Wednesday, July 30, 2008

I Fix Things: Windows Defender Corrupt - 0x80070006

Windows Vista has actually managed to work pretty well for me thus far. With one or two exceptions, I'd say it's pretty solid, and in my experience with it, I haven't found it deserving of the "buggy mess" label a lot of folks seem to have pinned on it.

One thing I can't figure out, however, is why they decided to integrate Windows Defender into the operating system. Don't get me wrong, Defender is decent software (if a bit unremarkable, I use it more for detection that actual removal, since I haven't seen it remove all that many things that Spybot, Adaware, or HiJackThis weren't able to root out), but streamlining it into the system has the disastrous side effect of making it:

a) Impossible to remove, should you not want to use it
b) Extremely difficult to troubleshoot or repair, should there ever be a problem with it

I recently had to use System Restore, due to a poorly created MSI file I decided to test on my machine. Once the process had completed, Windows Defender has broken itself. Upon system startup, I would receive an error message reading "Application failed to initialize: 0x80070006. The Handle is invalid". Most of the methods of troubleshooting Defender that I've seen on the Internet require the user to be able to open Defender in the first place. The program files are all there, it seems as though Defender should work, but there's no 'Windows Defender' service listed under Windows services, and there's no way to open the program.

Luckily, after doing some research (and calling Microsoft, but that was an exercise in futility), I've found the answer to my problem.

The problem lies in corrupted registry settings for the program. If you have a similar problem to mine (Defender in Vista seemingly installed, but getting a "can't initialize" error), try the following (originally posted here by cdninja)

Step 1: Back up Registry ==================

1. Click Start, type "regedit" (without quotation marks) in the search bar and press Enter.

2. In the Registry Editor, click File menu, and click Export.

3. In the Save In list, select the folder where you want to save the backup. 4. In the File Name box, and type a name for your backup file, such as "Options" or "Backup".

5. Click Save.

Step 2: Create and Run the Registry File ==================

1. Click Start, type "notepad C:\register.reg" (without quotation marks) in the Search bar, and then click OK. Choose Yes when you are prompted to create a new file.

2. Copy the following texts between the star marks and then paste them into the opened Notepad window:

************************BEGIN**************************

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-103"
"ErrorControl"=dword:00000001
"Group"="COM Infrastructure"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,73,00,65,00,63,00,73,00,76,00,63,00,73,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-3068"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\
74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\
69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\
00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\
6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,\
00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,6d,00,70,00,73,\
00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Security]
"Security"=hex:01,00,14,80,04,01,00,00,10,01,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,d4,00,07,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\
05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\
00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\
84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\
00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,\
00,28,00,15,00,00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,\
e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,\
00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Enum]
"0"="Root\\LEGACY_WINDEFEND\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

*************************END***************************

3. After you paste the above commands, please close the Notepad window. Choose Yes when you are prompted to save the file.

4. Save the file as a REG file of any type (defenderfix.reg was what I called the file, but any name will do, just make sure the file is a REG file, and not a TXT file)

5. next double click on the new file.

6. When you receive a message box asking "Are you sure you want to add the information in the REG file to the registry", choose "Yes"

7. You will receive another message box saying "Information in the REG file has been successfully entered into the registry", please click "OK" to confirm.

8. Restart the computer.

 

The process worked for me. Let me know if it works for you.

96 comments:

  1. Worked like a charm! Thanks. My system is a new install of 64-bit Vista Ultimate. Defender used to work, but then my entire WinDefend registry key went missing. I exported the WinDefend key from a working 32-bit Vista Ultimate box to compare to your text as a santity check, and they were identical. After importing it on the broken machine and rebooting, Defender works again. Thanks for saving me from the Vista reinstall that the MS KB article (935511) says is needed to fix the problem.

    ReplyDelete
  2. It works for me once after I've done it and restart. The next restart the error is back again. I have to repeat the same process in order to not have the error. Is it we have to do it every time??

    ReplyDelete
  3. Settled the problem. The backup registry & and the defenderfix.reg must not be saved in the same folder. Just to add extra information.

    Thanks for the help!

    ReplyDelete
  4. why hello lets get the people here not other pages. every page i been to so far but this one said you had to reinstall windows!! hmm but you saved me the pain wow what a good fix thanks

    ReplyDelete
  5. thx alot....can u help me in another problem?....itz wif my security center....it can't be started....each time i try to, diz pops up, "The Security Center service can't be started."....i checked in the "services"....but theres no "security center" in it....can u help me?....

    ReplyDelete
  6. Worked perpectly. Thanks!

