Jump to content

Malicious Website Protection Won't Enable


Recommended Posts

Hello and :welcome:, mhmank:

 

First, please be sure to reboot the computer at least once, if this is a new install or upgrade.

Then, please be sure your antivirus (AV) and firewall are giving MBAM full permissions.

 

Then:

Thank You,

Link to post
Share on other sites

Hello Mhmank,

 

Your FRST logs show a sign of a rootkit infection.

 

Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
 
Close any of your open programs while you run these tools.

 

Restart your system, Windows, so that it is a fresh start.

Please download Malwarebytes Anti-Rootkit (MBAR)  and save it to your desktop,
from here   
http://downloads.malwarebytes.org/file/mbar

•Be sure to print out ( if possible) and follow the instructions provided on that same page.

•Doubleclick on the MBAR file you downloaded and approve the UAC prompt in Vista and newer operating systems.
•Click **OK** on the next screen, to allow the package to extract the contents of the file to its own folder, mbar.
•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
•After reading the Introduction, click '**Next**' if you agree.
•On the Update Database screen, click on the '**Update**' button.
•Once you see 'Success: Database was successfully updated' click on 'Next'.

 

•Click the Scan button.

With some infections, you may see two messages boxes.
  1.'Could not load protection driver'. Click 'OK'.
  2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

 

 

When the Scan part  has completed, click the 'CleanUp' button and allow the reboot if prompted.

 

please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.

mbar-log-2014-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)
+ also
system-log.txt

I need to have both of those files attached in your next reply. 

 

Then do  another Scan with Malwarebytes Anti-Rootkit to verify that no threats remain.

 

Thanks.

 

Link to post
Share on other sites

Hello Mhmank,

 

The MBAR did not find rootkit, which is an excellent finding.

 

Please do the following:

Start the Anti-Malware.

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In some cases, a restart will be required.   { Wait for the prompt to restart the computer to appear, then click on Yes.}

 

 

After that has finished,    Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

 

NEXT:

Malwarebytes Anti-Malware works well and should run alongside antivirus software without conflicts. In some rare instances, exclusions may need to be set for your specific antivirus product to achieve the best possible system performance.
I suggest putting in trust settings in your antivirus, as follows:
Please "put as Trusted" (i.e., put Trust settings) for the following MBAM exe files within your Antivirus Software whitelist :

Note: If using a software firewall besides the built in "Windows Firewall" you'll need to exclude them from it as well

For 32-bit Windows Vista or Windows 7 or Windows XP:

C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamdor.exe
C:\Program Files\Malwarebytes Anti-Malware\mbampt.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

For 64 bit versions of Windows Vista or Windows 7 or Windows 8:

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamdor.exe
C:\Program Files\Malwarebytes Anti-Malware\mbampt.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE and MBAMSERVICE.EXE from it as well

Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site:
data-cdn.mbamupdates.com

Check your Anti-Virus/Internet-Security application to see if you can add exclusions for specific applications/files to ignore.
You may need to contact their technical support or check their support website for instructions.
You will need to set your Anti-Virus/Internet-Security to ignore/exclude the files I listed above.
 

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/31/2014
Scan Time: 6:59:14 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.31.10
Rootkit Database: v2014.05.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Michael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 250770
Time Elapsed: 9 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Hello,

 

Scan result is very good.   Please start the Anti-Malware. Click on Settings icon at the top bar at the top.

Click on Detection and Protection button.

 

Look at the line for Malicious Website Protection

Be sure that Enabled is selected.   If it is not, click the Enabled   and wait for it to turn on.  It should at the very most take less than a minute to respond.

Do have patience.

 

Do let me know how that goes.

Is there anything else we need to cover?

Link to post
Share on other sites

In that case, your system may well still have a on-going infection of some sort.

 

You will want to print out or copy these instructions to Notepad for offline reference!
These steps are for  member mhmank only. If you are a casual viewer, do NOT try this on your system!
If you are not mhmank  and have a similar problem, do NOT post here;  start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
   
Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere.  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


Have infinite patience during the run & scan by Combofix. It has many phases:  some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power  (AC power)or a UPS system


Important:  Have no other programs running.  Your Task Bar should be clear of any program entries including your Browser.
Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts.  Accept the EULA and follow the prompts during the start phase of Combofix.

    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.  
 

A file will be created at => C:\Combofix.txt.  

Notes:
[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log
and tell me, How is the system now icon_question.gif

Re-enable your antivirus program.

 

Link to post
Share on other sites

Hello,

 

Are you still with us?   or has this been resolved ?

I haven't had a chance to try this yet but as soon as I do I will post my results. I have been traveling for business and haven't been able to try. When I get back in town I will follow the above instructions.

Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.