Defender won't run at startup

[Rojo Habe]

I've just noticed that Defender isn't running, even though the Registry key
(HKLM\Software\Microsoft\Windows\CurrentVersion\Run) is there. The path
specified by this key (%ProgramFiles%\Windows Defender\MSASCui.exe -hide) is
valid. I can copy and paste it into a Run box and the process appears in the
Task Manager (and stays there until I reboot). If I view the System Startup
page in Spybot S&D the key exists. I've actually changed '%ProgramFiles%'
to 'C:\Program Files' (without the quotes) to see if it makes a difference -
it doesn't. If I view the Startups tab in The Ultimate Troubleshooter it
finds the key but shows File Not Found in the Launch Command field.

I'm at a bit of a loss. I thought perhaps the permissions had got screwed
up for either the Windows Defender folder or the executable itself, but if
that were the case, should I be able to run the command manually? In any
case, the permissions can't be edited. Everything's greyed out.

I'm quite happy to run without Defender; I'd just rather be the one who
decides. I'm concerned that to all intents and purposes it's supposed to be
running but isn't.

Any ideas?

 

[Rojo Habe]

Nope. Not running OneCare. I do have ESET NOD32 running; I don't know if
this does the same thing. Interestingly, Security Center tells me Defender
is running, even though it doesn't show in the Task Manager.

Having now run it manually (it'll stay resident until I reboot now) I can
see the last update was on May 1st. This seems reasonably up-to-date, unless
it updates daily like most other malware software. I'll try not to worry
about it too much.

It just seems a bit odd. I regularly used to see the animated taskbar icon
that showed me it was running a scan. I've not seen that for ages.

 

[Rojo Habe]

I agree it's odd. Some things to check. In WD options you have
automatically scan my computer, use real-time protection, and use
Windows Defender checked correct? Task Manager should show both
processes MSASCui.exe and MsMPEng.exe running.

All those options are indeed checked. MSASCui.exe is running, but only
because I launched Defendr manually to check the settings. MsMPEng.exe is
not running. I can't even find this file on my system. It's not in
System32 and a Windows Search of Everywhere comes up blank (although this
happens more often than no, whatever I'm searching for).

Also the following System Services need to be in Started Status for WD
to run:
1.Automatic Updates
2.Background Intelligent Transfer Service (BITS)
3.Cryptographic Services
4.Remote Procedure Call (RPC)
5.Windows Defender

Automatic Updates isn't even listed in Services. Windows Update is set to
install updates automatically, but now I think about it I can't remember the
last time I saw this happen either. All the other services you mentioned
are Started, although Cryptographic Services is set to Manual rather than
Automatic. Is this OK?

As to the scheduled scan running, WD uses the System Scheduler, so
make sure Control Panel > Scheduled Tasks > Advanced > View hidden
tasks is checked, then see when the last MP Scheduled scan was run,
also right click that task and attempt to initiate a immediate run of
the scan. What happens when you do that, does the scan start, and the
animated icon appear in the taskbar notification area?

Last Run Time: Never. Right-clicking and selecting Run has no visible
effect whatsoever, although since doing it this post lost focus a couple of
times as I was typing this, so presumably something tried to happen.

I'm just in the process of running sfc /scannow but the last time I ran it
(a couple of weeks ago) it didn't find any problems. I'll post again if it
finds anything.

 

[Rojo Habe]

Rojo;

There's a couple of problems at least. MsMpEng.exe (WD scan engine)
should be in the Program files/Windows Defender folder. Seems like
Defender got hosed at some point. Can you try a repair install if your
running XP
(I don't think you're running on Vista where this won't work):
Control Panel > Add/Remove > highlight Windows Defender > click Support
Info > click Repair.
That should fix Defender without having to re-install completely.

Sorry, I should have mentioned I'm running Vista Ultimate. I thought with
this being a Vista newsgroup I could get away with not mentioning that. My
fault.