    ReplyDelete
  7. This comment has been removed by a blog administrator.

    ReplyDelete
  8. great trick! works :)
    thank you!

    ReplyDelete
  9. Thanks so much! Solved my problems!

    ReplyDelete
  10. I can't save the file as a .reg. It's only giving me the option of a txt.

    ReplyDelete
  11. Thanks!! Defender was broken after a malware attack. I fixed the malware issue, but now I'm cleaning up everything it broke. The registry fix got Defender back for me. Great post.

    ReplyDelete
  12. Thanks a lot! I had the same situation, that stupid "Vista Antivirus 2011" malware program screwed up windows defender. I tried fixing my registry and either erased windows defender registry keys, or they were corrupted by the virus. So far so good Nibbish :)

    ReplyDelete
  13. Thank you so much for sharing your knowledge about this. I stumbled here because I got some trojan or virus called Total Vista Security installed onto my laptop without my permission. And i removed it with Malwarebytes, but after it rebooted I got the 0x80070006 error about windows defender... so many heartattacks... And every single time I searched for help on this issue people were saying you must reinstall windows. I have no time for that.... Thank you once again!!

    ReplyDelete
  14. Thanks :) This looks to have worked a treat. As with others above defender seemed to be knackered after a removing some mailware using Malwarebytes amongst some other bits and bobs.

    :D

    ReplyDelete
  15. Thanks, so much! fixed error 80070424, not exist as an installed service.
    hopefully others will find this, and it will help them, too!

    ReplyDelete
  16. Thanks for writing this guide and posting it, i had the fake windows security center 2011 virus on my computer i managed to get rid of it but it corrupted my windows defender files and i could not run windows defender, but now after following these instructions i can, Thanks again for posting this guide.

    ReplyDelete
  17. Thank so much! Had a corrupted registry due to a Vista -spyware2010 virus, and this fixed my defender after I removed the virus. Couldn'tve done it without you!!!

    ReplyDelete
  18. John McEvilly, IrelandApril 18, 2011 at 2:23 PM

    Amazing!

    Thanks for that.

    Tried lots of different scans to no avail.

    Am very grateful.

    ReplyDelete
  19. This appears to have solved the aches and pains of this long weekend!
    Many thanks for sharing the fix :)

    ReplyDelete
  20. MS only two choices, restore or reinstall, were not much help. Your post fixed the issue after a malware attach and took only a few minutes to complete. Very much appreciate the post.

    ReplyDelete
  21. That works perfectly!
    I got problems with Defender after removing a tons of trojans and spyware with Malwarebyte. Now seems to be fixed, thank you very much :D

    ReplyDelete
  22. When I double click on the defenderfix.reg file I never get a message box asking me if I'm sure I want to add the information in the REG file to the registry. What am I doing wrong? I saved defenderfix.reg as an any type file per your instructions. Running Vista Ultimate. Please advise. Thanks.

    ReplyDelete
  23. Thanks so much, it worked perfectly!
    I had that problem for a month now, and this is the only place where I found a solution that didn't involved desinstalling and reinstalling Defender.

    ReplyDelete
  24. Thanks Man, Great post your fix worked perfectly for me.

    ReplyDelete
  25. Hi, thanks for this it fixed my windows defender problem. However, I'm now getting an error relating to unauthorized changes to windows. Error: 0xC004D401. Is this anything be be concerned about or is this just because I've changed the registry? thanks

    ReplyDelete
  26. You are a legend mate, thanks from the UK.

    ReplyDelete
  27. Thanks!! this work for me without the need to reinstall windows defender (as recommended even on M$ site).

    My Vista Business having problem on registry corruption after unknown failure on windows updates.

    the result is exe association broken (cause a mess), as well as the error above. its resolved now.

    thanks for the very helpful info.

    ReplyDelete
  28. thank you so much for this!

    a malware virus trashed my computer and i've been trying to pick up the pieces since. this was extremely easy to follow and worked like a charm. thanks again!

    ReplyDelete
  29. When I restarted I got the same error message. Not sure if I messed something up during the process but I'm pretty sure I followed the steps to a t.

    ReplyDelete
  30. Worked well for me with a Vista 32 bit O/S. Thx for this valuable piece of info.

    ReplyDelete
  31. I recently had a problem with a virus that corrupted my windows defender registry files. I tried everything else to fix it, but your solution worked like a charm! It only took less than 5 minutes and it was fixed! I didn't have to reinstall the OP system or anything. Thanks alot man if only those dumbasses at microsoft were as helpful as you amazing fix man thanks again so much!!

