Defender is useless.

Discussion in 'Operating Systems' started by Reddoguk, Nov 30, 2019.

  1. Reddoguk

    Reddoguk Ancient Guru

    Messages:
    1,766
    Likes Received:
    142
    GPU:
    Guru3d GTX 980 G1
    This is a brand new PC, all of it. I've only just installed Win 10 pro and all of the drivers.

    There is only game launchers, Firefox and 4 benchmark utilities - Aida64, CpuZ, GpuZ and HWinfo installed.

    Yesterday i noticed my PC was different somehow and then my Google settings in Firefox had been changed to some Bing address. Now guys check this BS out>
    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    WcInstaller.log

    Detecting windows culture
    29/11/2019 22:03:44 :-> Starting installer 4.9.2159.4024 with: .\WebCompanionInstaller.exe --partner=BT170603 --version=4.9.2159.4024 --prod --silent --homepage=1 --search=1 --partner=BT170603, Run as admin: True
    Preparing for installing Web Companion
    29/11/2019 22:03:45 :-> Generating Machine and Install Id ...
    29/11/2019 22:03:45 :-> Machine Id and Install Id has been generated
    29/11/2019 22:03:45 :-> Checking prerequisites ...
    29/11/2019 22:03:46 :-> Antivirus not detected
    29/11/2019 22:03:46 :-> vm_check False
    29/11/2019 22:03:46 :-> reg_check :False
    29/11/2019 22:03:46 :-> Installed .Net framework is V40
    29/11/2019 22:03:46 :-> Prerequisites test has been successfully passed
    29/11/2019 22:03:47 :-> Downloading the latest stable version 4.9.2159.4024...
    29/11/2019 22:03:49 :-> The latest stable version of Web Companion has been downloaded: 4.9.2159.4024
    29/11/2019 22:03:49 :-> Extracting C:\Users\Darren\AppData\Local\Temp\WebCompanion.zip ...
    29/11/2019 22:03:50 :-> Extracting WebCompanion.zip has been successful
    29/11/2019 22:03:50 :-> Installing IE Search Set service ...
    [SC] CreateService SUCCESS

    [SC] ChangeServiceConfig2 SUCCESS

    [SC] ChangeServiceConfig2 SUCCESS

    29/11/2019 22:03:50 :-> IE Search Set service has been successfuly installed
    29/11/2019 22:03:51 :-> Creating Uninstallation information ...
    29/11/2019 22:03:51 :-> UnInstallation information has been created
    29/11/2019 22:03:51 :-> Preparing partner data ...
    29/11/2019 22:03:51 :-> Partner information data has been created
    29/11/2019 22:03:51 :-> Preparing install information ...
    29/11/2019 22:03:51 :-> Install parameters file has been created
    29/11/2019 22:03:51 :-> Identifying installation platform ...
    29/11/2019 22:03:51 :-> UpdateServer.txt has been created for platform = prod
    29/11/2019 22:03:52 :-> Preparing language info ...
    29/11/2019 22:03:52 :-> Language.txt has been created for language = en
    29/11/2019 22:03:52 :-> Setting trusted site
    29/11/2019 22:03:52 :-> Set Trusted sites
    29/11/2019 22:03:52 :-> Changing 'Installed' mark ...
    29/11/2019 22:03:52 :-> 'Installed' mark was set.
    29/11/2019 22:03:52 :-> Saving revert settings information..
    29/11/2019 22:03:53 :-> Saved revert settings information..
    29/11/2019 22:03:53 :-> Applying Selected Configuration ...
    Value of ConfigConstant IsPreProd is False

    29/11/2019 22:04:23 :-> Shell command has been successfuly executed (ExecuteCommandStep)
    29/11/2019 22:04:23 :-> Executing command C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --silent --afterinstall ...
    29/11/2019 22:04:24 :-> Shell command has been successfuly executed (ExecuteCommandStep)
    29/11/2019 22:04:24 :-> Reporting installation result ...
    29/11/2019 22:04:24 :-> Reporting installation result has been completed
    Detecting windows culture
    29/11/2019 22:20:31 :-> Starting installer 4.9.2159.4024 with: C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe --uninstall, Run as admin: True
    Preparing for removing Web Companion
    29/11/2019 22:20:41 :-> Generating Machine and Install Id ...
    29/11/2019 22:20:41 :-> Machine Id and Install Id has been generated
    29/11/2019 22:20:41 :-> Stopping process WebCompanion
    29/11/2019 22:20:41 :-> Process WebCompanion has been stopped
    29/11/2019 22:20:41 :-> Stopping process BrowserDock
    29/11/2019 22:20:41 :-> Process BrowserDock has been stopped
    29/11/2019 22:20:41 :-> Saving uninstall information ...
    29/11/2019 22:20:41 :-> Uninstall information file has been created
    29/11/2019 22:20:42 :-> Removing service WCAssistantService ...

