Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows failed to install signature updates to defender


  • Please log in to reply
12 replies to this topic

#1 Cire86

Cire86

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 01 April 2017 - 07:59 AM

And hitman pro found truesight.sys in system32/drivers, though it might have been roguekiller component. I uninstalled roguekiller to see if hitman pro detects that file after that, it didnt find it anymore. But then i reinstalled roguekiller to see if hitman pro could detect the file again, but now it doesnt find anything, why???*
 

Also I turned off protection shields on avast to try to see if windows defender could update itself but it required to uninstall avas so i didnt bother with it and turned avast shields back on. During this timeframe, i had no protection at all, was i in danger of attacks? I didnt browse internet during that time but i was connected to internet.

 

Here are farbar logs.

Attached Files


Edited by Cire86, 01 April 2017 - 08:03 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 02 April 2017 - 07:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean.

===

But then i reinstalled roguekiller to see if hitman pro could detect the file again, but now it doesnt find anything, why???*


The file truesight.sys is not malware.
http://www.freefixer.com/library/file/TrueSight.sys-145417/

You should check with in the Hitman Forum.

===

#3 Cire86

Cire86
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 03 April 2017 - 05:44 PM

Yeah it probably was roguekiller component.

 

But when i turned off avast shields while i was plugged to the internet, was my pc vulnerable to attacks during that time when i had no antivirus at all? I didnt use browser during that time.
 

Btw, should bleepingcomputer account have notifications about thread comments by default on the forums top right corner in addition to emails? I only received notification of new thread comment on email, but i remember having notifications on forums too when i have made some thread in the past on different account. Its weird I only got notification in to email, spyware changed settings?


Edited by Cire86, 03 April 2017 - 06:34 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 04 April 2017 - 07:36 AM


When Avast is enable your Windows Defender is disable by Avast.
When Avast is disable Defender is Enabled.

You also have Malwarebytes that can help.

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}


===

For you peace of mind run this Sophos Virus Removal tool.

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Windows XP:
C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

p.s.
The Notification is only Enabled if you Get a Personal Message, not a new post in your topic.

#5 Cire86

Cire86
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 04 April 2017 - 09:07 AM

Sophos said computer is clean.

But defender actually does not turn on if avast shields are turned off, when i looked at defender after disabling avast it said avast needs to be uninstalled before defender can be turned on, so i had no antivirus at all.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 04 April 2017 - 09:47 AM

Your computer is clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#7 Cire86

Cire86
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 04 April 2017 - 10:05 PM

Still wondering about those antivirus softwares, what exactly antivirus is protecting from? If i am not using browser, antivirus is not even needed am i right? Because if pc was infected without using browser, it would have to have come from direct ip attack, and it should have been stopped by firewalls right (and if it came through firewall, then there are bigger issues than just not having antivirus..)? Or does antivirus software play a role in that too?


Edited by Cire86, 04 April 2017 - 10:07 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 05 April 2017 - 07:25 AM

There is many ways to clean a cat.

What ever was used to compromised your computer has been removed.
Nothing we can do to find out what/how it was done.

If you used a router you should make sure it secured.

How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html


You can do a reset if you think it's required.
How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

#9 Cire86

Cire86
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 05 April 2017 - 10:05 AM

Wait, so you think there was malware on pc? But the logs were clean you said and no virus scan could find anything.

The failed install of defender signatures happened, when i had just secure erased ssd and installed windows and just had installed other updates to windows, also I had reseted the router too prior to installing windows. I didnt even browse internet until I updated the windows 10 completely.

I dont use wireless, its disabled.


Edited by Cire86, 05 April 2017 - 10:10 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 06 April 2017 - 06:41 AM


I'm satisfied that your computer is clean of malware.

The failed install of defender signatures happened, when i had just secure erased ssd and installed windows


If you still have issues with Defender and anything else please explain.

#11 Cire86

Cire86
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 06 April 2017 - 08:06 AM

I dont know if its still unable to update the signatures, since the message of failed windows update regarding defender disappeared after installing avast and im not bothering to uninstall avast to re-enable defender to check it out.

But when you said "What ever was used to compromised your computer has been removed.
Nothing we can do to find out what/how it was done.", do you mean you actually believe the PC was infected? But there never was any proof of malware, the farbar logs were clean you said and i didnt find anything from any virus scans.

 

It would be weird that pc was infected immediately after connecting to internet after quick setuping router, because i didnt do anything else with pc than updating windows when i got the message of failed signature updates.


Edited by Cire86, 06 April 2017 - 08:08 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 PM

Posted 06 April 2017 - 09:21 AM

Sophos and Avast are not reporting any malware.

If you do not believe their report there is nothing else I can suggest.

#13 Cire86

Cire86
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 06 April 2017 - 09:22 AM

I believe their reports, but you said that there was some malware but its now gone, so i wasnt sure if you though there was malware in pc which was removed. Or what you mean? How it could be even removed if i didnt find anything to begin with?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users