Defender gone from Vista

[Tony Linguini]

My granddaughter's laptop got the eco (green) antivirus extortionware, and I
manually removed it. It somehow removed the core files from Defender, and
now it won't start or run. Suggestions? (besides a format please)
Tony

 

[KristleBawl]

Tony Linguini expressed an opinion:

My granddaughter's laptop got the eco (green) antivirus extortionware,
and I manually removed it. It somehow removed the core files from
Defender, and now it won't start or run. Suggestions? (besides a format
please)
Tony

The first step is to try to reinstall Defender.

http://www.microsoft.com/windows/products/winfamily/defender/default.mspx

These programs remove the rogues for you, and they are easy to update,
just like an anti virus program. I have the free versions installed and
use them regularly.

Ad-Aware
http://www.lavasoft.com/?domain=lavasoftusa.com/products/ad_aware_free.php

Malwarebytes
http://www.malwarebytes.org/mbam.php

SuperAntiSpyware
http://www.superantispyware.com/superantispyware.html

 

[Tony Linguini]

Thank you, tried that, download said " incorrect operating system" or some
such which loosely translated meant that Defender is built into Vista.
Tony

 

[DL]

Defender has been replaced by MS Security Essentials

Thank you, tried that, download said " incorrect operating system" or some
such which loosely translated meant that Defender is built into Vista.
Tony

 

[Tony Linguini]

So if I install MSE will it re-install defender?
Tony

 

[KristleBawl]

Tony Linguini expressed an opinion:

Thank you, tried that, download said " incorrect operating system" or
some such which loosely translated meant that Defender is built into Vista.
Tony

After further research, try this:

You need to go to "services.msc". Type that in from Start > Run and hit
enter. Scroll down the list to the Windows Defender service, right click
on it and select properties. In there change the settings for it to
start automatically. You could also manually start the service at the
same time. That should fix the error.

If that doesn't work, you can try a System Restore.

 

[Tony Linguini]

BTDTGTTS
The files are actually GONE from program files/windows defender. It will not
start manually or automagically.
I believe the extortionware did that so defender could not remove it.
This is a Dell laptop, no vista dvd included, just a stock recovery image,
and all of my dvds here are 64bit. Lappie has 32.
Thanks, Tony

 

[KristleBawl]

Tony Linguini expressed an opinion:

BTDTGTTS
The files are actually GONE from program files/windows defender. It will
not start manually or automagically.
I believe the extortionware did that so defender could not remove it.
This is a Dell laptop, no vista dvd included, just a stock recovery
image, and all of my dvds here are 64bit. Lappie has 32.
Thanks, Tony

Then you have to try the restore.

Backup all personal files (documents, etc) just to be safe.

Start Orb, All Programs, Accessories, System Tools, System Restore.

 

[FromTheRafters]

My granddaughter's laptop got the eco (green) antivirus extortionware,
and I manually removed it.

Some details may be needed here, but you would probably end up having to
reinstall the OS in the end anyway.

It somehow removed the core files from Defender, and now it won't
start or run. Suggestions? (besides a format please)

Reinstall the OS. On Vista, Defender is integrated IIRC.

 

[Ǝиçεl]

Hello Mike,

Windows Defender detects and removes known spyware ONLY.

If you are running Microsoft Security Essentials, you do not need to run
Windows Defender.

Microsoft Security Essentials is designed to disable Windows Defender in
order to manage the PC’s real-time protection, including anti-virus,
rootkits, Trojans and spyware.
-=-

 

[Ǝиçεl]

Hello Tony,

Consider going to the secuÑity portal

<http://www.microsoft.com/security/portal/>

and downloading the 32-bit definitions for Windows Defender to the desktop,
then
*right* click mpas-fe.exe and choose 'Run as
administrator'
to apply.


I hope this post is helpful.

Let us know how it works ºut.

Good luck


Ǝиçεl
-=-

 

[Tony Linguini]

It ran, but there still is no defender.
Tony

Hello Tony,

Consider going to the secuÑity portal

<http://www.microsoft.com/security/portal/>

and downloading the 32-bit definitions for Windows Defender to the
desktop,
then
*right* click mpas-fe.exe and choose 'Run as
administrator'
to apply.


I hope this post is helpful.

Let us know how it works ºut.

Good luck


Ǝиçεl
-=-

 

[Patrick Phillips]

My granddaughter's laptop got the eco (green) antivirus extortionware,
and I manually removed it. It somehow removed the core files from
Defender, and now it won't start or run. Suggestions? (besides a format
please) Tony

Now just install Microsoft Security Essentials its designed to disable
Windows Defender anyway and provides real time protection for anti-virus,
rootkits, trojans, spyware.

 

[Ǝиçεl]

SoÑÑy to hear that, but unfortunately
I am out of answers. Sorry I couldn't help

Tony, as well as FromTheRafters suggestion

Reinstall Vista
-=-

 

[Tony Linguini]

That worked fine. I was misinformed about the relationship between defender
and MSE.
I actually run MSE on my Windows 7 machine.
Thanks for everyone's input.
Tony

 

[DL]

MSE will remove / disable defender

Actually the two work together.

Mike.

 

[FromTheRafters]

Manual removal that involves removal of needed "Defender" files leads me
to believe reinstalling Vista, and then installing MSE would have been
the better choice. Anyway, glad you are happy with your results.

 

[Dave Warren]

In message <[email protected]> "Tony

My granddaughter's laptop got the eco (green) antivirus extortionware, and I
manually removed it. It somehow removed the core files from Defender, and
now it won't start or run. Suggestions? (besides a format please)

I think it's fairly obvious that the computer is not back to it's
original pre-infection state. How do you know that you removed all of
the malware that was installed, and that the machine is safe and can be
trusted at this point?

Once compromised, the only solution is to format and reinstall from
scratch, until that is done, you can never be certain that the machine
is yours, it may still be owned by the trojan software (although you'll
probably still be allowed to use the trojan's machine most of the time)

 

[Tony Linguini]

Well, a quick scan found 2, and a full scan found three, a new quick scan
found none, and a new full scan found none. Rebooting in between every scan.
While I know this is not gospel, it's good enough until the inevitable next
time.
Tony

 

[MowGreen]

If the system is not going to be formatted/reinstalled, then inform your
daughter that *anything* she does online with it may be transmitted to a
rogue web server. Her passwords, usernames, personal information either
stored on or sent from the system no longer belongs to her and her alone.
If she's willing to put with that, more power to her.

MowGreen
===============
*-343-* FDNY
Never Forgotten
===============

banthecheck.com
"Security updates should *never* have *non-security content* prechecked"