    SERVICE_NAME: WCAssistantService
    TYPE : 10 WIN32_OWN_PROCESS
    STATE : 3 STOP_PENDING
    (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    [SC] DeleteService SUCCESS

    29/11/2019 22:20:42 :-> Service WCAssistantService has been removed
    29/11/2019 22:20:42 :-> Removing service LavasoftTcpService ...
    29/11/2019 22:20:42 :-> Service LavasoftTcpService has been removed
    29/11/2019 22:20:43 :-> Removing Lavasoft LSP module ...
    29/11/2019 22:20:43 :-> Lavasoft LSP module was removed
    29/11/2019 22:20:43 :-> Removing uninstall information ...
    29/11/2019 22:20:43 :-> UnInstallation information has been removed
    29/11/2019 22:20:43 :-> Removing folder C:\Users\Darren\AppData\Local/Lavasoft/ ...
    29/11/2019 22:20:43 :-> The following folder has been removed - Lavasoft
    29/11/2019 22:20:43 :-> Removing folder C:\Users\Darren\AppData\Local/Lavasoft/ ...
    29/11/2019 22:20:43 :-> The following folder has been removed - Lavasoft
    29/11/2019 22:20:44 :-> Removing folder C:\ProgramData/Lavasoft/Web Companion ...
    29/11/2019 22:20:44 :-> The following folder has been removed - C:\ProgramData/Lavasoft/Web Companion
    29/11/2019 22:20:44 :-> Removing folder C:\Users\Darren\AppData\Roaming/Lavasoft/Web Companion ...
    29/11/2019 22:20:44 :-> The following folder has been removed - C:\Users\Darren\AppData\Roaming/Lavasoft/Web Companion
    29/11/2019 22:20:44 :-> Removing Start Menu shortcut ...
    29/11/2019 22:20:44 :-> Start Menu shortcut has been removed
    29/11/2019 22:20:44 :-> Cleaning empty folders
    29/11/2019 22:20:44 :-> Folder cleanup done
    29/11/2019 22:20:44 :-> Changing 'Installed' mark ...
    29/11/2019 22:20:44 :-> 'Installed' mark was removed.
    29/11/2019 22:20:45 :-> Reporting UnInstallation result ...
    29/11/2019 22:20:45 :-> Reporting UnInstallation result has been completed
    29/11/2019 22:20:45 :-> Marking the following files for removal from Temp folder:
    29/11/2019 22:20:45 :-> The few files has been marked for removal from Temp folder
    29/11/2019 22:20:45 :-> Marking the following folder for removal: C:\Program Files (x86)\Lavasoft
    29/11/2019 22:20:46 :-> The following folder has been marked for removal: C:\Program Files (x86)\Lavasoft

    This thing left my new builds Reg a mess. Lucky i had MBAM installed for scanning and removing because defender scan didn't even pick it up after i knew there was a virus there. MBAM found only one virus and removed it but then i installed Kaspersky AV and that found a second one. :( UAC was @Default too.
     
    Last edited: Nov 30, 2019
  2. anticupidon

    anticupidon Ancient Guru

    Messages:
    4,166
    Likes Received:
    873
    GPU:
    Vega/Navi
    You created a new, normal user after installing windows, or ran things as an admin from the get to?
    Asking for a friend.
     
    386SX likes this.
  3. Reddoguk

    Reddoguk Ancient Guru

    Messages:
    1,766
    Likes Received:
    142
    GPU:
    Guru3d GTX 980 G1
    Ran it as admin from the start.

    This is what MBAM found>>
    Registry Data: 1
    PUP.Optional.Conduit, HKU\S-1-5-21-3086064117-1455417639-3261052973-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, 201, 293058, 1.0.15560, , ame

    Kaspersky found another one after this was removed which seemed even more serious, unfortunately i deleted the reports log.
     
    Last edited: Nov 30, 2019
  4. Astyanax

    Astyanax Ancient Guru

    Messages:
    3,892
    Likes Received:
    1,093
    GPU:
    GTX 1080ti
    Thats a PUP, but its not malware

    you clearly blind clicked through an installer somewhere and got it side loaded, blaming the antimalware for user foolishness... smh.
     
    alanm, Alessio1989, 386SX and 3 others like this.

