Jump to content

DNS Issue So Can't Update MWB Database


Recommended Posts

Heya gang...

 

I have a single ethernet-connected system on my home network that no longer communicates with the rest of the network or the internet. 

 

Avast anti-virus is installed but not running and I cannot start it.

Network system tray icon says I have internet, however:

 

Ping 127.0.0.1 - okay

Ping Router - no reply

Ping Other Network Devices - no reply

Ping yahoo.com - no reply

Ping 8.8.8.8 - no reply

 

 

Flushed DNS Cache & restarted DNS client - no joy

Created new hosts file - no joy

 

I downloaded MalwareBytes to a USB drive and installed it. The current database is v2016.2.16.6 and the application hangs (for obvious reasons) while checking for updates. Is there a location to download the most recent database?

 

Thanks! Rick

 

Link to post
Share on other sites

Additional info:

  1. Windows 10
  2. Connected directly to modem  - same issue
  3. Used on-board ethernet connection - same issue
  4. Replaced PCIE network card - same issue
  5. Boot to Safe w/Networking - same issue (but system tray now says no internet connection)
  6. Avast working again - scanned w/no problems found
Edited by DarwinsFlinch
spelling
Link to post
Share on other sites

Hello.
I will be guiding you as we go forward.  I do need to see other diagnostic information from this system, so that I can see about pinning down the source of this issue.
I would like to ask that you always attach any report or file I ask for, from time to time.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed, please print out these instructions.

Please do not post logs using CODE, QUOTE, or FONT tags. Just always attach files / reports.
   
Please enable your system to show hidden files: How to see hidden files in Windows

Make sure you're subscribed to this topic:

Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable, it is unlikely, but things can go  wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen / flash drive

Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.

The removal of malware is not instantaneous; please be patient. Often we are also in a different Time Zone.

Perform everything in the correct order. Sometimes one step requires the previous one.

If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
You can check here if you're not sure if your computer is 32-bit or 64-bit

As we go along, from time to time, Windows User Account Control ( U A C ) will prompt whether to allow a tool or procedure to proceed forward.  Approve the Windows’ UAC prompt on by clicking on Continue or Yes.


When we are done, I'll give you instructions on how to clean up all the tools and logs
Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
Your topic will be closed if you haven't replied within 3 days.

#1
My first tip  and first thing to cover is to systematically power down all your system, and recyle your router, and then power on in order.
It is now a very good idea to reset the router for the internet connection service.  
First, shutdown windows and be sure the power is OFF.

now, Unplug the power plug to the Modem and the Router. Wait for about a minute, please.

now, Plug the power into just the Modem (unless you have a modem/router combo) When all the lights come up, plug in the power to the Router (unless combo of course)

Now, power on the computer and get Windows restarted.   One Windows system at a time.

#2
One Windows system at a time.  Do these tweaks.
Please review this post on our public forum.   {Disregard the initial description at the top of the forum post.}
https://forums.malwarebytes.org/index.php?/topic/172652-read-me-seeing-9224214021-blocks-read-me-please/

Then follow his suggestions to make changes for the selections for DNS server just only for *TCP IP v4*. Choose OpenDNS or otherwise Google. ( just like on the page above).
By the way, please do not make changes to the Hosts file. Just only the DNS adpater settings as layed out by MysteryFCM on our forum page above.

 

Link to post
Share on other sites

Maurice..

I appreciate your help but I need to move faster than one step per day on this particular machine as it is central to my home business. I opened a thread elsewhere with the specific question of locating a download location for the most recent ruled.ref file. Thanks again for your attention, and you can have this thread closed. If I have a continued issue after completing the MWB scan, I will open another.

Rick

Link to post
Share on other sites

So you indicate that the DNS server setting is squared away.  Have you tried a new attempt to Update the database thru the program?

If you got an error message, what was it exactly ?

Does this machine have internet connection and did you confirm that it works ?

What is the brand name of the antivirus suite on this box ?  It is conceivable that the antivirus is somehow interfering  ( not allowing Malwarebytes services to communicate out).

 

Malwarebytes Anti-Malware works well and should run alongside antivirus software without conflicts. In some rare instances, exclusions may need to be set for your specific antivirus product to achieve the best possible system performance.
I suggest putting in trust settings in your antivirus, as follows:
Please "put as Trusted" (i.e., put Trust settings ) for the following MBAM exe files within your Antivirus Software **whitelist** :

Note: If using a software firewall besides the built in "Windows Firewall" you'll need to exclude them from it as well

For 32-bit Windows Vista or Windows 7, 8.1, 10, or Windows XP:

C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamdor.exe
C:\Program Files\Malwarebytes Anti-Malware\mbampt.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

For 64 bit versions of Windows Vista or Windows 7 or Windows 8.1, 10:

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamdor.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE and MBAMSERVICE.EXE from it as well

Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site:
data-cdn.mbamupdates.com

Check your Anti-Virus/Internet-Security application to see if you can add exclusions for specific applications/files to ignore.
You may need to check their support website for instructions.
You will need to set your Anti-Virus/Internet-Security to ignore/exclude the files I listed above.

 

Link to post
Share on other sites

The database still does not update because there is no internet connection. There is no error message, the application simply continues trying until I intervene hours later. I am uncertain why it was able to run on that one earlier occasion.

The antivirus is Avast. When I installed MWB I excluded it from Avast shields and searches, and have verified that is still the case. I have tried MWB with the AV disabled, there was no change.

I am using only Windows Firewall.

The issue remains that I cannot make any connections to any other device on my network, including the router.

