Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


[Please help] Window Defender constantly detecting & removing malware

  • Please log in to reply
4 replies to this topic

#1 akhsim


  • Members
  • 2 posts
  • Local time:02:00 PM

Posted 03 November 2016 - 02:23 AM

Hi there,

My Window Defender has been constantly showing the notification

"Found some malware

Window Defender is removing it"

This happens twice every minute. I checked the detected items in History of Window Defender and here is what it shows:




Note: I am using Window 10 64-bit

Here is the link to the information about the detected item on Microsoft website:




Basically every minute Window Defender is detecting the same malware twice, in two different locations. One goes to a Google Chrome .lnk file and the other Internet Explorer (I never use IE). I have tried to look for these two files in the location stated, but they weren't there (possibly because they are being constantly removed?).

I started having this issue yesterday while browsing the internet. I have tried Full Scan by Window Defender and Threat Scan by Malwarebytes Anti-Malware Premium several times and they both came up with nothing. I don't have any evidence that this malware is doing anything to my system. I have checked Control Panel, Apps&Feature, Google Chrome Extension and so far nothing malicious has been installed. At the time before this problem started, I remember Malwarebytes and Window Defender picked up a few malwares, trojans and cleaned them properly.


 In addition to my two default AV software, I have also tried rkill, AdwCleaner, JRT, Hitman Pro (one time free-use),  Zemana Anti Malware and so far nothing has fixed the problem.

 I have also tried removing Google Chrome completely and reinstalled it. I even tried booting from Win10 Installation USB and ran a System Restore.


 I also downloaded CCleaner and deleted a bunch of unnecessary files. After this, my Window Defender is acting really strange. The Real-time protection function is turning itself on and off. It can turn on but then an error message that would pop up, saying: 

An unexpected problem occured. Install any available

updates, then try to start the program again. For

information on installing updates, see Help and


Error Code: 0x8050800c


 I don't know if this is the result of CCleaner or an action of the malware itself. I tried running sfc /scannow and did not find anything corrupted or missing.


 I have also posted on Whirlpool and has been following the instruction of a senior member there. He instructed me to run FRST, upload the log files, then run his fixlist.txt. It didn't fix the problem. Right now I'm running ESET Online Scanner. Here is the link to the Whirlpool post - https://forums.whirlpool.net.au/forum-replies.cfm?t=2580085


 I'm completely new to this forum and found you guys after hours of looking for a fix to my problem. I really hope someone could lead me in the right direction.


 Thank you so much, in advance.

Edited by akhsim, 03 November 2016 - 02:38 PM.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,537 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:09:00 PM

Posted 04 November 2016 - 02:19 PM

Hello, please do these next.

  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rickeb1


  • Members
  • 1 posts
  • Local time:07:00 PM

Posted 04 November 2016 - 05:06 PM

I have exactly the same problem.  What's interesting is that after trying (almost) all of the usual suggested tools as the original poster did, plus a couple of other antivirus programs, none of them see any problem.  Only Windows Defender seems to see a problem, and it's hard to believe that Defender is so much better than every other tool and antivirus that it has identified an issue that no one else can.  I'm wondering if there is a problem with Windows Defender?

#4 akhsim

  • Topic Starter

  • Members
  • 2 posts
  • Local time:02:00 PM

Posted 05 November 2016 - 02:43 PM

Hi guys,


The current fix is to go the folder directories (shown in Window Defender) and manually delete the .lnk files. For me they were shown as .exe files instead. Deleting these will remove the applications from the Start Menu.


I believe it is a False Positive because nothing other than Window Defender is picking this malware up and a lot of people have been reporting of the same issues over the last two days.

#5 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,953 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:00 PM

Posted 07 November 2016 - 05:00 PM

Specific issues only related to Windows Defender should be reported to Microsoft so they can investigate.If you suspect a file was falsely detected (a false positive) or appears suspicious, then you should submit a sample to the Microsoft Malware Protection Center research team so they can investigate and take corrective action if confirmed.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users