  5. anticupidon

    anticupidon Ancient Guru

    Messages:
    4,166
    Likes Received:
    873
    GPU:
    Vega/Navi
    Blimey, this is every malware spreading element knows and successfully attack.
    That elevated admin level should never be left as default after the installation, just create a normal user and some things will stop while triggering UAC.
    I ALWAYS create a normal user and install EMET after installing windows. Almost never had problems with malware or alike.
     
    Last edited: Nov 30, 2019
  6. Reddoguk

    Reddoguk Ancient Guru

    Messages:
    1,766
    Likes Received:
    142
    GPU:
    Guru3d GTX 980 G1
    Tell me which of the programs i have installed side loaded this and not just a pup but a proper virus too according to Kaspersky AV.

    I haven't even installed anything with side loaded programs so how can that be? It's a fresh install with nothing dodgy on there.

    so it's got to be one of these.

    Steam
    Epic
    Uplay
    Origin
    Gog
    Bnet
    VLC
    GpuZ
    CpuZ
    Aida64
    Hwinfo
    Mbam
    .net
    DX
    Winamp 5.8
    Ccleaner
    Flash player
    Winrar
    Firefox + ABP

    plus all the microsoft visual C++ stuff and AMD chipset/Network drivers.

    Plus i thought everyone here ran their PC as Admin.
    Plus @ 29/11/2019 22:03:44 when this starts i was watching a movie through VLC.
     
    Last edited: Nov 30, 2019
  7. Astyanax

    Astyanax Ancient Guru

    Messages:
    3,892
    Likes Received:
    1,093
    GPU:
    GTX 1080ti
    lavasoft used to be one of the better adware scanners back in the day, these days it pisses most people off so it gets a PUP definition in just about every security software package.

    as for how it got installed, one of the free app's you installed probably has a randomized advert in the installer that offers to install it, its easy to get caught out by this.

    This is why i never bother with the installers for gpu-z, cpu-z, hwinfo, etc.

    you can rule out

    Steam
    Epic
    Uplay
    Origin
    Gog
    Bnet
    MBAM
    DX
    .net
    Flash player

    VLC has been subject to misleading download adverts
     
  8. anticupidon

    anticupidon Ancient Guru

    Messages:
    4,166
    Likes Received:
    873
    GPU:
    Vega/Navi
    Not the paranoid, security concerned users.
    You do whatever you need to do as admin, log out, log in as normal user.
    Here I thought everyone does that.
    More, even as a normal user you can easily outwitted. EMET is the simplest second layer of security after UAC.
    Click next next yes, I agree is the biggest hole to be patched yet and we are so accostumed to it, it looks like a real hassle to take decisions and verify whatever you agree on.
    Just blame human nature, software developers and Microsoft.
    But now I am largely out of the Microsoft ecosystem and all the things I do are as normal, underprivileged user. Root is allowed only, and only when necessary.
    And even so, there are steps required to elevate to it and run software. Yes, a real PITA but no malware and no issues whatsoever.
    But this is another topic.
     
    386SX likes this.
  9. Reddoguk

    Reddoguk Ancient Guru

    Messages:
    1,766
    Likes Received:
    142
    GPU:
    Guru3d GTX 980 G1
    Yes i remember using Lavasofts anti adware program like 10 years ago and it was one of the best back then.

    What sucks here for me was i decided that this time to stick with Windows Defender on my new Win10 Pro because people speak highly about it these days but come on it can't even detect adware/viruses when you need it most. So i had to go back to Kaspersky AV because i'm familiar with it and i could of used the free year of Norton from my mobo purchase but no thanks.
     
  10. Chastity

    Chastity Ancient Guru

    Messages:
    2,025
    Likes Received:
    506
    GPU:
    Nitro 390/GTX1070M
    EMET also got retired by MS in 2018, and replaced with Windows Defender Exploit Protection in Win10.
     

  11. anticupidon

    anticupidon Ancient Guru

    Messages:
    4,166
    Likes Received:
    873
    GPU:
    Vega/Navi
    Yes, true.
    I was speaking about the last time when I used Windows 7/8.1.
     
  12. mbk1969

    mbk1969 Ancient Guru

    Messages:
    8,190
    Likes Received:
    4,982
    GPU:
    GeForce GTX 1070
    Just avoid free porn sites, and all is good.
     
    HK-1 likes this.
  13. Reddoguk

    Reddoguk Ancient Guru

    Messages:
    1,766
    Likes Received:
    142
    GPU:
    Guru3d GTX 980 G1
    "Just avoid free porn sites, and all is good".

