VOGONS


Vista build defender won't start

Topic actions

First post, by ldeveraux

User metadata
Rank Newbie
Rank
Newbie

I installed Vista on an old AMD APU direct from my discs. every bootup, I get the system error

Defender.exe - Unable to Locate Component
This application has failed to start because OpenCL.dll was not found. Reinstalling the application may fix this problem.

But as best I can tell, opencll.dll exists and I can't reinstall defender. Defender also seems to be turned off by group policy after every restart. Anyone know the fix for this?

Reply 2 of 22, by darry

User metadata
Rank l33t++
Rank
l33t++

Why would Defender (the integrated antimalware) need OpenCL ?

Are you using stock official Vista install media ? Which service packs are installed ? Did you install any applications ?

Reply 3 of 22, by dr_st

User metadata
Rank l33t
Rank
l33t

I don't know what it is that is trying to start, but the name for the integrated Windows Defender program is not Defender.exe.

https://cloakedthargoid.wordpress.com/ - Random content on hardware, software, games and toys

Reply 4 of 22, by darry

User metadata
Rank l33t++
Rank
l33t++
dr_st wrote on 2022-06-12, 16:01:

I don't know what it is that is trying to start, but the name for the integrated Windows Defender program is not Defender.exe.

Good point. Also the initial release of OpenCL was in August 2009 (after even Vista SP2) and was not a part of Windows Vista. It had to be installed separately and, AFAIK, this is still the case for current Windows .

This smells like either malware or a third party application of some kind .

Reply 5 of 22, by ldeveraux

User metadata
Rank Newbie
Rank
Newbie

huh, I literally used my original Vista Ultimate discs straight from the box. What was the best virus and malware scanner from the Vista era so that I might take a scan? It is weird that my defender has been disabled within group policy.

Reply 6 of 22, by Jasin Natael

User metadata
Rank Oldbie
Rank
Oldbie

Dumb question perhaps but why are you wanting to run any anti-virus software on this machine?
Vista is way out of support at this point and the best scanner utility isn't going to keep you secure anyway, it will also kill performance.
Are you using this machine as a daily driver? If so then I wouldn't bother or at least run Windows 7.

Reply 7 of 22, by Gmlb256

User metadata
Rank Oldbie
Rank
Oldbie

It isn't normal that Windows Defender gets disabled by Group Policy and that means the OP's computer is likely infected with a malware. Besides, OpenCL was never included by default on Windows and the DLLs usually appears after installing a video card driver.

Reply 8 of 22, by darry

User metadata
Rank l33t++
Rank
l33t++
ldeveraux wrote on 2022-06-13, 09:42:

huh, I literally used my original Vista Ultimate discs straight from the box. What was the best virus and malware scanner from the Vista era so that I might take a scan? It is weird that my defender has been disabled within group policy.

Ok, that eliminates the install media as a potential culprit, but what else was installed on this machine after Vista was installed from the original official media ?

Reply 9 of 22, by ldeveraux

User metadata
Rank Newbie
Rank
Newbie
darry wrote on 2022-06-13, 19:21:
ldeveraux wrote on 2022-06-13, 09:42:

huh, I literally used my original Vista Ultimate discs straight from the box. What was the best virus and malware scanner from the Vista era so that I might take a scan? It is weird that my defender has been disabled within group policy.

Ok, that eliminates the install media as a potential culprit, but what else was installed on this machine after Vista was installed from the original official media ?

THis happened after first boot, I just "OK"ed it away at first and thought I'd be able to fix later. It's not that I want to run an AV at all, I just want the constant nagging to stop. If it is malware, what's a vista era way to remove?

Reply 10 of 22, by spiroyster

User metadata
Rank Oldbie
Rank
Oldbie

If you google Defender.exe, it comes up saying either a process for T-Online or it's a trojan. Since it uses OpenCL, my money would be on a trojan coin miner. Either way, nothing to do with Windows Vista.

Vista era way to remove would probably be the same way using current Windows (under the hood they are very similar). Only slight difference may be a reg key location if you need to go there.

Reply 11 of 22, by ldeveraux

User metadata
Rank Newbie
Rank
Newbie
spiroyster wrote on 2022-06-14, 11:33:

If you google Defender.exe, it comes up saying either a process for T-Online or it's a trojan. Since it uses OpenCL, my money would be on a trojan coin miner. Either way, nothing to do with Windows Vista.

Vista era way to remove would probably be the same way using current Windows (under the hood they are very similar). Only slight difference may be a reg key location if you need to go there.

What, like MalwareBytes?

Reply 12 of 22, by Jasin Natael

User metadata
Rank Oldbie
Rank
Oldbie

Might try ComboFix for a Vista machine. It's aggressive but should scrub it well.
Then maybe not take this machine online. It is full of vulnerabilities.

Reply 13 of 22, by darry

User metadata
Rank l33t++
Rank
l33t++

Is this machine Internet connected without ( no NAT or firewall)?

