Windows 8 and 8.1 Forums


Why did defender miss this.

  1. #1


    Posts : 113
    Win 8 Pro - 64Bit

    Why did defender miss this.


    Having had Win 8 installed for a few weeks, suddenly last week Defender started warning me every 5 minutes that it had quarantined a virus called Trojan:JS/Medfos.B.

    I did a search and found lots of posts about the same thing, the microsoft one being here
    So microsoft know about the problem and suggest having one of their solutions, inc Defender, will resolve it.

    Well that's not totally true - Defender does remove the files which are created by the virus from the AppsData/Local directories - but they are re-instated every five minutes - to be deleted by Defender again.

    What MS do not say is how to get rid of the actual virus, Defender does not find it on a scan, and Defender did not stop it getting on board in the first place.

    I tried various solutions from the internet for getting rid of the offending program, but none worked so I reverted to a backup I created when I first installed Win 8 , and after a week everything still seems OK.

    I have no idea where the original virus came from, or where it was stored - and it does leave me wondering about the overall effectiveness of Defender as an AV solution.

    If anyone has any thoughts I'd love to hear them.

      My System SpecsSystem Spec

  2. #2


    San Jose - California
    Posts : 2,847
    8.1x64PWMC Ubuntu14.04x64 MintMate17x64


    I went to the site you indicated above and it says clearly that if you use google chrome, the virus was installed as an extension that will create the malicious java script, Windows Defender detected that script and removed it, the next time you run google chrome, the extension will re-create the script again. In order to get rid of it, you will need to remove that extension.

    The same is true if you use Firefox, the virus is installed as an add-on then you will have to uninstall the add-on.
      My System SpecsSystem Spec

  3. #3


    Posts : 113
    Win 8 Pro - 64Bit


    I saw that, but I do not have google chrome, and in Firefox I had not installed any extensions since I installed FF at the same time as Win8, and no FF plugins had had updates either.
    So for a few weeks everything was OK, no changes in the FF/Plugin dept, no google chrome, but suddenly the virus appeared.

    Also, I ran various scripts, AV programmes and pc searches for 'chromeupdate.crx' and it was not found anywhere on the PC, so I assume it was some other file which brought it in, and never did find it.

    But my question remains, MS suspect the file which causes the problem is 'chromeupdate.crx', so has anyone had this blocked by Defender ??
      My System SpecsSystem Spec

  4. #4


    Redmond
    Posts : 651
    Windows 8.1 x64


    Like a lot of malware, the only way to truly defeat it is to not be running Windows when trying to clean it. Microsoft provides a free way to do this via the Windows Defender Offline utility, but there are others if you want to try different engines.
      My System SpecsSystem Spec

  5. #5


    San Jose - California
    Posts : 2,847
    8.1x64PWMC Ubuntu14.04x64 MintMate17x64


    Look in: Control Panel->Programs and Features , go thru the list to see if anything unfamiliar installed there.
    Also, set your Folders option to show Hidden Files and check if there's any Autorun.inf installed in the root folder of your Disk Drives.
      My System SpecsSystem Spec

  6. #6


    Posts : 113
    Win 8 Pro - 64Bit


    Quote Originally Posted by cluberti View Post
    Like a lot of malware, the only way to truly defeat it is to not be running Windows when trying to clean it. Microsoft provides a free way to do this via the Windows Defender Offline utility, but there are others if you want to try different engines.
    Cluberti
    Thanks for the link - will be a useful tool to have available.

    Quote Originally Posted by topgundcp View Post
    Look in: Control Panel->Programs and Features , go thru the list to see if anything unfamiliar installed there.
    Also, set your Folders option to show Hidden Files and check if there's any Autorun.inf installed in the root folder of your Disk Drives.
    topguncpd:
    Thanks for the input, but as I have already scrapped the problem system and gone back to a backup version these areas are all clean now.
    However I did check before wiping the original Win8 and none of those progs/files you suggest were present. I checked a host of recommended locations on disc and in registry that were suggested online and found nothing that was suggested - hence the system wipe and re-install.
      My System SpecsSystem Spec

  7. #7


    Posts : 73
    windows 7 home premium 64bit


    Unfortunately NO AV will detect all malware. Malware authors often target popular AV products. Be careful out there!
      My System SpecsSystem Spec

Why did defender miss this.
Related Threads
As I am not using the 10 preview as my main OS and so far seems to be quite stable, knock on wood, I'm a guessing that my time spent here will lesson considerably. Well, it's been a slice, thanks. See ya "over there...":party:
Hi all! I just wanted to know if the local account option was removed for the upgrade or did I just not see it. I read the options, backed up once to recheck, but it insisted I sign in to complete the install - after which my account was no longer local! Is this some sort of trickery? Did...
So I have 2 hidden wireless networks at my work with windows 7 I would have a list of my hidden SSID networks and could easily switch back and forth why did this change with windows 8? I have to use "Hidden Network" and manually input the information from the wireless icon - dumb! ...
Read more at source: Don't miss the best meteor shower of the year | Crave - CNET
System crash No BSOD or I miss it... in BSOD Crashes and Debugging
Hi folks, I hope you can help me solve this crash issue I am seeing on my laptop. I did a clean install of Windows 8 Pro (TechNet download) on my Dell E6510 and everything seemed to be going smoothly. I recently noticed the PC stuck on a boot screen notice stating and I have to power off the...
I do not miss the Win 7 Start Menu at all. I spend 99 % of my time on the Desktop, but don't miss it. First when I was in Win 7 I created a folder I called Shortcuts that I placed shortcuts to all apps I used all the time. I then created a Toolbar on the Taskbar that pointed to that folder. You can...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook