Why did defender miss this.

pewe

Member
Member
Messages
113
Having had Win 8 installed for a few weeks, suddenly last week Defender started warning me every 5 minutes that it had quarantined a virus called Trojan:JS/Medfos.B.

I did a search and found lots of posts about the same thing, the microsoft one being here
So microsoft know about the problem and suggest having one of their solutions, inc Defender, will resolve it.

Well that's not totally true - Defender does remove the files which are created by the virus from the AppsData/Local directories - but they are re-instated every five minutes - to be deleted by Defender again.

What MS do not say is how to get rid of the actual virus, Defender does not find it on a scan, and Defender did not stop it getting on board in the first place.

I tried various solutions from the internet for getting rid of the offending program, but none worked so I reverted to a backup I created when I first installed Win 8 , and after a week everything still seems OK.

I have no idea where the original virus came from, or where it was stored - and it does leave me wondering about the overall effectiveness of Defender as an AV solution.

If anyone has any thoughts I'd love to hear them.
 

My Computer

System One

  • OS
    Win 8 Pro - 64Bit
    System Manufacturer/Model
    Acer 8930
    Memory
    6GB
    Hard Drives
    WD 300GB, WD 500GB
I went to the site you indicated above and it says clearly that if you use google chrome, the virus was installed as an extension that will create the malicious java script, Windows Defender detected that script and removed it, the next time you run google chrome, the extension will re-create the script again. In order to get rid of it, you will need to remove that extension.

The same is true if you use Firefox, the virus is installed as an add-on then you will have to uninstall the add-on.
 

My Computer

System One

  • OS
    8.1x64PWMC Ubuntu14.04x64 MintMate17x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Brewed
    CPU
    I7 4970K OC'ed @4.7 GHz
    Motherboard
    MSI-Z97
    Memory
    16 GB G-Skill Trident X @2400MHZ
    Graphics Card(s)
    NVIDIA GeForce GTS 450
    Sound Card
    X-Fi Titanium Fatal1ty Professional Series
    Monitor(s) Displays
    Dual HP-W2408
    Screen Resolution
    1920X1200
    Hard Drives
    256 GB M2 sm951, (2) 500GB 850EVO, 5TB, 2 TB Seagate
    PSU
    Antec 850W
    Case
    Antec 1200
    Cooling
    Danger Den H20
    Keyboard
    Logitech
    Mouse
    Logitech Performance Mouse MX
    Internet Speed
    35/12mbps
    Browser
    Firefox
I saw that, but I do not have google chrome, and in Firefox I had not installed any extensions since I installed FF at the same time as Win8, and no FF plugins had had updates either.
So for a few weeks everything was OK, no changes in the FF/Plugin dept, no google chrome, but suddenly the virus appeared.

Also, I ran various scripts, AV programmes and pc searches for 'chromeupdate.crx' and it was not found anywhere on the PC, so I assume it was some other file which brought it in, and never did find it.

But my question remains, MS suspect the file which causes the problem is 'chromeupdate.crx', so has anyone had this blocked by Defender ??
 

My Computer

System One

  • OS
    Win 8 Pro - 64Bit
    System Manufacturer/Model
    Acer 8930
    Memory
    6GB
    Hard Drives
    WD 300GB, WD 500GB
Like a lot of malware, the only way to truly defeat it is to not be running Windows when trying to clean it. Microsoft provides a free way to do this via the Windows Defender Offline utility, but there are others if you want to try different engines.
 

My Computer

System One

  • OS
    Windows 8.1 x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    Intel Core i7 4790K @ 4.5GHz
    Motherboard
    Asus Maximus Hero VII
    Memory
    32GB DDR3
    Graphics Card(s)
    Nvidia GeForce GTX970
    Sound Card
    Realtek HD Audio
    Hard Drives
    1x Samsung 250GB SSD
    4x WD RE 2TB (RAIDZ)
    PSU
    Corsair AX760i
    Case
    Fractal Design Define R4
    Cooling
    Noctua NH-D15
Look in: Control Panel->Programs and Features , go thru the list to see if anything unfamiliar installed there.
Also, set your Folders option to show Hidden Files and check if there's any Autorun.inf installed in the root folder of your Disk Drives.
 

My Computer

System One

  • OS
    8.1x64PWMC Ubuntu14.04x64 MintMate17x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Brewed
    CPU
    I7 4970K OC'ed @4.7 GHz
    Motherboard
    MSI-Z97
    Memory
    16 GB G-Skill Trident X @2400MHZ
    Graphics Card(s)
    NVIDIA GeForce GTS 450
    Sound Card
    X-Fi Titanium Fatal1ty Professional Series
    Monitor(s) Displays
    Dual HP-W2408
    Screen Resolution
    1920X1200
    Hard Drives
    256 GB M2 sm951, (2) 500GB 850EVO, 5TB, 2 TB Seagate
    PSU
    Antec 850W
    Case
    Antec 1200
    Cooling
    Danger Den H20
    Keyboard
    Logitech
    Mouse
    Logitech Performance Mouse MX
    Internet Speed
    35/12mbps
    Browser
    Firefox
Like a lot of malware, the only way to truly defeat it is to not be running Windows when trying to clean it. Microsoft provides a free way to do this via the Windows Defender Offline utility, but there are others if you want to try different engines.

Cluberti
Thanks for the link - will be a useful tool to have available.

Look in: Control Panel->Programs and Features , go thru the list to see if anything unfamiliar installed there.
Also, set your Folders option to show Hidden Files and check if there's any Autorun.inf installed in the root folder of your Disk Drives.

topguncpd:
Thanks for the input, but as I have already scrapped the problem system and gone back to a backup version these areas are all clean now.
However I did check before wiping the original Win8 and none of those progs/files you suggest were present. I checked a host of recommended locations on disc and in registry that were suggested online and found nothing that was suggested - hence the system wipe and re-install.
 

My Computer

System One

  • OS
    Win 8 Pro - 64Bit
    System Manufacturer/Model
    Acer 8930
    Memory
    6GB
    Hard Drives
    WD 300GB, WD 500GB
Unfortunately NO AV will detect all malware. Malware authors often target popular AV products. Be careful out there!
 

My Computer

System One

  • OS
    windows 7 home premium 64bit
Back
Top