I've looked in Program Files\Windows Defender and the file is definitely not
there (or if it is, it's hidden from my user account).

It's weird. Even with neither of those processes running, Security Center
reports that Defender is turned on. Windows Update is quite happily
updating the definitions (I checked again last night) even though the
Automatic Updates service appears to be missing. It's as though my PC is
lying to me.

A quick update on my last post. When I went back into Scheduled Tasks it
reported the last run time as the time when I right-clicked it and selected
Run, although the animated icon never appeared in the tray.

Sfc /scannow found no problems.

Look at this post for your automatic updates service missing problem:
http://www.aota.net/forums/archive/index.php/t-17881.html
Crypto service in manual mode is just fine.

I'll hold off on that for now, unless you can tell me it's the same for
Vista. Again, the funny thing is, Windows Update works fine. Even if the
service isn't listed it must be running.

I wonder why you got so many problems showing up at once? Did that
machine have an infection in the past that got cleaned up?

Not to my knowledge. I do seem to remember a long time ago AVG caught
something, so it's possible. Oh and no, I'm not runnig two antivirus
programs. I got rid of AVG and replaced it with ESET about a month or so
ago.

Other weird things keep happening too. See the following thread for an
example:

http://windowshelp.microsoft.com/co...5bb34c2&cat=&lang=en&cr=US&sloc=en-us&m=1&p=1

I never did sort that one out.

I'm beginning to think at this stage that an in-place upgrade of Vista on
top of itself might be my only option. I've been putting that off because I
don't know how it's going to affect some of my older software (Office 2000,
Quicken 2004). I had a bit of bother getting them to run properly with
Vista in the first place. And no, I can't upgrade them at the moment. I
have clients' spreadheets that are badly written and don't work with Excel
2007, and Quicken is no longer supported in the UK.

So, is this the end of the road? Do I need to reinstall Windows? It's an
upgrade copy, by the way, so I'm really trying hard to avoid reformatting
and starting from scratch. Will an in-place upgrade do the trick?

 

[Engel]

Hello Rojo,

You might try this.

Go to the main Windows Update window and click on "Installed Updates" (on
the left-hand side of the window, at the bottom), and then remove "Update for
Microsoft Windows (KB931099)" (only).

Reboot. Reboot again. (2 Reboots) Go back to Windows Update, and re-install
the same update, by clicking on the Check for Updates button.

Other folks may have additional ideas for you; hope this helps a bit, see if
that helps.

Let us know how it works ºut.

Good luck
- -- ---

 

[Rojo Habe]

I removed the update and rebooted twice as suggested. Windows Update does
not offer this as an update if I click 'Check for updates'. Reading the
knowledgebase article, this update only applies to Windows Defender version
1.1.1505.0. Mine is version 1.1600.0, so this is probably why the update is
not being offered.

In any case, it hasn't changed anything. Worth a try though. Thanks.

To continue the thread I've been following with Dave M, do I actually need
MsMPEng.exe in Vista. The reason I ask is: if I kick off a manual scan from
within the Defender GUI it appears to run fine (although the animated icon
is still missing from the taskbar).

 

[Rojo Habe]

Fixed it.

I turned Defender off, by going into Tools/Options and unchecking "Use
Windows Defender". I then disabled the Startup entry and rebooted. I then
re-enabled the Startup entry and attempted to turn Defender back on. This
failed with an error message saying the service had stopped unexpectedly so
I rebooted again and: viola! MSASCui sitting quite happily in the Task
Manager, no File Not Found messages in TUT, all appears to be tickety-boo.
MsMpEng.exe still isn't there so I'm assuming that's only used in XP. I
also still don't see the animated task bar icon if I run a manual scan but
I'm now not sure I ever did see it in Vista.

Oh, and the reason the overnight scans have never run is that the task was
not set to wake the computer. If I tick the box to do so the task runs OK.

I think that covers it. Unless I'm missing something?

Now if I could just get rid of that damned Default Beep in Office 2000 file
dialogs...