I have been hit with a Virus that disables Windows Security by removing all its components (Windows 10). Startup Repair fails to run and I don't have a system restore that dates back before this (or even the virus somehow survives system restores not sure). The virus also disguises as the winrmsrv service and tries to get firewall access (I denied that).
I've downloaded MalwareBytes and scanned for malwares, the threats were detected and removed but the security components are still missing. Previously, I've resorted to resetting the PC which fixed the issue but now it's back again (after around 6 months) and I can't find the source of it.
My initial thought is that the malware could be up within a removable flash drive (I got an infection previously within a drive but it was scanned and removed before opening anything within the drive). But upon further inspection, all other laptops within my home are not affected and we use the flash medias interchangeably so it must be still stuck somewhere within my PC.
The Defender Firewall appears to be running but can only be accessed from the start menu, and I get this message as well (screenshot below). In control panel, the firewall appears to be working.
My question is: How it is coming back after a PC reset? Is there something that I'm missing or misunderstanding? In addition, can I fix missing components in Windows without resorting to a factory reset?
