> http://www.computerhope.com/issues/chsafe.htm
>
>
> Try running the "chkdsk /r" command at the command prompt
> < http://support.microsoft.com/kb/315265>
>
> Reboot
>
>
> Run a Full scan with MRT
>
> The programme can be found at C:\Windows\System32\MRT.exe ; MRT standing for
> MicroSoft Removal Tool.
>
> I find it easier to create a "short-cut icon" and locate the icon on my
> "desktop"...... a double click and away she goes.
> The icon is apt in design being the image of a Window with accompanying
> sponge and soap suds.
> If you don't believe me test by executing/running MRT upper or lower case
> letters makes no difference,
> Also you can double click C:\Windows\System32\MRT.exe and select the scan.
>
> After finish the scan Reboot
>
>
> Let us know if you still have the problem.
>
>
> Good luck
>
>
>
> Ǝиçεl
> -=-
>
>
>
>
>
>
> "JLEHM" wrote:
>
> > Defender is not referencing a trojan it just sits there and says it is
> > scanning.
> >
> > "Engel" wrote:
> >
> > > Hello JLEHM,
> > >
> > >
> > > Can you let us know what the trojan is and where its being detected ?
> > >
> > > It will be alot easier to help you remove it once we know what it is and
> > > where its saved into.
> > >
> > > -=-
> > >
> > >
> > > Ǝиçεl
> > > -=-
> > >
> > >
> > >
> > > "JLEHM" wrote:
> > >
> > > > I am running Vista SP1. I can launch defender; however, the scan will hangup
> > > > on a file and never complete. The Scan can be a complete scan or a quicj
> > > > scan, any ideas.

What happens when you try the things I advised? What are your answers to the
questions I asked?

"JLEHM" wrote:

> Below is content of the message
>
> Log Name: System
> Source: Microsoft-Windows-Windows Defender
> Date: 11/7/2008 6:39:02 PM
> Event ID: 3004
> Task Category: None
> Level: Warning
> Keywords: Classic
> User: N/A
> Computer: Compaq-Notebook
> Description:
> Windows Defender Real-Time Protection agent has detected changes. Microsoft
> recommends you analyze the software that made these changes for potential
> risks. You can use information about how these programs operate to choose
> whether to allow them to run or remove them from your computer. Allow
> changes only if you trust the program or the software publisher. Windows
> Defender can't undo changes that you allow.
> For more information please see the following:
> Not Applicable
> Scan ID: {38CE2B7F-3841-47C8-BFD4-B8B475F88AB6}
> User: Compaq-Notebook\John
> Name: Unknown
> ID:
> Severity ID:
> Category ID:
> Path Found: driver:mchInjDrv
> Alert Type: Unclassified software
> Detection Type:
> Event Xml:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> <System>
> <Provider Name="Microsoft-Windows-Windows Defender"
> Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" EventSourceName="WinDefend" />
> <EventID Qualifiers="0">3004</EventID>
> <Version>0</Version>
> <Level>3</Level>
> <Task>0</Task>
> <Opcode>0</Opcode>
> <Keywords>0x80000000000000</Keywords>
> <TimeCreated SystemTime="2008-11-08T00:39:02.000Z" />
> <EventRecordID>45653</EventRecordID>
> <Correlation />
> <Execution ProcessID="0" ThreadID="0" />
> <Channel>System</Channel>
> <Computer>Compaq-Notebook</Computer>
> <Security />
> </System>
> <EventData>
> <Data Name="Product Name">%%827</Data>
> <Data Name="Product Version">1.1.1600.0</Data>
> <Data Name="Scan ID">{38CE2B7F-3841-47C8-BFD4-B8B475F88AB6}</Data>
> <Data Name="Unused">
> </Data>
> <Data Name="Unused">
> </Data>
> <Data Name="Unused">
> </Data>
> <Data Name="Unused">
> </Data>
> <Data Name="Domain">Compaq-Notebook</Data>
> <Data Name="User">John</Data>
> <Data Name="SID">S-1-5-21-2883898654-1166958187-1743476954-1000</Data>
> <Data Name="Threat Name">Unknown</Data>
> <Data Name="Threat Id">
> </Data>
> <Data Name="Threat Severity">
> </Data>
> <Data Name="Threat Category">
> </Data>
> <Data Name="FWLink">%%832</Data>
> <Data Name="Path Found">driver:mchInjDrv</Data>
> <Data Name="Threat Classification Index">0</Data>
> <Data Name="Threat Classification">%%807</Data>
> <Data Name="Unused">
> </Data>
> <Data Name="Unused">
> </Data>
> <Data Name="Detection Type Index">
> </Data>
> <Data Name="Detection Type">
> </Data>
> </EventData>
> </Event>
>
> "Engel" wrote:
>
> > Hi JLEHM,
> >
> >
> > You can go to the System Event log:
> >
> > Start, Run, eventvwr.msc <enter>
> >
> > Click on the System event log
> >
> > Go to View, choose Filter, and choose "windefend" in the source control.
> >
> > Look for yellow triangle entries that give the precise path and location of
> > what was detected, and use the button provided to paste the content of the
> > detection back to a message here.
> > -=-
> >
> >
> >
> > Run in safe mode Windows Malicious Software Removal Tool – (KB890830) MRT
> >
> > Delete Cookies and Temp Files and included all offline cºntent
> > Empty your IE cache
> > To run in safe mode.
> > http://www.computerhope.com/issues/chsafe.htm
> >
> >
> > Try running the "chkdsk /r" command at the command prompt
> > < http://support.microsoft.com/kb/315265>
> >
> > Reboot
> >
> >
> > Run a Full scan with MRT
> >
> > The programme can be found at C:\Windows\System32\MRT.exe ; MRT standing for
> > MicroSoft Removal Tool.
> >
> > I find it easier to create a "short-cut icon" and locate the icon on my
> > "desktop"...... a double click and away she goes.
> > The icon is apt in design being the image of a Window with accompanying
> > sponge and soap suds.
> > If you don't believe me test by executing/running MRT upper or lower case
> > letters makes no difference,
> > Also you can double click C:\Windows\System32\MRT.exe and select the scan.
> >
> > After finish the scan Reboot
> >
> >
> > Let us know if you still have the problem.
> >
> >
> > Good luck
> >
> >
> >
> > Ǝиçεl
> > -=-
> >
> >
> >
> >
> >
> >
> > "JLEHM" wrote:
> >
> > > Defender is not referencing a trojan it just sits there and says it is
> > > scanning.
> > >
> > > "Engel" wrote:
> > >
> > > > Hello JLEHM,
> > > >
> > > >
> > > > Can you let us know what the trojan is and where its being detected ?
> > > >
> > > > It will be alot easier to help you remove it once we know what it is and
> > > > where its saved into.
> > > >
> > > > -=-
> > > >
> > > >
> > > > Ǝиçεl
> > > > -=-
> > > >
> > > >
> > > >
> > > > "JLEHM" wrote:
> > > >
> > > > > I am running Vista SP1. I can launch defender; however, the scan will hangup
> > > > > on a file and never complete. The Scan can be a complete scan or a quicj
> > > > > scan, any ideas.

Hi John,

What changed in your system shortly before the problem occurred? Knowing
about a setting change or added software or hardware may be helpful in
solving the problem.

Maybe new driver

Any wireless peripherals involved?
-=-

Can't hurt to try MalwareBytes Anti-malware (MBAM)
<http://www.malwarebytes.org/forums/index.php?showtopic=2061&mode=threaded&pid=6518>
-=-

<http://aumha.net/viewtopic.php?f=30&t=36962>

Please download MalwareBytes Anti-malware (MBAM) from one of the following
links:

<http://www.majorgeeks.com/Malwarebytes_ ... d5756.html>
<http://www.besttechie.net/tools/mbam-setup.exe>
-=-



"Engel" wrote:

> What happens when you try the things I advised? What are your answers to the
> questions I asked?
>
> "JLEHM" wrote:
>
> > Below is content of the message
> >
> > Log Name: System
> > Source: Microsoft-Windows-Windows Defender
> > Date: 11/7/2008 6:39:02 PM
> > Event ID: 3004
> > Task Category: None
> > Level: Warning
> > Keywords: Classic
> > User: N/A
> > Computer: Compaq-Notebook
> > Description:
> > Windows Defender Real-Time Protection agent has detected changes. Microsoft
> > recommends you analyze the software that made these changes for potential
> > risks. You can use information about how these programs operate to choose
> > whether to allow them to run or remove them from your computer. Allow
> > changes only if you trust the program or the software publisher. Windows
> > Defender can't undo changes that you allow.
> > For more information please see the following:
> > Not Applicable
> > Scan ID: {38CE2B7F-3841-47C8-BFD4-B8B475F88AB6}
> > User: Compaq-Notebook\John
> > Name: Unknown
> > ID:
> > Severity ID:
> > Category ID:
> > Path Found: driver:mchInjDrv
> > Alert Type: Unclassified software
> > Detection Type:
> > Event Xml:
> > <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> > <System>
> > <Provider Name="Microsoft-Windows-Windows Defender"
> > Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" EventSourceName="WinDefend" />
> > <EventID Qualifiers="0">3004</EventID>
> > <Version>0</Version>
> > <Level>3</Level>
> > <Task>0</Task>
> > <Opcode>0</Opcode>
> > <Keywords>0x80000000000000</Keywords>
> > <TimeCreated SystemTime="2008-11-08T00:39:02.000Z" />
> > <EventRecordID>45653</EventRecordID>
> > <Correlation />
> > <Execution ProcessID="0" ThreadID="0" />
> > <Channel>System</Channel>
> > <Computer>Compaq-Notebook</Computer>
> > <Security />
> > </System>
> > <EventData>
> > <Data Name="Product Name">%%827</Data>
> > <Data Name="Product Version">1.1.1600.0</Data>
> > <Data Name="Scan ID">{38CE2B7F-3841-47C8-BFD4-B8B475F88AB6}</Data>
> > <Data Name="Unused">
> > </Data>
> > <Data Name="Unused">
> > </Data>
> > <Data Name="Unused">
> > </Data>
> > <Data Name="Unused">
> > </Data>
> > <Data Name="Domain">Compaq-Notebook</Data>
> > <Data Name="User">John</Data>
> > <Data Name="SID">S-1-5-21-2883898654-1166958187-1743476954-1000</Data>
> > <Data Name="Threat Name">Unknown</Data>
> > <Data Name="Threat Id">
> > </Data>
> > <Data Name="Threat Severity">
> > </Data>
> > <Data Name="Threat Category">
> > </Data>
> > <Data Name="FWLink">%%832</Data>
> > <Data Name="Path Found">driver:mchInjDrv</Data>
> > <Data Name="Threat Classification Index">0</Data>
> > <Data Name="Threat Classification">%%807</Data>
> > <Data Name="Unused">
> > </Data>
> > <Data Name="Unused">
> > </Data>
> > <Data Name="Detection Type Index">
> > </Data>
> > <Data Name="Detection Type">
> > </Data>
> > </EventData>
> > </Event>
> >
> > "Engel" wrote:
> >
> > > Hi JLEHM,
> > >
> > >
> > > You can go to the System Event log:
> > >
> > > Start, Run, eventvwr.msc <enter>
> > >
> > > Click on the System event log
> > >
> > > Go to View, choose Filter, and choose "windefend" in the source control.
> > >
> > > Look for yellow triangle entries that give the precise path and location of
> > > what was detected, and use the button provided to paste the content of the
> > > detection back to a message here.
> > > -=-
> > >
> > >
> > >
> > > Run in safe mode Windows Malicious Software Removal Tool – (KB890830) MRT
> > >
> > > Delete Cookies and Temp Files and included all offline cºntent
> > > Empty your IE cache
> > > To run in safe mode.
> > > http://www.computerhope.com/issues/chsafe.htm
> > >
> > >
> > > Try running the "chkdsk /r" command at the command prompt
> > > < http://support.microsoft.com/kb/315265>
> > >
> > > Reboot
> > >
> > >
> > > Run a Full scan with MRT
> > >
> > > The programme can be found at C:\Windows\System32\MRT.exe ; MRT standing for
> > > MicroSoft Removal Tool.
> > >
> > > I find it easier to create a "short-cut icon" and locate the icon on my
> > > "desktop"...... a double click and away she goes.
> > > The icon is apt in design being the image of a Window with accompanying
> > > sponge and soap suds.
> > > If you don't believe me test by executing/running MRT upper or lower case
> > > letters makes no difference,
> > > Also you can double click C:\Windows\System32\MRT.exe and select the scan.
> > >
> > > After finish the scan Reboot
> > >
> > >
> > > Let us know if you still have the problem.
> > >
> > >
> > > Good luck
> > >
> > >
> > >
> > > Ǝиçεl
> > > -=-
> > >
> > >
> > >
> > >
> > >
> > >
> > > "JLEHM" wrote:
> > >
> > > > Defender is not referencing a trojan it just sits there and says it is
> > > > scanning.
> > > >
> > > > "Engel" wrote:
> > > >
> > > > > Hello JLEHM,
> > > > >
> > > > >
> > > > > Can you let us know what the trojan is and where its being detected ?
> > > > >
> > > > > It will be alot easier to help you remove it once we know what it is and
> > > > > where its saved into.
> > > > >
> > > > > -=-
> > > > >
> > > > >
> > > > > Ǝиçεl
> > > > > -=-
> > > > >
> > > > >
> > > > >
> > > > > "JLEHM" wrote:
> > > > >
> > > > > > I am running Vista SP1. I can launch defender; however, the scan will hangup
> > > > > > on a file and never complete. The Scan can be a complete scan or a quicj
> > > > > > scan, any ideas.