Malware does not just randomly appear out of thin air. If it is not on the install media it still had to have come from somewhere.

If it happened once, it could happen again and if that machine can connect to other devices on the OP's local network, those machine could be at risk of being compromised as well.

Conversely, one of OP's other machines could have infected the new Vista machine through the local network.

IMHO, this is worth investigating.

Reply 14 of 22, by ldeveraux

User metadata
Rank Newbie
Rank
Newbie

I thought I experienced this Defender.exe crash from first boot, but that was a while ago so I could be mistaken. I think I might have installed a dodgy Chrome instance. I uninstalled that, and was able to install Avira and MBAM, along with a compatible version of ccleaner and remove all kinds of malware, not surprisingly related to some instance of a Defender installer (!).

FWIW I was able to get the actual Defender running, and not surprising when I do connect the LAN, no definition updates are found. It's been at least a decade since I bothered trying Vista, so it's not crucial. This is certainly not my daily driver.

Reply 15 of 22, by Jasin Natael

User metadata
Rank Oldbie
Rank
Oldbie
darry wrote on 2022-06-14, 15:40:
Is this machine Internet connected without ( no NAT or firewall)? […]
Show full quote

Is this machine Internet connected without ( no NAT or firewall)?

Malware does not just randomly appear out of thin air. If it is not on the install media it still had to have come from somewhere.

If it happened once, it could happen again and if that machine can connect to other devices on the OP's local network, those machine could be at risk of being compromised as well.

Conversely, one of OP's other machines could have infected the new Vista machine through the local network.

IMHO, this is worth investigating.

This is true, but a firewall does little good if you download and execute some questionable software.

Reply 16 of 22, by ldeveraux

User metadata
Rank Newbie
Rank
Newbie

Whatever I did, did a number on my securities, it's been a long time since I've actually had to fiddle with my services to get Defender working. REgardless, I know there are no new definition updates, but I found the latest for Win7/Vista and tried to apply them, but it does nothing. Still says my definitions are version 1.0.0.0 created in 2006. Again, not my daily driver, but how can I update my definitions to the latest?

Reply 17 of 22, by Jasin Natael

User metadata
Rank Oldbie
Rank
Oldbie
ldeveraux wrote on 2022-06-14, 17:20:

Whatever I did, did a number on my securities, it's been a long time since I've actually had to fiddle with my services to get Defender working. REgardless, I know there are no new definition updates, but I found the latest for Win7/Vista and tried to apply them, but it does nothing. Still says my definitions are version 1.0.0.0 created in 2006. Again, not my daily driver, but how can I update my definitions to the latest?

I don't think that you can. If you know the KB number you can possibly download them from the update catalog and manually install them, but honestly it's pointless.
The last definition updates for Defender under Vista were what in mid 2017?
And that is Defender, it wasn't exactly the Gold Standard of AV software.
Nothing can be done to adequately secure the machine, if you use it online it's at your own risk. Even a up to date 3rd party security software isn't going to be a magic bullet. The OS itself is riddled with unpatched vulnerabilities.
Just is what it is.
If you just want it as a retro box then that's great but I wouldn't leave it connected to your main network for any length of time, NAT or no NAT.

Reply 18 of 22, by ldeveraux

User metadata
Rank Newbie
Rank
Newbie
Jasin Natael wrote on 2022-06-14, 19:12:
I don't think that you can. If you know the KB number you can possibly download them from the update catalog and manually instal […]
Show full quote
ldeveraux wrote on 2022-06-14, 17:20:

Whatever I did, did a number on my securities, it's been a long time since I've actually had to fiddle with my services to get Defender working. REgardless, I know there are no new definition updates, but I found the latest for Win7/Vista and tried to apply them, but it does nothing. Still says my definitions are version 1.0.0.0 created in 2006. Again, not my daily driver, but how can I update my definitions to the latest?

I don't think that you can. If you know the KB number you can possibly download them from the update catalog and manually install them, but honestly it's pointless.
The last definition updates for Defender under Vista were what in mid 2017?
And that is Defender, it wasn't exactly the Gold Standard of AV software.
Nothing can be done to adequately secure the machine, if you use it online it's at your own risk. Even a up to date 3rd party security software isn't going to be a magic bullet. The OS itself is riddled with unpatched vulnerabilities.
Just is what it is.
If you just want it as a retro box then that's great but I wouldn't leave it connected to your main network for any length of time, NAT or no NAT.

Oh no, certainly not planning on keeping this live! This is my goof off box, I have spare computers with everything from DOS 6 to Windows 11 included and I figure might as well install all my OSes. It's just a fun proof of concept!

Reply 19 of 22, by dr_st

User metadata
Rank l33t
Rank
l33t

I think you can still get latest Defender updates on Vista. You just need to download and install them manually.

And Vista x64 will take even post-EOL Server 2008 SP2 updates. So you can still install current security patches on it. But you need to do a whole lot of pre-requisite update installs first.

https://cloakedthargoid.wordpress.com/ - Random content on hardware, software, games and toys