Jump to content

Anti-Rootkit DDA Driver not loading and real time protection off


DanZ

Recommended Posts

Symptoms:
    1. Logon results in Malwarebytes displaying a pop-up "unable to load the Anti-Rootkit DDA Driver.  Asks if I want to try a reboot.
    2. Replying to the boot question in 1. results in a quick pop-up saying : "SDKCreate failed with code 20023".  This small window displays for less than a second.
    3. Manually bringing up the Malwarebytes screen from a user account shows no Real-time Protection, but from an admin account, shows it as still on (Fully Protected).
    4. "Start Malwarebytes Anti-Malware with Window" in Advanced Settings is being turned off on user and admin accounts.
    5. My second Windows 10 system, on my LAN, is also infected with the same symptoms.

    
Status:
    Malwarebytes Antimalware Premium has been running on both systems continuously for about a year.
    Ran a Custom Scan with Antimalware (with Scan for Rootkits checked) but nothing was found.  This is on my faster deskside system.  My laptop is still running the Custom scan.
    Farbar Recover Scan Tool reports (run from a non-admin account) follow:
    
    Dan

 

P.S.  First attempt to post was rejected as too long.  So I'm attaching the files instead.
    
--------------------------------------------------------------------------------------    
   

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


You have to run FRST from Administrator account.


Link to post
Share on other sites

Hi THE.

 

I realize your initial post to me here was a template that you edit for each new issue.  But it says if you don't hear from me within 3 days the thread will be closed.  So I'm responding now, but it doesn't look like you need me to do anything yet.

 

Also, I installed qBittorrent last summer to download LibreOffice and it is still installed.  I checked Taskmanger processes before I submitted, and it did not appear to have anything from qBittorent running.  But I would be happy to remove it if you would prefer.

 

Thanks,

 

Dan

Link to post
Share on other sites

Your PC seems clean. Let's try to reinstall MalwareBytes:
 
 
mbam-old.png Uninstall outdated Malwarebytes' Anti-Malware
 
Please download MBAM-clean and save it to your desktop.

  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the latest MBAM version.
 
 
 
51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Link to post
Share on other sites

I ran MBAM-clean and uninstalled Anti-Malware on one of my systems (even though the Malwarebytes software wasn't "outdated").

I then installed the free version of Anti-Malware and rebooted it on my DRZBase2 system.  I did not bother with yet another rootkit scan, but this system seems to be working fine.  Rebooting does not result in a Malwarebytes error message about rootkits and my Advanced Settings to load Anti-ware with Windows aren't being overridden (yet?).  I haven't applied my license code to this version to enable real-time support.

Should I apply my license code to the copy of Anti-Malware that you asked me to reinstall?

Interesting side note: My other PC (that had the same symptoms of my Base2 system) also seems to be working fine, without any manual intervention on my part.

Dan

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.