The log record you're posted (thanks!) is likely completely benign--an
unknown is just that--something that isn't on Defender's radar screen--a
good many hardware drivers fit that category, and aren't necessarily
malware.

The scan completion issue is worth troubleshooting further.

Can you say how long you have left it scanning?

If it is showing filenames as it scans, does it seem to stop on a particular
filename?

Does your system have many large archive files? An archive file is a
compressed container for potentially many smaller files--examples are files
suffixed .zip, .iso and others, including .exe in some cases.

If this is the case, there is an option setting to tell Defender not to scan
within such files, but I'm inclined to guess--from the fact that this
happens on both quick and full scans, that this is not the issue.

I've believe this can happen when registry security settings keep Defender
from scanning areas that it expects to be able to scan, but this is ancient
dusty memory--so if you can tell more about what the scan shows is happening
when it appears to hang, that may help.

Additionally, such hangs may, in fact, simply be very slow progress--hence
the question about how long you've left it. I'm not minimizing the impact
of this on the user--just wanting to distinguish between locked up
completely and proceeding tortoise slow! Either way, it is certainly worth
troubleshooting and seeing if the performance can be improved. The goal
(and experience on most machines) is that a quick scan should have minimal
usability impact, and take a reasonable amount of time--certainly measured
in minutes rather than hours.



--

"JLEHM" <(E-Mail Removed)> wrote in message
news:36530C41-7834-4986-A998-(E-Mail Removed)...
>I am running Vista SP1. I can launch defender; however, the scan will
>hangup
> on a file and never complete. The Scan can be a complete scan or a quicj
> scan, any ideas.

The problem occured on full systtem scans awhile ago; I viewed the Defender
update files and noticed htat one did not complete. I manually updated the
file and Defender started to work again. All of sudden it started failing on
both full and quick cans.

No wireless peripherals involved.

I followed your instructions regarding running the program in safe mode;
after running for 14 hours it came uwith nothing. I ran a quick scan a couple
of times and it is working fine. I have setup Defender to run a full scan
later today.

"Engel" wrote:

