[Unable to restart Malwarebytes, Av deactivated]

4 minutes ago, Aura said:

You can find my recommendations in the speech below

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

DelFix
Follow the instructions below to download and execute DelFix.

• Download DelFix and move the executable to your Desktop
• Right-click on DelFix.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Check the following options :
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
  • Reset system settings
• Once all the options mentionned above are checked, click on Run
• After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply

 

Tips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

• How To Change Windows Update Settings
• How To Check For & Install Windows Updates

 

Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like UCheck, SecuniaPSI and Heimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

 

• UCheck Documentation
• How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)

 

Anti-Virus

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

• Sophos Home
• Bitdefender Free Antivirus
• Emsisoft Anti-Malware - Free 30 day trial. Once it expires, EAM enters into a freeware mode where it is still considered an Antivirus program, but without real-time protection
• Avira Free Antivirus
• avast! Free Antivirus

 

Anti-Malware, Anti-Exploit and Anti-Ransomware

Having a decent security setup (which also includes an Antivirus) is the most crucial step to protect a system. These programs are additional layers of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Fortunately, the new Malwarebytes 3 bundle all these layers in one, easy to use and efficient product. Malwarebytes 3 offers Malware, Web, Exploit and Ransomware protection modules that works together in order to keep your system protected and stop an infection at multiple level.

 

• Malwarebytes - Comes with a free trial of the Premium version for 14 days, after which it reverts back to the Free version

 

Note: Please note that only the Premium version of Malwarebytes 3 offers real-time protection (Malware, Web, Exploit and Ransomware). The free version only allows you to scan your system for threats and remove them.

Firewall

Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.

• GlassWire - Has both a free and paid version (with different packages)
• Windows Firewall Control - Gives you more control over your Windows Firewall
• TinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it

 

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. 

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

• uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
• HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
• Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
• NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
• uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
• LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)

 

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:

• The Ultimate Guide to Secure your Online Browsing: Chrome, Firefox and Internet Explorer on Heimdal Security
• Seven Useful Habits For A Safer Internet on Kapsersky Blog
• Tips for Secure Web Browsing: Cybersecurity 101 on VeraCode
• Safe browsing habits on Internet Safety Project Wiki

 

As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

• Answers to common security questions - Best Practices by quietman7
• How Malware Spreads - How did I get infected by quietman7
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams (aka Grinler)
• How to Prevent Malware by miekiemoes
• Tips & Advice on StaySafeOnline.org

 

The End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread?

Aura,

No, I don't think there are any other issues. I think you can close this case, thanks for all your help! 

Thanks,

Scott 

[Unable to restart Malwarebytes, Av deactivated]

Aura,

No, I don't think there are any other issues. Do you guys have any recommended AV to use instead of MS Tools? 

Thanks,

Scott 

[Unable to restart Malwarebytes, Av deactivated]

Aura,

Here is the cut and paste of that url. 

 

No engines detected this file

 

SHA-256	6a462dac110015f3e59610202714120c557674019a0196680b72031c50d7c474
File name	MsMpEng.exe
File size	117.05 KB
Last analysis	2017-12-12 00:07:42 UTC
Community score	+21