    ReplyDelete
  32. This was exactly what I needed, thank you!

    ReplyDelete
  33. can't thank you enough......you have saved me hours of frustration...now if I could only fix my "windows explorer" issues....that's my next repair

    ReplyDelete
  34. good ol' Vista Home Security 2012 (the give away was in the title) trashed my clients laptop, your top tip helped patch it back together. Just a note to other users, the message I got at Step 2 pt 6 was different (using Vista Home Premium SP1), but the results very pleasingly the same.

    ReplyDelete
  35. Well done! Fixed the same problem on my PC with Vista Home Premium SP2 using your solution. I believe the problem began with an attack by malware calling itself Vista Home Security 2012. Thank you for your assistance repairing Windows Defender.

    ReplyDelete
  36. Jooooohhooooooo!!!!
    Worked for me alright!

    Tnx a lot!

    Robin

    ReplyDelete
  37. Countless sites, the only solution that worked! Thank you.

    ReplyDelete
  38. Luckily I found this early in my search for a fix. Worked like a charm.
    Thanks,
    Al

    ReplyDelete
  39. Just tried it and still have the error message popping up. I recently removed the same Vista Home Security Virus, so fairly sure that is what was/is causing it. Any other suggestions?

    ReplyDelete
  40. Worked like a charm...

    ReplyDelete
  41. Microsoft said to reinstall Vista - 2 hours
    You said DO THIS - 6 minutes
    EXCELLENT
    Toby

    ReplyDelete
  42. It worked! Totally awesome!!! Thank you very much for the post and instructions! Great work

    -Eric

    ReplyDelete
  43. omg, it worked !
    thanks for sharing this <3
    YOU ARE AMAZING !
    again, thank you so muchhhh xD

    ReplyDelete
  44. Awesome!!!! the only solution that worked!
    Thanks, Great post your fix worked almost perfectly for me. :)

    ReplyDelete
  45. This worked great! Absolutely amazing post. Thank you very much

    ReplyDelete
  46. thank you so much! worked perfectly. now i just hope it fixes my other problems...

    ReplyDelete
  47. I don't know what all that jargon I copied and pasted meant, but YOU DID IT! Thanks.

    ReplyDelete
  48. this worked like a charm!!! thanks so much.

    ReplyDelete
  49. pls sum1 tell me how to save it to reg it wont allow me to do it. onlt txr

    ReplyDelete
  50. nope i safed it in my picture file instead, but had to re-do the whole thing for it to work

    ReplyDelete
  51. Awesome. Has been a long time coming finding this simple solution.

    ReplyDelete
  52. My computer was attacked by one of those fake scanner programs, and when I used Malbytes AntiMalware to get rid of it, it had already killed my WinDefender. I've been tying to find a fix since July (2011) and this worked great. Tech Support that tells you that you must re-install Vista, isn't much support, and not very Tech. Your fix is fantastic. Thanks.

    ReplyDelete
  53. Muy bueno Gracias por la ayuda! :)

    ReplyDelete
  54. I was working on a clients computer. After a rouge virus was removed, Windows Defender was not working anymore. This method resolved the issue.

    ReplyDelete
  55. Deu erro apareçe: "Não é possivel importar C:/Users/Desktop/defenderfix.reg: Achave selecionada é invalida
    Ajuda Porfavor!!!

    ReplyDelete
  56. Short and to the point: Thank you.

    ReplyDelete
  57. thanks a lot bro, its up and working on my system ...

    ReplyDelete
  58. Thanks! This worked great.

    ReplyDelete
  59. Awesome! Worked like a champ (for the Defender issue). Had the Vista Security 2012 malware infection and fixed all of it except for Defender. Now if I can just get the Windows Firewall to turn back on...

    ReplyDelete
  60. Worked like a charm. Thank you so much. Now if I can get the firewall turned back on. I'll be a happy camper.

    ReplyDelete
  61. Thank you the exact fix

    ReplyDelete
  62. it worked many thanks for the fix

    ReplyDelete
  63. After many hours I found your solution.
    Fantastic! Thankyou!

    ReplyDelete
  64. thanks it works "flawless victory"

    ReplyDelete
  65. Wow, I figured I'd never get this fixed. Thank you for the assist :D

    ReplyDelete
  66. You, sir, are a star. Thanks for saving my sanity.

    ReplyDelete
  67. I got the Vista 2012 security virus...cleaned with malware bytes but then got the "no handle" error code. Microsoft wanted to reload vista....I declined. Then I finally found this solution....I scanned the file with malware...it was clean. followed the above instructions and got a perfect result the first try...Kudos and hats off to you...thanks for ypur expertise and willingness to share!