> Hi John,
>
> What changed in your system shortly before the problem occurred? Knowing
> about a setting change or added software or hardware may be helpful in
> solving the problem.
>
> Maybe new driver
>
> Any wireless peripherals involved?
> -=-
>
> Can't hurt to try MalwareBytes Anti-malware (MBAM)
> <http://www.malwarebytes.org/forums/index.php?showtopic=2061&mode=threaded&pid=6518>
> -=-
>
> <http://aumha.net/viewtopic.php?f=30&t=36962>
>
> Please download MalwareBytes Anti-malware (MBAM) from one of the following
> links:
>
> <http://www.majorgeeks.com/Malwarebytes_ ... d5756.html>
> <http://www.besttechie.net/tools/mbam-setup.exe>
> -=-
>
>
>
> "Engel" wrote:
>
> > What happens when you try the things I advised? What are your answers to the
> > questions I asked?
> >
> > "JLEHM" wrote:
> >
> > > Below is content of the message
> > >
> > > Log Name: System
> > > Source: Microsoft-Windows-Windows Defender
> > > Date: 11/7/2008 6:39:02 PM
> > > Event ID: 3004
> > > Task Category: None
> > > Level: Warning
> > > Keywords: Classic
> > > User: N/A
> > > Computer: Compaq-Notebook
> > > Description:
> > > Windows Defender Real-Time Protection agent has detected changes. Microsoft
> > > recommends you analyze the software that made these changes for potential
> > > risks. You can use information about how these programs operate to choose
> > > whether to allow them to run or remove them from your computer. Allow
> > > changes only if you trust the program or the software publisher. Windows
> > > Defender can't undo changes that you allow.
> > > For more information please see the following:
> > > Not Applicable
> > > Scan ID: {38CE2B7F-3841-47C8-BFD4-B8B475F88AB6}
> > > User: Compaq-Notebook\John
> > > Name: Unknown
> > > ID:
> > > Severity ID:
> > > Category ID:
> > > Path Found: driver:mchInjDrv
> > > Alert Type: Unclassified software
> > > Detection Type:
> > > Event Xml:
> > > <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> > > <System>
> > > <Provider Name="Microsoft-Windows-Windows Defender"
> > > Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" EventSourceName="WinDefend" />
> > > <EventID Qualifiers="0">3004</EventID>
> > > <Version>0</Version>
> > > <Level>3</Level>
> > > <Task>0</Task>
> > > <Opcode>0</Opcode>
> > > <Keywords>0x80000000000000</Keywords>
> > > <TimeCreated SystemTime="2008-11-08T00:39:02.000Z" />
> > > <EventRecordID>45653</EventRecordID>
> > > <Correlation />
> > > <Execution ProcessID="0" ThreadID="0" />
> > > <Channel>System</Channel>
> > > <Computer>Compaq-Notebook</Computer>
> > > <Security />
> > > </System>
> > > <EventData>
> > > <Data Name="Product Name">%%827</Data>
> > > <Data Name="Product Version">1.1.1600.0</Data>
> > > <Data Name="Scan ID">{38CE2B7F-3841-47C8-BFD4-B8B475F88AB6}</Data>
> > > <Data Name="Unused">
> > > </Data>
> > > <Data Name="Unused">
> > > </Data>
> > > <Data Name="Unused">
> > > </Data>
> > > <Data Name="Unused">
> > > </Data>
> > > <Data Name="Domain">Compaq-Notebook</Data>
> > > <Data Name="User">John</Data>
> > > <Data Name="SID">S-1-5-21-2883898654-1166958187-1743476954-1000</Data>
> > > <Data Name="Threat Name">Unknown</Data>
> > > <Data Name="Threat Id">
> > > </Data>
> > > <Data Name="Threat Severity">
> > > </Data>
> > > <Data Name="Threat Category">
> > > </Data>
> > > <Data Name="FWLink">%%832</Data>
> > > <Data Name="Path Found">driver:mchInjDrv</Data>
> > > <Data Name="Threat Classification Index">0</Data>
> > > <Data Name="Threat Classification">%%807</Data>
> > > <Data Name="Unused">
> > > </Data>
> > > <Data Name="Unused">
> > > </Data>
> > > <Data Name="Detection Type Index">
> > > </Data>
> > > <Data Name="Detection Type">
> > > </Data>
> > > </EventData>
> > > </Event>
> > >
> > > "Engel" wrote:
> > >
> > > > Hi JLEHM,
> > > >
> > > >
> > > > You can go to the System Event log:
> > > >
> > > > Start, Run, eventvwr.msc <enter>
> > > >
> > > > Click on the System event log
> > > >
> > > > Go to View, choose Filter, and choose "windefend" in the source control.
> > > >
> > > > Look for yellow triangle entries that give the precise path and location of
> > > > what was detected, and use the button provided to paste the content of the
> > > > detection back to a message here.
> > > > -=-
> > > >
> > > >
> > > >
> > > > Run in safe mode Windows Malicious Software Removal Tool – (KB890830) MRT
> > > >
> > > > Delete Cookies and Temp Files and included all offline cºntent
> > > > Empty your IE cache
> > > > To run in safe mode.
> > > > http://www.computerhope.com/issues/chsafe.htm
> > > >
> > > >
> > > > Try running the "chkdsk /r" command at the command prompt
> > > > < http://support.microsoft.com/kb/315265>
> > > >
> > > > Reboot
> > > >
> > > >
> > > > Run a Full scan with MRT
> > > >
> > > > The programme can be found at C:\Windows\System32\MRT.exe ; MRT standing for
> > > > MicroSoft Removal Tool.
> > > >
> > > > I find it easier to create a "short-cut icon" and locate the icon on my
> > > > "desktop"...... a double click and away she goes.
> > > > The icon is apt in design being the image of a Window with accompanying
> > > > sponge and soap suds.
> > > > If you don't believe me test by executing/running MRT upper or lower case
> > > > letters makes no difference,
> > > > Also you can double click C:\Windows\System32\MRT.exe and select the scan.
> > > >
> > > > After finish the scan Reboot
> > > >
> > > >
> > > > Let us know if you still have the problem.
> > > >
> > > >
> > > > Good luck
> > > >
> > > >
> > > >
> > > > Ǝиçεl
> > > > -=-
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > "JLEHM" wrote:
> > > >
> > > > > Defender is not referencing a trojan it just sits there and says it is
> > > > > scanning.
> > > > >
> > > > > "Engel" wrote:
> > > > >
> > > > > > Hello JLEHM,
> > > > > >
> > > > > >
> > > > > > Can you let us know what the trojan is and where its being detected ?
> > > > > >
> > > > > > It will be alot easier to help you remove it once we know what it is and
> > > > > > where its saved into.
> > > > > >
> > > > > > -=-
> > > > > >
> > > > > >
> > > > > > Ǝиçεl
> > > > > > -=-
> > > > > >
> > > > > >
> > > > > >
> > > > > > "JLEHM" wrote:
> > > > > >
> > > > > > > I am running Vista SP1. I can launch defender; however, the scan will hangup
> > > > > > > on a file and never complete. The Scan can be a complete scan or a quicj
> > > > > > > scan, any ideas.