DetectionDetailsRelationsCommunity1

Ad-Aware

Clean

AegisLab

Clean

AhnLab-V3

Clean

ALYac

Clean

Antiy-AVL

Clean

Arcabit

Clean

Avast

Clean

Avast Mobile Security

Clean

AVG

Clean

Avira

Clean

AVware

Clean

Baidu

Clean

BitDefender

Clean

Bkav

Clean

CAT-QuickHeal

Clean

ClamAV

Clean

CMC

Clean

Comodo

Clean

CrowdStrike Falcon

Clean

Cybereason

Clean

Cylance

Clean

Cyren

Clean

DrWeb

Clean

eGambit

Clean

Emsisoft

Clean

Endgame

Clean

eScan

Clean

ESET-NOD32

Clean

F-Prot

Clean

F-Secure

Clean

Fortinet

Clean

GData

Clean

Ikarus

Clean

Jiangmin

Clean

K7AntiVirus

Clean

K7GW

Clean

Kaspersky

Clean

Kingsoft

Clean

Malwarebytes

Clean

MAX

Clean

McAfee

Clean

McAfee-GW-Edition

Clean

Microsoft

Clean

NANO-Antivirus

Clean

nProtect

Clean

Palo Alto Networks

Clean

Panda

Clean

Qihoo-360

Clean

Rising

Clean

SentinelOne

Clean

Sophos AV

Clean

Sophos ML

Clean

SUPERAntiSpyware

Clean

Symantec

Clean

Tencent

Clean

TheHacker

Clean

TotalDefense

Clean

TrendMicro

Clean

TrendMicro-HouseCall

Clean

VBA32

Clean

VIPRE

Clean

ViRobot

Clean

Webroot

Clean

WhiteArmor

Clean

Yandex

Clean

Zillya

Clean

ZoneAlarm

Clean

Zoner

Clean

Alibaba

Unable to process file type

Symantec Mobile Insight

Unable to process file type

Trustlook

Unable to process file type

[Unable to restart Malwarebytes, Av deactivated]

Aura,

On the subject of Antivirus, what or who is the best balance of protection and not to resource intensive? EverytimeThis disabled. ;-(  

Thanks,

Silly Scott

[Unable to restart Malwarebytes, Av deactivated]

Aura,

I am still with you, busy weekend and did not mess much with the computer. ;-) 

here is the output of the report: VirusTotal:

 

No engines detected this file

 

 

 

 

SHA-256	9b702515e81ec83275083487b119e9fa6505049c1fc3e3b6b4adc4a39023ae4b
File name	rk_D1D0.tmp.txt
File size	2.84 KB
Last analysis	2017-12-11 17:36:01 UTC

DetectionDetailsCommunity

Ad-Aware

Clean

AegisLab

Clean

AhnLab-V3

Clean

ALYac

Clean

Antiy-AVL

Clean

Arcabit

Clean

Avast

Clean

Avast Mobile Security

Clean

AVG

Clean

Avira

Clean

AVware

Clean

Baidu

Clean

BitDefender

Clean

Bkav

Clean

CAT-QuickHeal

Clean

ClamAV

Clean

CMC

Clean

Comodo

Clean

Cyren

Clean

DrWeb

Clean

Emsisoft

Clean

eScan

Clean

ESET-NOD32

Clean

F-Prot

Clean

F-Secure

Clean

Fortinet

Clean

GData

Clean

Ikarus

Clean

Jiangmin

Clean

K7AntiVirus

Clean

K7GW

Clean

Kaspersky

Clean

Kingsoft

Clean

Malwarebytes

Clean

MAX

Clean

McAfee

Clean

McAfee-GW-Edition

Clean

Microsoft

Clean

NANO-Antivirus

Clean

nProtect

Clean

Panda

Clean

Qihoo-360

Clean

Rising

Clean

Sophos AV

Clean

SUPERAntiSpyware

Clean

Symantec

Clean

Tencent

Clean

TheHacker

Clean

TrendMicro

Clean

TrendMicro-HouseCall

Clean

VBA32

Clean

VIPRE

Clean

ViRobot

Clean

Webroot

Clean

WhiteArmor

Clean

Yandex

Clean

ZoneAlarm

Clean

Zoner

Clean

Alibaba

Unable to process file type

CrowdStrike Falcon

Unable to process file type

Cybereason

Unable to process file type

Cylance

Unable to process file type

eGambit

Unable to process file type

Endgame

Unable to process file type

Palo Alto Networks

Unable to process file type

SentinelOne

Unable to process file type

Sophos ML

Unable to process file type

Symantec Mobile Insight

Unable to process file type

Trustlook

Unable to process file type

[Unable to restart Malwarebytes, Av deactivated]

Aura,

Here is the latest output log file from Rougekilrk_D1D0.tmp.txtler. 

[Unable to restart Malwarebytes, Av deactivated]

The Other thing that the application seems to not be able to get rid of is some random reg entry that just reads:

(x64) hkey_local_machine\software|software|description

I have told it to remove this a few times now and it has not been able to do so. :-(

[Unable to restart Malwarebytes, Av deactivated]

Aura,

Right now Roguekiller is fixated on msmpeng.exe which seems to be part of windows defender. 

Currently running out of the c:\programe files\microsoft security client\MsMpEng.exe 

Is there a way to confirm or is this a known thing. What is your recomendations? 

Thanks,

Scott

[Unable to restart Malwarebytes, Av deactivated]

Aura,

I am still finding one or two issues with the RougeKiller app. I reboot and scan again and I finds a different one. Strange.... Is there any harm in running more than one scanner/cleaner at the same time? Besides the obvious problem with taking a longer time to finish either scan due to the resource issues. 

 

[Unable to restart Malwarebytes, Av deactivated]

Aura,

Yes I am still with you. I removed the items listed above and updated the java. I then used the program and update the application I wanted to update. One of them was my k-lite drivers which seem to have been taken over by some group that have inserted some malware of their own and it took some effort of running the last two programs a few times and rebooting. To ensure all the bad stuff is gone. Let me run those a few more times and see if I get any hits. 

Silly Scott

[Unable to restart Malwarebytes, Av deactivated]

Aura,

Here is the Fixlog.txtFixlog.txtAddition.txtFRST.txt

For good measure I went ahead and re-ran the FRST64 tool again and posted the logs. 

Regards,

Silly Scott

[Unable to restart Malwarebytes, Av deactivated]

Aura,

Spybot Search and Destroy was one of the two applications I was using to help control my machine before I enlisted your help. It is now off, was it doing something funny? Or was it more bad than good? The fix is running, I am running it remotely and it sometimes drops my connections to itself and I just wait for it to come back. :-(  Other than acting a little slower than before the event and the fan seems to run a lot more than before. I am not sure if that was because the cpu was running all the malware in the back or not.  I am hopeful that this stops and it starts to behave better. At least well enough and long enough to make me feel comfortable to get the files and apps off it before reloading, if it is needed. 

I will let you know how the fix list runs shortly. 

Regards,

Silly Scott

[Unable to restart Malwarebytes, Av deactivated]

Aura,

Let me know if there is anything else you can think of or if you think we have this clean up. Thank you for your help in getting me to a place where the root tool kit will work. Now I have learned something new. Well I hope I don't have to use this knowledge again, but I often get laptops from family and friends in worse condition than this. 

Silly Scott.

[Unable to restart Malwarebytes, Av deactivated]

Aura,

Here are the FRST log files. I re-ran the Malwarebytes again (FRST.txtAddition.txtnothing found) then ran FRST64. 

I think my bitdefender threat prompt I was getting on shut down was due to another malware programe I had installed before I enlisted your services. since then I have removed to such programs that help me get the pc under control until I could request your help. I think with your help we have it cleaned up pretty good. 

[Unable to restart Malwarebytes, Av deactivated]

Aura,

Here are the logs in qAdwCleaner[S4].txtAdwCleaner[S3].txtAdwCleaner[S2].txtAdwCleaner[S1].txtAdwCleaner[S0].txtAdwCleaner[C3].txtAdwCleaner[C2].txtAdwCleaner[C1].txtAdwCleaner[C0].txtAdwCleaner[S5].txtuestion. 

rk_E659.tmp.txt

[Unable to restart Malwarebytes, Av deactivated]

Aura,

It was a pain to get the mbar.cmd to run out of the windows environment. It finally ran, rebooted. It fully loaded into windows and was able to load both Malwarebytes and AV. I updated both and ran them.  I rand the mbar one more time and it caught some more items. you will see two log items. I then updated and ran malwarebytes a few times. It now runs clean with now errors. Let me know what logs you may want to see if I got everything.  Have you heard of any of these files messing with bitlocker or providing some sort of bitlocker prompt when rebooting?    

mbar-log-2017-12-04 (19-19-26).txt

mbar-log-2017-12-04 (19-05-37).txt

[Unable to restart Malwarebytes, Av deactivated]

Sorry Aura,

I must have got distracted by a shiny thing before getting to the bottom of the email. I did not see the link and instruction. I will have to do that this evening since I am at work and the computer is at home. Sorry and thanks for keeping with me. 

Silly Scott

[Unable to restart Malwarebytes, Av deactivated]

Hello,

Still with you. 

[Unable to restart Malwarebytes, Av deactivated]

 Downloaded file that was invected and webpages hijacked.  I have been able to clean the machine up enough to use it again, but malwarebytes and MS security esse. have been deactivated and I have yet to be able to clean the hijacked webpages up and most of the other items. I am not able to run malware bytes or AV. I have two other programs that seem to help keep issues at bay for now. 

Thanks,

Silly Scott

FRST.txt

Addition.txt