VirTool:Win32/DefenderTamperingRestore

Hello

We're going to start with a PC diagnosis:

Read the entire procedure carefully before posting the reports
Do not post them directly in the messages as they are unreadable and incomplete

The reports FRST.txt and Addition.txt are expected

All reports must be hosted on https://security-x.fr/up/ and you should include the obtained links in your response

---------------------------------------------------------------------------------------------

--> The SmartScreen filter may trigger an alert. Click on Actions or More info then on Run anyway

---------------------------------------------------------------------------------------------

--> Download the FRST version of Farbar, compatible with your system, and save the file to your Desktop

--> For a 32-bit system
--> For a 64-bit system

How to find out which version is running on my system, 32-bit or 64-bit?

--> Wait for your browser to prompt you to download and save, without clicking anywhere, especially not on the sponsors of the page.
--> Close all applications, including your browser
--> Double-click on FRST.exe and click Yes to accept the Disclaimer
--> Under Vista, Windows 7 / 8 and 10, you must launch the file by right-clicking -> Run as administrator
--> Wait until it indicates The tool is ready to run
--> On the main menu, click on Scan and wait for the analysis to complete
--> At the end of the scan, the reports FRST.txt and Addition.txt are created. Post these reports in your next response.
--> The reports are saved in the same location as the tool and under C:\FRST\Logs

Sorry, I just read your email

I'll get on it right away,

thank you for your response

RE_

You have too many antivirus programs on this PC, Windows Defender is more than enough.

Uninstall:

=> Avast Free Antivirus
=> Avast Secure Browser

=> McAfee Security Scan Plus
=> McAfee True Key --> Unless useful

=> Intel® Security Assist

Once done, delete the two reports on your desktop, then restart a FRST scan and post the new reports.

PS: Can you copy/paste in your response the detection found by MSERT?

Hi,

Yes, so regarding my antivirus, I wanted to activate Windows Defender, but I got a message saying that Avast was my antivirus. So I removed all the other antivirus programs except for Avast. I'm not sure if I dare to uninstall Avast and then activate Windows Defender...

If I understood correctly, I can't activate Windows Defender while Avast is on my computer. Windows is protecting me with its firewalls, but when I click on Virus and threat protection, it says that Avast Anti-Virus is active. (start-->pc settings-->update and security-->windows security-->virus and threat protection).

I'm a little scared because I started the scan for current threats (in Virus and threat protection) and the scan is very long, it's not progressing...

And my PDF files, their location on my desktop, the icon has turned into a blank page, it's no longer the icon I was used to. Also, for some of my downloads, I have a blank page instead...

RE_

Two solutions:

=> Either you follow my instructions without doing anything else and wait the necessary time for troubleshooting

=> Or you do things on your own and manage by yourself.

It's not possible to make progress if you don't follow my instructions and want to rush ahead.

Stop launching analyses left and right and do what I ask you.

RE_

And did you translate it? That means:

The scan completed successfully and no viruses, spyware, or other potentially unwanted software was detected.

******

-> Copy what is found HERE from start:: to end:: (without pasting it anywhere)

--> Open FRST (or FRST64) as an administrator and click on Fix
If FRST seems to freeze or is unresponsive, let it run.

--> The PC will restart

--> A fixlog file is created in the same location as FRST, post it like the other reports

--> The fix will clean the firewall, the programs you launch afterwards will ask for access on the first launch

--> Open the security center (Windows Defender) and let me know if you still have the issue.

Here is the result of the FRST

https://up.security-x.fr/file.php?h=R6980414db7ff2bb7c53089ed4dc25ed1

I don't know if I still have the problem because initially,

I found out about it through a message from Microsoft Safety Scanner.

Have you seen any viruses in the reports I sent you?

RE_

Okay for the report.

No, it’s not an infection, and there is no security breach; it’s an alert to indicate that Windows Defender is disabled and a fix is being applied.

However, since there were several active AVs, despite the fix, the deactivation of Windows Defender was continuously present, hence the detection of VirTool:Win32/DefenderTamperingRestore.

Otherwise, the PC was clean, no infection, only obsolete files.

*********

What does the security center say? Is everything okay as shown below:

*************************

Uninstall Avast Update Helper which must have appeared in the list of programs

---

Yes, I will remove Avast Update Helper

RE_

except for "protection against viruses and threats", "protection against ransomware" because I have not configured OneDrive

Just click on "ignore", you will no longer receive the notification

For Windows Defender, more details HERE and HERE

*************

If it's OK, to finish, to automatically delete all files/folders created by FRST and the tool itself, rename FRST/FRST64.exe to uninstall.exe and run it.

The procedure requires a restart

I have removed the FRST folder. Everything is okay.

And I will read the links on Windows Defender.

In any case, thank you for your help and for your quick replies.

Have a great day!

RE_

Okay, see you later on CCM