Edited by DarwinsFlinch
Link to post
Share on other sites

Beyond my prior tips on the router, I have no other suggestions on that one.

Perhaps you can get the pc connected directly in some other way.  You said you are only using the firewall.  Not sure what you mean there.

We have to rely on you to get the internet connection issue sorted.  One other possibility is to do a hardware rest on the router.  Check with that hardware manufacturer.

As to Avast antivirus:

Avast antivirus can do innocent interference, until you make settings adjustments.

Set Exclusions for Malwarebytes' Anti-Malware in Avast! Antivirus:

Open Avast! antivirus and click on REAL-TIME SHIELDS on the left
Click on File System Shield on the left and click on Expert Settings
Click the Exclusions section
Click on Browse next to the blank entry at the bottom of the list (this will be the only entry if no other exclusions have been set yet)

In the Select the areas window click on the + next to C:
Click the + next to Program Files (x86)  Note: For 64 bit Windows versions this will be Program Files (x86)
Click the box next to Malwarebytes Anti-Malware and click on OK
Click OK again
Click on Web Shield on the left and click Expert Settings
Click on Exclusions and check the box next to URLs to exclude:
Type or copy/paste the following address:

*.mbamupdates.com
Click on OK

Also, for Avast! Internet Security:
Click on Behavior Shield on the left and click Expert Settings
Click on Trusted Processes
Click on Browse next to the blank entry at the bottom of the list (this will be the only entry if no other exclusions have been set yet)
Navigate to C:Program Files (x86)\Malwarebytes Anti-Malware and click once on mbam.exe and click Open Note: For 64 bit Windows versions this will be Program Files (x86)
Do the same for the following files:

C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamdor.exe
C:\Program Files\Malwarebytes Anti-Malware\mbampt.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
  
Click on OK
Close Avast! antivirus



Set Exclusions for Avast! Antivirus  in the Settings of  Malwarebytes Anti-Malware:

Open Malwarebytes Anti-Malware and click on the Settings icon ( tab on the top bar)

Click on the button marked Malware Exclusions.
Click on the Add Folder button on the lower right.
In the small browse window that opens, navigate to C:\Program Files (x86)  and click once on *avast software* and click on OK

REBOOT the machine after this.  That is so important !

 

You can use the link below to manually update the database of Malwarebytes Anti-Malware (MBAM). This is updated weekly, so it is not as current as what can be obtained through a normal update. this link
Download and extract the contents of the zip file.

Contained within are mbam-rules.exe which is for MBAM 1.x installations, and mbam2-rules.exe which is for MBAM 2.x installations.

Use the file appropriate to your MBAM installation version.

Double-click it to begin installation, and follow the prompts.
Once it's complete, you can scan with Malwarebytes Anti-Malware.

Link to post
Share on other sites

I just want to make sure I understand correctly. If I have no internet connection because of a possible virus, it is beyond Malwarebytes capabilities to scan for it because it requires a connection to the internet to check for updates first? Because it still tries to check regardless of the date of the "rules.ref" file.

Link to post
Share on other sites

You have re-stated that you finished a scan and it cleared one item.  A) it would be good to have a copy of that scan report

b) that means there is no malware around

 

Now, then, our software is not a universal cure all tool.  You have a complicated network internet connection issue.

You may consider this set of steps and then see if that helps out.

Start NOTEPAD    { you can press Windows-key+R keys to get the RUN option
and then type in

NOTEPAD.exe

and press Enter key to start NOTEPAD.

Check and make sure "word wrap" is off.
From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
IF it -is- checkmarked, click that one time so that it is un-checked.

Please copy/paste the lines  below to Notepad:


@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset resetlog.log
shutdown -r -t 1
del %0

 

now Save as flush.bat to your desktop.
Double-click flush.bat file to run it. Your computer will reboot.

 

 

Link to post
Share on other sites

The Scan report appears to have a relatively close database date of August 11.  That report shows only a few P U P adware type items.  and those were removed.

As to the network connectivity, I do believe that it is a good point to switch out to a different network card on your hardware.

There is next to very little more that anyone can do on the networking side.

 

Also, one notes there is no malicious malware reported by the last scan.

These next set of reports may be of some value to have and to review.

Please download    Farbar Recovery Scan Tool  and save it to your desktop, first.

 

You may wind up needing to temporarily turn off your antivirus program IF it interferes with the diagnostic tool-reports listed below.

 

Right-click on *FRST* icon and select  *Run as Administrator * to start the tool , and reply *YES* to allow it to proceed and run.

_Windows 8 or 10 users will be prompted about Windows *SmartScreen protection* - click line  *More info* information on that screen and click button *Run anyway* on next screen._

Click YES when prompted by Windows U A C prompt to allow it to run.

Approve the Windows’ UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes.

 

Click Yes when the* disclaimer* appears in FRST.

The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

 

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it also makes another log (Addition.txt).  Just attach those files with your reply.

Please attach FRST.txt & Addition.txt along your next reply.

 

Link to post
Share on other sites

There is no malware involved on this box.

 

There are a few Windows system event errors in the system log that are eye opening.  Shown on the FRST reports.
System errors:
=============
Error: (08/17/2016 03:52:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (08/17/2016 02:03:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.494, time stamp: 0x5775e575
Faulting module name: DUI70.dll, version: 10.0.10586.494, time stamp: 0x5775e2de

Error: (08/17/2016 01:37:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NetworkUXBroker.exe version 10.0.10586.420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.


Bottom line, the FRST reports have no signs of malware.   And previously, the copy of the recent scan also showed no malware infection.  It had just found some adware P U Ps.
There is no malware involved on this box.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.