I followed Engel instructions and things are working better, I am going to
monitor for the next few days; I have had Defender start working again and
then fail. I do not have not added anything to the PC; hence, no new drivers.

At times I have left it scanning for days. I have a daily scan setup and
usually just let I run in the background.

There is at least one file in the Quick scan (regedit) and two in the Full
Scan ( HP Doc file) that it halts on.

I only have one archieve file; it does not appear to be having an issue with
that file.



"Bill Sanderson" wrote:

> The log record you're posted (thanks!) is likely completely benign--an
> unknown is just that--something that isn't on Defender's radar screen--a
> good many hardware drivers fit that category, and aren't necessarily
> malware.
>
> The scan completion issue is worth troubleshooting further.
>
> Can you say how long you have left it scanning?
>
> If it is showing filenames as it scans, does it seem to stop on a particular
> filename?
>
> Does your system have many large archive files? An archive file is a
> compressed container for potentially many smaller files--examples are files
> suffixed .zip, .iso and others, including .exe in some cases.
>
> If this is the case, there is an option setting to tell Defender not to scan
> within such files, but I'm inclined to guess--from the fact that this
> happens on both quick and full scans, that this is not the issue.
>
> I've believe this can happen when registry security settings keep Defender
> from scanning areas that it expects to be able to scan, but this is ancient
> dusty memory--so if you can tell more about what the scan shows is happening
> when it appears to hang, that may help.
>
> Additionally, such hangs may, in fact, simply be very slow progress--hence
> the question about how long you've left it. I'm not minimizing the impact
> of this on the user--just wanting to distinguish between locked up
> completely and proceeding tortoise slow! Either way, it is certainly worth
> troubleshooting and seeing if the performance can be improved. The goal
> (and experience on most machines) is that a quick scan should have minimal
> usability impact, and take a reasonable amount of time--certainly measured
> in minutes rather than hours.
>
>
>
> --
>
> "JLEHM" <(E-Mail Removed)> wrote in message
> news:36530C41-7834-4986-A998-(E-Mail Removed)...
> >I am running Vista SP1. I can launch defender; however, the scan will
> >hangup
> > on a file and never complete. The Scan can be a complete scan or a quicj
> > scan, any ideas.
>
>