shaneasmithx

Windows Defender Offline says that definitions are not up to date even though they are...

I am using the 32 bit version of Windows Defender Offline on a USB Stick.

It worked fine last week when booting up for scanning a 32-bit Operating System.

Tried booting off of it this morning and it states that the definitions are out of date and refuses to scan. Moved the USB Stick to a known clean system and ran the original 32-bit installer so that it can update the definitions...definitions updated successfully but when booting from the USB Stick it still tells me that the definitions are not up to date.

Any ideas?

This thread is locked. You can follow the question or vote as helpful, but you cannot reply to this thread.

Answer

Stephen Boots

MVP
|
Volunteer Moderator

The problem with a fully updated WDO reporting that definitions are out of date is perplexing. What I believe is happening is that the boot environment is assigning your hard drive as the System Drive instead of your boot drive, so once it starts, it can't find the definitions as it isn't looking at the USB drive for it, but your hard drive. And, it can't establish a network connection, so it reports the out of date situation. All of that is speculation on my part and based on observation of these reports over the last months in the forum.

I agree with Le Boule that using a different scanner may be the sensible solution.

Alternatively, you might want to pull the drive from the infected system, attach it as a slave on the good system, and run a scan of that drive using the updated a/v of the clean system.

-steve

^_^
Windows Insider MVP (Security)

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Answer

Le Boule

Something is interfering with the Virus Scanner (McAfee) and turning those services off, then McAfee turns itself back on, and then the infection turns it off again and it cycles continously through this.

I have used RKILL and MalwareBytes to rid the system of all malware that has been detected but cannot get rid of this problem.

Additionally, all Network Connections are missing from My Network Places Properties.

Burning WDO to CD is a possible option, I suppose, however the defs will still be out of date (can't update defs on the CD).

Haven't tried any other rescued CD's but that is the next step.

Specifically, I was interested in WDO because I had read somewhere that using a solution that boots into a Windows PE envrionment will be able to scan the Registry whereas other solutions that rely upon a Linux Kernel will not do that.

To add a wrinkle to this story - I have 2 identical systems running Windows XP 32-bit...WDO does not run successfully on the infected system (says that the defs are out of date) however it does run successfully on a clean, identical system. So, I am guessing at this point that the infection is interfering with WDO.

Have you contacted McAfee Support? If you're paying them for antimalware protection I would hope they would provide assistance to you. http://service.mcafee.com/

WDO and other similar scanners are scanning the computer before Windows boots and hopefully that can remove the malware.

I'd try the other "rescue" disks if it were my computer.

Have you seen any signs from your previous scans of the following: Sirefef, Zero Access, Alureon.A or Alureon.E? If so, tell us details about the malware...check your Malwarebytes Log if necessary.

MVP Consumer Security 2014-2016
Windows Insider MVP 2016-2018