Solved HELP!! 911--Windows Defender False Positive? Free Diagnostic Software Detected as Infected

bikemanI7 · Jan 11, 2024

Hello All

Had a zip file on Onedrive with some Free diagnostic software to save if i ever needed, and now i cannot perform Defender actions or Clear Protection History so Real time Protection Re Enables

Any advice or suggestions in this matter? I have so many problems, and i swear i didn't think this would be detected like it is now

I thought finally Pc was getting back to normal and i'd have no more problems sighs

Ghot · Jan 11, 2024

bikemanI7 said:
Hello All

Had a zip file on Onedrive with some Free diagnostic software to save if i ever needed, and now i cannot perform Defender actions or Clear Protection History so Real time Protection Re Enables

Any advice or suggestions in this matter? I have so many problems, and i swear i didn't think this would be detected like it is now

I thought finally Pc was getting back to normal and i'd have no more problems sighs

What was the name of the "free diagnostic software"?
I can download the software and test it on my system if you'd like.

bikemanI7 · Jan 11, 2024

Ok name is Medicat USB (Suppose to be Diagnostic Software that is free) this file was zipped!

Berton · Jan 11, 2024

Have never seen NirSoft have such issues but I haven't used all their products. I just tried their site and seems normal.

freeware utilities: password recovery, system utilities, desktop utilities - For Windows

Unique collection of freeware desktop utilities, system utilities, password recovery tools, and more

www.nirsoft.net

A Search on NirSoft for medicat only found these:

Ghot · Jan 11, 2024

bikemanI7 said:
Ok name is Medicat USB (Suppose to be Diagnostic Software that is free) this file was zipped!

Damn... this is 21.x GB download.
I'm grabbing the torrent from the Medicat website.

50% so far. 352 seeds and climbing. LOL

bikemanI7 · Jan 11, 2024

Yeah well i'll just be happy if i get Defender Protection History cleared, and i'll just delete the Entire zipped file lol, already did off Onedrive

((local copy it won't let me delete from my storage drive as yet))

Though Defender Protection history still showing Threat Action Needed, Clicked on Remove, and not much luck, tried Quarantine before lol--nothings working

Yes it is 21GB file sorry file to mention that

I should've just saved on flash drive in the past, and not kept on Onedrive or Local drive. Though it never detected it like this til today, not sure why though lol. Right now Protection history stuck with Threats Found lol

((should i try Safe Mode lol)) or just wait at this point

Ghot · Jan 11, 2024

@bikeman17

Unzipped it's 26GB... 5x bigger than Windows 11.
Inside the zip file... there's 502 password protected files.
64 files Bitdefender can't scan, and labeled threats.

It may be safe and someone is just serious about keeping their secrets safe.
To me though... it looks like a LOT of cracked software.

I could delete it completely.

For example... it had every backup software I've ever heard of. It had just about every software I've ever heard of that would help someone work on a computer.

bikemanI7 · Jan 11, 2024

Ok well guess i should've deleted it before i decided to do my weekly full scan lol

I think its just a false positive, as first time ever been detected like this, the folder is still zipped, cannot delete though from my storage drive now, Onedrive copy seems to have deleted though

Checks PC 2 Gaming Laptop before i run its weekly full scan, i don't need both systems with Defender showing a Red X/Actions needed lol

Unless i try to delete from Safe mode at some point

Ghot · Jan 11, 2024

bikemanI7 said:
Ok well guess i should've deleted it before i decided to do my weekly full scan lol

I think its just a false positive, as first time ever been detected like this, the folder is still zipped, cannot delete though from my storage drive now, Onedrive copy seems to have deleted though

Checks PC 2 Gaming Laptop before i run its weekly full scan, i don't need both systems with Defender showing a Red X/Actions needed lol

Unless i try to delete from Safe mode at some point

I'm guessing... Windows Defender is upset that there are so many password protected files that it can't scan.

Berton · Jan 11, 2024

Being a zipped/compressed file shouldn't prevent deletion, might try it from Safe Mode. In extreme situations I boot to a Linux LiveDVD or LiveUSB and use its file management to do it.

bikemanI7 · Jan 11, 2024

Yeah guess so lol, so decided to say there were all threats or potentially unwanted software (got a few of those at bottom lol of the list) Well my plan for now is try to get the local copy to delete somehow at some point

Then hope protection history clears in a day or so i suppose

may try safe mode in a bit here to delete local copy lol

Ghot · Jan 11, 2024

bikemanI7 said:
Yeah guess so lol, so decided to say there were all threats or potentially unwanted software (got a few of those at bottom lol of the list) Well my plan for now is try to get the local copy to delete somehow at some point

Then hope protection history clears in a day or so i suppose

may try safe mode in a bit here to delete local copy lol

Safe Mode will probably be the fastest and easiest way.

bikemanI7 · Jan 11, 2024

Sadly safe mode not working to delete local copy of zipped file either so far

Well leaves it preparing to Recycle for a while and see if it sometime responds LOL

if not then will have to come up with another thing to try to delete the file, then get Defender Protection history cleared eventually somehow. Then stay away from all utilities, and just keep system up to date, and hopefully end of my problems

Ghot · Jan 11, 2024

bikemanI7 said:
Sadly safe mode not working to delete local copy of zipped file either so far

There's a way to delete thing like that with Command Prompt... but I don't remember the commands.

Fabler2 · Jan 11, 2024

Try LockHunter,

LockHunter is a free 64/32 bit tool to delete files blocked by any processes

LockHunter is a foolproof file unlocker for 32 and 64 Windows

lockhunter.com

Ghot · Jan 11, 2024

Ghot said:
There's a way to delete thing like that with Command Prompt... but I don't remember the commands.

Then I would try EMCO Unlockit.... instructions at 5:31 in this video..

TheVisitor · Jan 11, 2024

This thing is a bit scary - I googled: Uninstall medicat usb windows 11 did not find ONE article how to remove, other than a clean install of the OS.

I'm not that well versed on all this stuff but it seems that the Medicat has somehow hi-jacked and has taken over the boot-loader sequence. If that is true its no wonder you can't remove it.

Maybe take a peek in BIOS and look at the boot-order ?

bikemanI7 · Jan 11, 2024

Ok LockHunter may work, its locked by WinDefender, Tried clicking Unlock it, didn't work, Tried to Delete Manually with WIndows Explorer via Lock Hunter (no luck) selected Delete on Next OS Restart.

Then all i need is Defender Protection History to clear

Then i think system should be fine hopefully

I'm glad i never unzipped this folder, but geez this utility software is a pain in the rear to remove) then i gotta check every external drive soon as resolved on internal drive to make sure is not another copy around to re cause the issue

Me and my Problems sighs
((don't really wanna resort to another clean install, heck i just got my Secondlife Game issue fixed/working perfectly again)) but will if its only choice at some point

Staying away from every single utility thats for sure once this solved

Fabler2 · Jan 11, 2024

Temporarily turn off Tamper protection in Defender then turn off Controlled folder access. Delete the file with LockHunter. Turn back on the settings.

bikemanI7 · Jan 11, 2024

Well Then LockHunter Stops Responding when i hit Delete it with Tamper Protection off and Controlled Folder Access was already off

((this is in my Extra OneDrive Download folder copy on My 4TB Storage drive))

OneDrive copy successfully deleted earlier