Share via

I ran Microsoft Security Scan and a VirTool:Win32\DefenderTamperingRestore was found and supposedly removed but other issues remain.

JD 0 Reputation points
2024-06-15T15:19:41.1+00:00

After the Security Scan I found the log showing the VirTool:Win32/DefenderTamperingRestore and Removed which is a rootkit? I then ran a Get-MpComputerStatus command in PowerShell and found Antispyware Enabled as false even though I have an antivirus and also keep Windows Defender on as well. There were several other false statuses such as Antivirus Enabled along with 13 other false statuses. How do I fix these and have I been hacked?

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,072 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,446 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jing Zhou 4,670 Reputation points Microsoft Vendor
    2024-06-18T08:38:51.36+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    There's a high possibility that rookit is not uninstalled fully yet. Please do another full scan with Windows defender and confirm it.

    Meanwhile, please kindly also engage help from your security team further help to clear any potential risk.

     

    Best regards,

    Jill Zhou

     

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments