J
Johanp_
Hi.
Today I noticed that I hadn't got a Windows Update in a while. Sure enough, I discovered that the service was broken and could not be started manually. The reason for this, after a bit of digging, was that a good chunk of the registry entries for the Windows Update service were missing. I had a friend export their Windows Update related registry keys and I got the system working again. Following this I installed about 5 updates in total, one of which was a big cumulative one, and after that I installed 1909.
Now I wouldn't put it past this lovely operating system to entirely bork itself as it has done so for me and many others in the past. However a friend suggested that I run a virus scan and I figured it couldn't hurt, confidently exclaiming that I hadn't had a virus for about 10 years or so.
Turns out the Windows Security Virus & threat protection was also broken. Very broken, in fact. I installed malwarebytes, ran a quick scan and discovered a veritable infestation of computer ligma. With 21 instances of malware detected, it was truly a smorgasbord of virtual diseases. Mostly trojans, some malicious registry edits and a couple "backdoors". I wiped them, ran a full system scan which revealed nothing new and then set about trying to fix my antivirus.
Now 2 hours later I have not had much success and I am writing this in the hopes that someone will help me.
This is what the Windows Security overview page in Settings looks like:
This is what the Virus & threat protection looks like. The error is the result of clicking on the only button "Restart now":
Yes, I did disable (even uninstall) malwarebytes before trying to start the following service.
C:\Windows\system32>net start WdNisSvc
The Windows Defender Antivirus Network Inspection Service service is starting.
The Windows Defender Antivirus Network Inspection Service service could not be started.
I don't know if this is useful information but I will include it here.
C:\Windows\system32>sc start WdNisSvc
SERVICE_NAME: WdNisSvc
TYPE : 10 WIN32_OWN_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 7568
FLAGS :
This is what I've tried so far.
I have also modified a couple of registry entries relating to Windows Defender:
If someone could help me with this it would probably make my day, I've been messing with this all day and it's pretty exhausting.
Continue reading...
Today I noticed that I hadn't got a Windows Update in a while. Sure enough, I discovered that the service was broken and could not be started manually. The reason for this, after a bit of digging, was that a good chunk of the registry entries for the Windows Update service were missing. I had a friend export their Windows Update related registry keys and I got the system working again. Following this I installed about 5 updates in total, one of which was a big cumulative one, and after that I installed 1909.
Now I wouldn't put it past this lovely operating system to entirely bork itself as it has done so for me and many others in the past. However a friend suggested that I run a virus scan and I figured it couldn't hurt, confidently exclaiming that I hadn't had a virus for about 10 years or so.
Turns out the Windows Security Virus & threat protection was also broken. Very broken, in fact. I installed malwarebytes, ran a quick scan and discovered a veritable infestation of computer ligma. With 21 instances of malware detected, it was truly a smorgasbord of virtual diseases. Mostly trojans, some malicious registry edits and a couple "backdoors". I wiped them, ran a full system scan which revealed nothing new and then set about trying to fix my antivirus.
Now 2 hours later I have not had much success and I am writing this in the hopes that someone will help me.
This is what the Windows Security overview page in Settings looks like:
This is what the Virus & threat protection looks like. The error is the result of clicking on the only button "Restart now":
Yes, I did disable (even uninstall) malwarebytes before trying to start the following service.
C:\Windows\system32>net start WdNisSvc
The Windows Defender Antivirus Network Inspection Service service is starting.
The Windows Defender Antivirus Network Inspection Service service could not be started.
I don't know if this is useful information but I will include it here.
C:\Windows\system32>sc start WdNisSvc
SERVICE_NAME: WdNisSvc
TYPE : 10 WIN32_OWN_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 7568
FLAGS :
This is what I've tried so far.
- sfc /scannow
- DISM /Online /Cleanup-image /RestoreHealth
- Checked Group Policy for any abnormal settings related to Windows Defender/Security
I have also modified a couple of registry entries relating to Windows Defender:
- Deleted 3 entries in "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" which were set to disable certain features relating to real-time protection
- Deleted 1 entry in "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" which was set to disable the antivirus feature.
- The value of "Start" in "Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" is set to 3. I would like to know if this is correct as I have seen people suggest both 2 and 3.
- The value of "Start" in "Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv" is set to 3. I don't know if this is correct or not.
- The value of "Start" in "Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc" is set to 3. I don't know if this is correct or not.
If someone could help me with this it would probably make my day, I've been messing with this all day and it's pretty exhausting.
Continue reading...