Disable Defender and Exclude Stuff

*Actually, this has become part of my "essential setup" for Windows.

*Also I use a folder called "Excluded" instead of "Sordum" and I place other things in there that Windows hates like WirelessKeyView from Nirsoft. Life is good.

Also comes in handy if you take a peak at Medicat :)

There are times in our digital life when we need to reject Microsoft controlling what we are doing. Running and enabling things disapproved of by Windows Defender was always irritating . . . but now it's painful. Toggling protection off in the interface no longer completely disables Defender.

With Windows Pro, Group Policy is the easiest and Winaero has a toggle. Just search "disable defender".

With Windows Home, Sordum has Defender Control v2.1. You still have to negotiate "allow" a few times when first starting it up but nothing ridiculous. Simple one click on/off to disable. It may be possible to use PolicyPlus but it runs independently and portable so the Winaero switch probably won't work. It may work manually but why bother when Sordum stuff works so easily.

Make a folder called "Excluded" and exclude it from Defender access. Dump the Sordum files there and extract them. (I've added a few things here so it's somewhat fragmented)

Now that we have our pesky program installed we may need to exclude a few files and folders from Defender monitoring before we turn Defender back on. And we do want to turn it back on. Sordum to the rescue again with Defender Exclusion Tool. Just drag and drop the files and folder into the GUI. It does standard exclusion but in quick and easy interface. Actually standard exclusion in the Windows Security module is easy also.

I just put the Sordum files on a PC and Defender was driving me crazy . . . so . . .

1. Make a folder where the Sordum files will live.

2. Go to manage virus & security settings and add that folder to exclusions or use Sordum Exclusions to exclude the folder. 

3. Extract the files. Defender Control is .rar and 7zip will extract. Password is "sordum"

4. Before you start Defender Control the first time be sure to exclude the .exe file.

This is a good procedure for the few programs that Windows hates but you know are harmless.

Downloads

Exclude (also in Symenu)

Control (It's a rar file so in 7zip first try you may have to "allow" then unzip again.) Password "sordum".

Handy link for Exclude folder https://mega.nz/file/svBFQaiD#RSkjy5cN3bHewTXp-5zM_vcR_fUkged1Eq4ua7rH_Zw

UVK Virus Remover & CleanUp

 Go Here https://www.carifred.com/uvk/

Tons of things you can do but it is also a good portal to get some scanner programs.

For example you can quickly grab, install and run MalwareBytes

Tron Virus Removal Script

Download the script from here.
Look for the post on recent version and open it.
Example:

View how to use it here.

I have never used this but plan to try if and when I ever have virus trouble.

Kaspersky Rescue Disk "Data Base Corrupted" Fix

This is the solution: https://www.youtube.com/watch?v=Zhc65_7dfgY

Some things I ran into:
1. Finding the Kaspersky directory took some hunting.
2. Deleting brought "Trash is full"
    A. Make a folder and move everything there.
    B. Better yet just go to settings on the file manager and add the delete button.

It worked great.

Avast (Giving It A Try)

I am a big fan of Microsoft Security Essentials even though it ranks on the bottom of such programs. I don't get viruses and Essentials does not bug me. I finally gave in and decided to give Avast another try. If it is intrusive, I will go back to Essentials.

 Essentials remained installed so I uninstalled it. Defender in Win10 is reported to turn off when Avast is installed.

You may wish to turn off sounds.

Ultimate Virus Killer Looks Good

Ultimate Virus Killer looks good and very versatile. Portable and uses third party scanners.

Additional list: (some can be accessed through UVK)
Kaspersky Rescue CD
Panda Cloud Cleaner Rescue, 
Malwarebytes to clean up any malware thats left behind, 
TDSSKiller for removing rootkit, if there is any on the system, 
ADWcleaner to remove the nasty toolbars, adware and junkware from the system. 
Roguekiller
Microsoft Malicious Software Removal Tool

Build Mother of Anti-virus USB

I am revising this:
Yumi is simple to add and remove entries to the USB. It also has link for many of the sources.
MobaLiveCD is good for boot testing. Run as admin. and allow to create virtual drive.
Image: I have not found a good way to image a USB drive. For example, if you image a 2GB USB and copy to 8GB only 2GB is usable.
MultibootUSB also works great to test bootability.

Kaspersky Rescue Disk is a must have.
Ultra Virus Killer is also a must

If you are having trouble zeroing out a USB previously crated try ImageUSB. This can also make a single boot USB of ISO or imb files.

