0

So, usually stupidity-proof me stupidly got a virus installed on my Windows 11 (latest updates) device. Don't ask me how (may have something to do with the fact that I had a Malwarebytes premium trial installed?) but Windows' tamper-proofing was (and is) on, but the Windows Security Service is disabled. Whenever I try to load the Windows Security app, it's just a completely black window. Sometimes I get a notification that the service isn't on (with a button to turn it on) but when I try that, all I get is an error saying it couldn't be started.

Thanks to the tamper protection I can't re-enable it, nor can I change any registry values that might be disabling it (I even tried running regedit as the SYSTEM user, still couldn't change owners or the values), and I changed all the settings I could in the group policy editor, but that didn't change anything.

Both SFC and DISM scans return that things are fine. Malwarebytes can't find anything on the system either (I got rid of basically all traces of the virus manually, not hard when you create an invisible window with edgewebviews and you set the description of both those and the program running them to "Toyota")

I'd really hate it if I had to reset Windows. It's on my SP7 so I can't exactly pull out the drive and mount it on another machine. Anyone smarter than me know if I can get myself out of this pickle?

Edit: This question got closed as a duplicate of a generic "how do I disinfect my computer" question. All traces of the virus are gone. No disinfection needed. I just need to be able to forcefully edit the registry so I can disable tamper protection so I can enable Windows Security's service so I can re-enable Windows' built in security features (including turning tamper protection back on).

Slashee the Cow
  • 101
  • 2
  • 1
    Depending on your version I *think* You can do a refresh, or possibly even download and reinstall windows from the recovery menu – Journeyman Geek Jul 16 '23 at 09:48
  • @JourneymanGeekOnStrike I can but it says while my files will be safe, I'll have to reinstall all my programs, and I'm the sort of person who'd rather go through a ton of hassle attacking the problem from multiple fronts than a lot of hassle reinstalling everything. – Slashee the Cow Jul 16 '23 at 10:03

1 Answers1

0

I can't re-enable .... tamper protection, nor can I change any registry values that might be disabling it (I even tried running regedit as the SYSTEM user,

You are getting viruses because you are mucking about with the Registry and other important settings.

Viruses are just walking in unimpeded.

The most reasonable fix here is to back up and reinstall Windows properly. I can normally be up and running within a day.

Stop using the Registry as a user tool - it is not and never was.

John
  • 46,167
  • 4
  • 33
  • 54
  • I'm mucking around in the registry this much BECAUSE I got that virus. Never even tried to do it as system before (just my own account, which is an admin), nor have I had reason to try and change owners of a registry key. Pretty much everything else I've ever done has been cosmetic tweaks, cleaning out crap from uninstalled programs, trimming the crap from the "open with" menu for various filetypes, stuff like that. Never touched important system stuff. – Slashee the Cow Jul 16 '23 at 13:14
  • It is not at all likely that changing registry settings will fix a virus. Virus writers are much smarter than that. Still, your system is now damaged and I have offered (from experience with customers) the best way to fix it. – John Jul 16 '23 at 13:20
  • Also, it's the first time I've ever been hit by a virus. Downloaded a file from less reputable places, but checked the hash on VirusTotal and only about six generic hits from a few of the smaller AVs. So please don't patronise or demean me. I know I'm far from the best Windows expert there is, but I'm not a newbie, I know what I'm doing and I know what I don't know enough about to touch. This is just a case of self-inflicted damage due to pushing my luck a few too many times. – Slashee the Cow Jul 16 '23 at 13:25
  • I know changing registry settings won't (generally) remove a virus. I already cleaned the virus out by hand. Now I just want to re-enable Windows Security, including the AV (cause, you know, makes infections a lot less likely) but am being blocked by design. – Slashee the Cow Jul 16 '23 at 13:28
  • I read a reasonably decent article that virus writer are using ChatGPT and AI to create convincing viruses. The world is getting more difficult – John Jul 16 '23 at 13:29
  • I know, and I feel bad for the less experienced people who fall prey to them (though scams are probably worse right now). This wasn't a convincing virus, as I said in the OP, just a basic clickbot which seemed like it wanted to be noticed (seriously, "Toyota" as the description for its exe and the edgewebviews it spawned?). Hid itself in Program Files in folders with fake application names (but only a couple of different filenames for its own exe), and stashed a few of copies of itself away in AppData/Local/Temp. Squashed the bugger in about ten minutes. Just need to clean up the damage. – Slashee the Cow Jul 16 '23 at 13:44