    ReplyDelete
  68. Defender is freaking restored! You're better than Madre Teresa|

    ReplyDelete
  69. I was disappointed with Microsoft's approach to this problem. But, I tried your easy solution and got my Defender back on the road...Thank you so much!

    Brad

    ReplyDelete
  70. I was disappointed by Microsoft's attitude and approach to this problem. Your solution was simple and effective. Thank you so much!

    ReplyDelete
  71. your solution is very simple and works perfectly. i tried fixing the defender using the microsoft and majorgeeks way but they're both complicated and did not do anything at all. thank you so much! ^___^

    ReplyDelete
  72. "Are you sure you want to add the information in the REG file to the registry", choose "Yes"

    After that it displyaed
    Cannot import c:\register.reg. The specified file is not a registry script.
    You can only import binary registry files from witing registry editor

    ReplyDelete
  73. I can only add praise to the author for his fast and easy solution to a nagging problem. I wish I'd searched the web more thoroughly before! thank you for sharing this.
    Hans

    ReplyDelete
  74. Thanks Pete.Problem resolved in mere minutes. Greatly appreciated.

    ~J~

    ReplyDelete
  75. Totally worked. Now I just need to fix Security Center and Firewall. :\

    ReplyDelete
  76. Thanks!
    Worked perfectly on my 32-bit Vista system.

    ReplyDelete
  77. Brilliant!! Thank you much

    ReplyDelete
  78. worked like a charm,you are an awesome dude.thanks

    ReplyDelete
  79. Worked great! Do you have a similar fix for windows firewall,windows update & security center? This was a great easy fix.

    ReplyDelete
  80. freakin awesomeness...you rock...i have defender back on board after some viralness..thanks man...may the force be wif you.

    ReplyDelete
  81. You are a good man.. thank you :)

    ReplyDelete
  82. Awesome!!!It Fixed my Windows Defender.

    ReplyDelete
  83. Excellent, worked a treat, thanks.

    ReplyDelete
  84. Thank you, you saved me a complete reinstall, saved my life and time

    ReplyDelete
  85. damn right it worked.
    A piece of spyware started tearing up my system right in front of my eyes and every Windows Defender warning / popup option menu was just deefaulted OK by the spyware that also destroyed the WindowsFirewall service and placed entries into the host files.

    This fix was invaluable espeically since Microsoft just bureeaucratically instructed me online to run FixIt but woulodn't explain how to reinstall useless defenbder.

    I'm going to install EWF for Vista somehow or some equivalent, I run it on XP and I don't worrty about this stuff since a reboot flushes my changes but I haven't found an EWF for Vista yet or just h

    ReplyDelete
  86. failed for me! meme en france tout n'est pas fonctionnel! thanks

    ReplyDelete
  87. It works !!! Thanks from Italy !!! Ciao Stefano

    ReplyDelete
  88. do you have a similar fix for Windows firewall? much appreciated! P.S. I am operating on a Dell studio with Visa Home Premium SP1

    ReplyDelete
  89. Worked for Win7 like a charm. Thanks!

    For repairs to Windows Firewall, Micro$oft has a repair tool called "Windows Firewall Repair Fixit". Haven't run it yet, but I found a link for it on their website and it appears that M$ has realized that there are viruses/trojans out there targeting M$'s security programs, like Firewall and Defender, and shutting them down.

    They also have a program called "Windows Malicious Software Removal Tool", which I'm currently running.

    ReplyDelete
  90. I don't normally comment online, but after this awesome step-by-step I have to say THANKS!!!

    ReplyDelete
  91. Wow, if I hadn't read all the positive comments I would have never tried it. I am amazed. For the first time I finally found something that actually worked and it worked like a champ. Thanks man for this awesome step-by-step info. I still can't believe it. This is some AWESOME INFO.....

    Thanks again Nibbishment, You Rock!!!

    ReplyDelete
  92. Thank you so much for this, the information from Microsoft and other techs is USELESS this fixed the problem instantly thank you thank you thank you!

    ReplyDelete
  93. I NEED HELP!! I did what you said but it still didn't work, said there was either a system error or file error. I even took it to a computer place and it cost $220. Still not fixed. Is there any way of finding the system error or file error so I can do your fix?

    ReplyDelete
  94. TTTTTTHHAAAAAANNKK YOOOOUUUUU SO MUCH

    ReplyDelete
  95. cdninja, you have fixed my defender! Now just to get the Firewall working.

    ReplyDelete