Flamer, Flame or Flamy

UPDATED: Cyber Espionage Reaches New Levels with Flamer | BitDefender Labs

Download the 32 bit or 64 bit  and find out if you’re infected with  Flamer, the world’s most discrete and dangerous piece of malware ever. If you are already protected by a Bitdefender security solution, you do not need to run the removal tool.

Antivirus Remover or "This crap is worse than a virus"

Sept 2019 List of Antivirus Removal by Provider

AppRemover Helps You Thoroughly Uninstall Antivirus And Internet Security Software

There are over fifty anti-virus, anti-spyware, anti-malware, and other security related software available to secure your PC and data. Most of us use at least one antivirus or Internet security suite to protect against viruses, trojans, malware, and other threats.

When I saw this a few days ago I wondered if I would ever use it. Then I set up a new Dell Vostro for the office that had TrendMicro insisting that I install it. I wouldn't use TrendMicro if you paid me so I tried getting rid of it. Even though it had not yet "installed" the Dell setup had zillions of TrendMicro entries in the registry. I finally gave up and remembered reading about AppRemover. It worked like magic. Great time saver.
Now I can use Microsoft Security Essentials and be happy.

Happy too soon. I still had to hunt down some TrenMicro and Roxio stuff left over. Search and delete with regedit and searching with Everything.exe fially did it. The roxwatchtray.exe is still hiding and starting.

*** The trick with roxwatchtray (after deleting all references I could find) was using Ccleaner to clean the registry. Ccleaner's reg cleaner is fairly harmless and won't take anything out that is not obvious.

Dell's local backup needed to be done manually and had a bunch of reg entries. Look for folders in the reg that can be taken out while doing a search.

The next time I use an off the shelf machine, I am formatting and clean installing. It would take much less time.

Microsoft Defender "this program is turned off" message

When Microsoft Security Essentials is installed, it turns off Defender because Essentials replaces Defender. Sometimes the Defender startup entry either does not get turned off or becomes re-enabled somewhere down the line. Simply run msconfig, go to the startup tab and uncheck the Defender entry. Sometimes you still get a warning that Defender is not running. This can be sticky.

If entry not in startup but you still get the warning these have worked for me:

Method 1:
1. Launch regedit (Win+R, type "regedit", hit return)
2. Locate the Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
3. Delete Value "Windows Defender"

Method 2:
Here is the thread where I found this answer.
Rename the program exe

using an elevated command prompt:
takeown /f "C:\Program Files\Windows Defender" /r /d y
icacls "C:\Program Files\Windows Defender" /grant Administrators:F /t
Yes, use the quotes or path will not be recognized.

Or use your user name instead of Administrators or  try Administrator without the s.
Now rename the file
Before (Original name):
C:\Program Files\Windows Defender\MSASCui.exe
After:
C:\Program Files\Windows Defender\aMSASCui.exe

As usual, Microsoft recommends reinstalling or restoring Windows.
The lame brains who think this is not an issue have not installed enough systems. I don't know why it happens but if you need to change the names of users or machine after initial setup may be one instance. Why is a mystery. It is one of those "Oh Crap" moments.

Forget services or gpedit, they have never worked for me on this issue.
No, uninstalling Essentials and reinstalling did not fix it.
No, turning of Defender from within Defender did not fix it.

Virus Scanning Without Installing

Get ready to spreken ze Deutsch but this is an option if you are caught without a virus scanner. Stand alone functionality. On line options and/or download.
Microsoft's removal tool is already on your system, just type "mrt" in the search box.

You might want to start with (and I hate to say it) Norton

KillEmAll kill all unessential processes

Norton Power Eraser

Kaspersky Virus Removal

Kaspersky ISO Drop on Ventoy

HitmanPro
CrowdInspect
Type "mrt" in run command
Dr. Web
Ultra Virus Killer

AntiBotnet
Credit gHacks
Other possibilities
rkill.exe
OTL.exe
TDSS Killer
ComboFix
Remove Fake Scan Popup
Remember that removing a virus can destroy the OS ability to run so copy the important stuff off first and be ready to do a fresh format and install. Actually the data can likely be copied later but your choice. I would like a fresh system if my machine had been compromised.

Make A Bootable USB Kaspersky Rescue Disk 10

Make A Bootable USB Kaspersky Rescue Disk 10: "Many antivirus companies are offering free rescue disks to provide their customers with an option to disinfect a system from the “outside”. That’s especially helpful in scenarios where a virus has damaged the operating system critically, so that it won’t boot anymore on its own."

Comments: I tried this for someone's notebook recently and had to make some modifications. The instructions above would not make a working bootable USB for me. Grab the Kaspersky ISO from the above link. Then go to Pendrivelinux.com and grab Multiboot USB. It worked perfectly.

You can also later add ISO's to the USB boot menu (Ubuntu 10.10 for example). It can even download the ISO and install. You choose what to install from a menu. I mentioned Ubuntu and that may seem overkill for troubleshooting but it is a no brain linux for accessing ntfs drives. I have been busy loading stuff on the flash drive. It works. I can't update the distros using ISO's so what you have is what you stay with.

Multiboot USB is an interesting and useful tool. Actually I am tempted to change the title of this post to Multiboot USB.

PS: I am working on how to update Kaspersky definitions http://agnipulse.com/2009/12/kaspersky-rescue-disk-updater/ The update is working. I should just be able to rename and copy the updated "rescue.iso" to the USB drive and have updated definitions. At least all the elements for this procedure are here somewhere.

If you are wondering what else to do with your USB dirve, look at LifeHacker's 10 things article.

Set up a Win7 install? Here is the link. (I trying to figure out how to get both 32 and 64 on the same thumb drive.) But a single works fine.

What if your BIOS will not boot from USB? Try this. (How much can I add to this post?)

Free AVG Rescue CD May Be Worth Noting

Free AVG Rescue CD Helps gets Unbootable PCs Working
AVG have just released a free rescue CD that can be used to recover your computer when the system cannot be loaded normally, such as after an extensive or deep-rooted virus infection.

The AVG Rescue CD enables you to fully remove infections from an otherwise inoperable PC and render the system bootable again

This could also be handy for folks who this week were locked out of their PCs by a faulty update installed by BitDefender and Bullguard (which uses the same engine and signatures) which rendered many 64 bit machines useless.

The AVG Rescue CD aims to help people so affected to recover their system. Essentially, it is a portable version of AVG Anti-Virus embedded in a version of Linux so it doesn't need Windows to operate.

AVG Link http://www.avg.com/us-en/avg-rescue-cd#tba2

Remove Fake Anti Virus

I have not had a fake AntiVirus program install for ages and I don't have one now but this site is a good reference in case one hits.

Virus, Spyware & Malware Protection | Microsoft Security Essentials

I’m not sure how well this works. Yes, Microsoft and free in the same sentence is rare. Right now I am using Panda Cloud and like it. But yesterday I worked on a system behind web restrictions and Panda could not access the internet. Microsoft Security Essentials may have been a good alternative. Worth a try. You do need to pass validation.

And Microsoft Security Essentials needs "fixing" sometimes? Who knew? Here is a little program to do it.

I get tired of Avira/AVG etc. and all the updates and splash screens … blah, blah. That is why I went to Panda.

Virus, Spyware & Malware Protection | Microsoft Security Essentials

If your PC is totally in the toilet and a virus is suspected I would recommend a fresh OS install after backing up your data. You may try a rescue CD and get the old girl going. Here is a good list of CD downloads. 13 Antivirus Rescue CDs Software Compared in Search For the Best Rescue Disk

Here are a few other ideas.
DrWebCurit
Combofix
Trojan Remover
HiJack This
WinsockXPfix (If net broken after fooling around.) (Vista/Win7 is supposed to do this natively)
Kaspersky Portable
Stinger McAfee
AVG Rescue CD

Edit: MSE turns off (by default) Windows Defender. My problem is that on start up I receive a message that Windows Defender is turned off ... Dah! I find no fix for this yet. Defender is a sticky little bugger, how Norton like. I am tempted to run the fix file mentioned above. A work in progress.

Panda Cloud Antivirus, The first free cloud antivirus against viruses, spyware, rootkits and adware

Edit: Nix on Panda. It needs reinstall too often. I'm back to AVG if Microsoft Security Essentials can not be installed.

 

Panda Cloud Antivirus
The first free antivirus from the cloud

Panda Cloud Antivirus, The first free cloud antivirus against viruses, spyware, rootkits and adware

Comments:

I’m trying this out. Panda has never been high on my love list but the whole “cloud” thing is cool. The jury is out on how well this works. I had to uninstall Avira before Panda would install but this is standard for antivirus installs. You must set up a free Panda account before it will work (don't forget the email verification).

While Panda is scanning it takes considerable memory.

Here is memory consumption at idle. Not bad.

Here is a review showing Panda less than stellar but acceptable.