Application failed to initialize: 0x80070006. The handle is invalid.
I could live without Windows Defender and SpyNet. But today, I took time to debug.
The most obvious thing to do is to query the Microsoft knowledge base. And it worked ! Quoting KB935511:
Method 1: Use System Restore to restore Windows VistaMethod 2: Reinstall Windows Vista
Ok ... maybe I'll try something else.
Then I thought that interesting logs could appear in PerfMon, because Windows Defender implements WPP software tracing. I managed to find the right Event Trace Provider (Microsoft-Windows-Windows Defender), create a Data Collector ... but nothing was eventually logged. Therefore I gave up this option.
Then I had a look at the C:\Program Files\Windows Defender\MpCmdRun.exe command-line utility.
----------------------------------------------------------------------
Windows Defender Command Line Utility (c) 2006 Microsoft Corporation
Use this tool to automate and troubleshoot Windows Defender
Usage:
mpcmdrun.exe [command] [-options]
Command Description
-? [h] Displays all available options for this tool
-Scan [-ScanType] Scans for malicious software
-SignatureUpdate Checks for new definition updates
-Trace [-Grouping] [-Level] Starts diagnostic tracing
-GetFiles Collects support information
-RemoveDefinitions [-All] Restores the installed signature definitions
to a previous backup copy or to the original
default set of signatures
-GetSWE Exports information about software installed
on your computer
----------------------------------------------------------------------
I tried -GetFiles, went through all log files but ... found nothing interesting either.
Looks like it is time to get out with IDA Pro Debugger ... Fortunately, remote Vista64 debugging is available through the win64_remotex64.exe stub ! Of course this is not for the faint of heart :)
Fortunately, the error is pretty easy to figure out: Windows Defender cannot acquire a handle on the WinDefend service ... because this service does not exist!
Why on earth was the WinDefend service removed from my computer ? I guess I'll never know. But for the time being, it is enough to export the following registry key from another Vista computer, and to import it back again:
HKLM\SYSTEM\CurrentControlSet\Services\WinDefend
Case solved !
5 comments:
Awesome fix for such an annoying problem. Some viruses and spy ware will remove windows defender on a computer. I had encountered one such virus and during removal i ran into this issue. I did exactly as you did and it fixed the issue and no longer receive the error.
Thank you for your fix it was very helpful.
Making us reinstall windows is not a solution for most people Microsoft. You all could of just gave us this info from the start. Why such a harsh solution for a simple fix.
I have this ugly problem but I don't know how to import that data to make my defender work again if you can help pls send me here your instructions blueovifire@ovi.com
Absolutely brilliant. Has to be the best fix I've heard of. I take my hat off to you.
How do you export it from another Vista computer?
Awesome post, spot on. This fix will work great if you don't have WinDefend in your list of services!
Post a Comment