    So paid ones are fine? I stopped watching porn about 5 years ago, nearly 50 now and i think i've watched them all ^^
     
  14. tsunami231

    tsunami231 Ancient Guru

    Messages:
    9,749
    Likes Received:
    379
    GPU:
    EVGA 1070Ti Black
    Running as admin still like always then again “admin” now is not what admin was years ago. I just leave uac on have not had malware or virus for long long time, then again also stop watching porn on windows system:oops:

    i also very anal bout installers I actually read threw there eula to see if it has hidden installs and make sure there is no third party software installed or checked to be installed i use portable installs if they have them for that reason, still using avast too
     
  15. mbk1969

    mbk1969 Ancient Guru

    Messages:
    8,190
    Likes Received:
    4,982
    GPU:
    GeForce GTX 1070
    Of course. They care for the reputation. And (usually) they are maintained by professionals.
     
    Caesar and The1 like this.

  16. Reddoguk

    Reddoguk Ancient Guru

    Messages:
    1,766
    Likes Received:
    142
    GPU:
    Guru3d GTX 980 G1
  17. anticupidon

    anticupidon Ancient Guru

    Messages:
    4,166
    Likes Received:
    873
    GPU:
    Vega/Navi
    Security is annoying?
    When I worked in a government branch office, I was the one without "friends"
    Reason: security.
    Although the IT infrastructure was remotely enforced with heavy encryption, custom own VPN solutions and group policies there was an element which I had the "pleasure" to keep an eye on.
    Users. Human nature, annoyed by all those rules.
    The stories I could tell.
     
    Last edited: Nov 30, 2019
  18. toyo

    toyo Member Guru

    Messages:
    113
    Likes Received:
    34
    GPU:
    Gigabyte 1070Ti 8G
    Likely CCleaner had it offered during its setup and you missed that step. Lavasoft is a legitimate company and used to be very popular 10 years or so ago.
    By the way, I have used Kaspersky until 2016 or so for about 10 year, since the immemorial times when the firewall was a separate app, and Defender for about 3 years before returning to Kaspersky mostly out of boredom, curiosity and because I had a license. All this time I have not managed to get infected once, the only times I infected my PCs was when I was fooling around with trojans to see how they work ages ago when they were popular.
     
  19. tsunami231

    tsunami231 Ancient Guru

    Messages:
    9,749
    Likes Received:
    379
    GPU:
    EVGA 1070Ti Black

    I dont install anything out side games and same program/utilities I been installing for years and most that stuff I has copies stored on my back up drive so i know there clean. I am also always randomly checking task manager and "installed" programs page to make sure there nothing there that shouldnt be. hell at this point when I manually install nvidia drivers i have text file, that notes the date, options and version that was installed. cause I seen windows "silently" install new drivers and by passing WU so it was never listed in history of WU.

    Win 10 was suppose to be less baby sitting the all other verison but I find you need to pay attention alot more with win 10. At one point I was just viewing random websites and random downloads of programs to test threw a VM but even that got old. cause when stuff hit that, I should been able to just delete the VM and be fine but some that stuff some how winded infect the browser on my actual pc too. probably didnt have the networking portion of it set up correct.

    PC is strictly for 10-15 websites I regularly visit with ublock origin in firefox + steam,gog, etc and them handful programs I been using for years in portable form that I know are clean. now when my porn "interest" was done on my PC yah I had problems virus and malware other things, but I long since removed that habit from any thing that run windows my old ipad is for that stuff now :rolleyes: and i cant even be bother to view that stuff on ipad anymore.

    Malware that hijack the browser is usual dead give away, and something I see lot of on my fathers friends pc's and his, cause they all just click thing with out thinking.

    I still have to fix my dad's friend pc that got hit by something, which i pretty sure I have to clean install to fix. less it some screw up with MS updates, I dread looking at that pc.

    and even with how I am I sure it can still happen, I have defender only used on my uncles old system using window 10 cause all the other programs hit system way to hard and that pc is old athon 64 x2 and it been find. he dont install thing on it other then OLD OLD PC games and his random social web site he visits
     
    Last edited: Dec 1, 2019
  20. user1

    user1 Maha Guru

    Messages:
    1,441
    Likes Received:
    472
    GPU:
    hd 6870
    Ccleaner's installer is contaminated with thirdparty stuff nowadays, thats where I assume it would have been packaged with.
     
    The1, HARDRESET and Astyanax like this.

Share This Page