Window Defender Freezes

[Guest]

I just downloaded Windows Defender and got all the updates, then when I did a
scan it stopped at the file: HKLM\Software\Classes\magnet and everything
stopped nothing worked, and there was nothing I could do but switch it off at
the wall. It has happened every time I try to scan, on the same file. Please
Help!!!

 

[Guest]

Hello Craig,

1.- Try to scan in safe mode.(Quick scan)

2.- Go to the System Event log:

Start, Run, eventvwr.msc <enter>

Click on the System event log

Go to View, choose Filter, and choose "windefend" in the source control.

Look for yellow triangle entries that give the precise path and location of
what was detected, and use the button provided to paste the content of the
detection back to a message here.

3.- Start, Run, chkdsk /r <enter>
Accept-YES

Rebot

Run WD from the menu with a Quick scan.
Any problems? Any messages?


Eиçel

 

[Bill Sanderson MVP]

I agree with Engel's recommendation to scan in safe mode. Update your
antivirus application, and scan with it in safe mode at the same time.

 

[Guest]

Thanks for the advice, here are the paths from the yellow warning triangles:

firewallport:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1786:UDP

firewallport:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1784:UDP

firewallport:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1785:UDP

firewallport:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP

firewallport:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP

driver:NAL;file:C:\WINDOWS\system32\Drivers\iqvw32.sys


What should be my next plan of action?

 

[Bill Sanderson MVP]

Can you post the complete log entry for that last item, in particular--just
use the copy to clipboard button on the event viewer.

So far, I don't see anything suspicious here, so I'd like to know more of
what these entries say--maybe post one of the firewall-related ones, as
well.

 

[Guest]

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 13/04/2006
Time: 5:20:31 p.m.
User: N/A
Computer:
Description:
Windows Defender Real-Time Protection agent has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {E45385C3-8E64-4987-8E3A-6EA0133AE2B8}
User: Spencer
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Path Found: driver:NAL;file:C:\WINDOWS\system32\Drivers\iqvw32.sys
Threat Classification: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 15/04/2006
Time: 3:08:22 p.m.
User: N/A
Computer:
Description:
Windows Defender Real-Time Protection agent has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {7AE1739B-D5BA-4E8A-BE19-8C1CE891D4FF}
User: Spencer
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Path Found:
firewallport:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1786:UDP
Threat Classification: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Does this help?

 

[Bill Sanderson MVP]

Craig - I lost track of this thread, I'm afraid.

I still don't see anything to be suspicious of in these log entries--unknown
items are perfectly normal, and in many cases are just drivers that are not
yet known to Windows Defender's data store--they certainly aren't items that
require action, unless you are seeing clear symptoms and cannot identify the
file in question as a legitimate driver.

So--I don't know what's going on with your system. I don't see any clear
indication from these entries (although I don't know what is creating the
open firewall ports)--that there's a problem, but the hangs on scanning are
definitely a functionality issue.

Is this still happening?

--