Hey everyone, I opened up firefox on my computer and an ad immediately popped up. Now I knew straight ahead that was a potential symptom of adware so I went into windows defender and attempted to scan my computer when I noticed that my entire C: drive was excluded from the scan and every scan for as long as I could tell. I went into Event Viewer to see if I could narrow down the time where the edits initially started but it spans back months of incomplete scans and edits. Edits such as:
Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value:
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpEngineRing = 0x4
Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value:
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine\MpCampRing = 0x4
Those popped up after every scan^^
Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\Diagnostics\LastKnownGoodPlatformLocation = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\Diagnostics\LastKnownGoodPlatformLocation = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0
Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\Features\Controls\54 = 0x1
New value:
Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: Default\ProductAppDataPath = C:\ProgramData\Microsoft\Windows Defender
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\ProductAppDataPath = C:\ProgramData\Microsoft\Windows Defender
Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\ServiceStartStates = 0x1
New value: Default\ServiceStartStates = 0x0
These popped up only once from what I could glean^^
The one that freaked me out (Cant find it rn) was an entry that looked like someone had deleted a log.
I am using a ROG Zephyrus G14, I am looking to remove this virus off my computer. None of my scans picked up anything. If y’all need any more information I’d be happy to provide it. Thanks!