Jump to content

Infected, Virus is blocking Malwarebytes


Recommended Posts

Yesterday I noticed my desktop was "locked up" (would not respond to keyboard or mouse).  Booted PC, attempted to run Malwarebytes.  Noticed Real-Time protection on Dashboard had red dot and said "No Protection".  Researched this forum.  I have twice downloaded and executed mbam-clean, followed each time by reinstalling Malwarebytes Premium.  Installation was initially blocked because something had written bad sectors on the disk, causing the attempted installation to fail.  Checkdisk was initially also disabled, a reboot fixed that.  Checkdisk revealed bad sectors written to the Norton virus signature file, and two files called "lastalive0.dat" and "lastalive1.dat" were considered invalid and removed.  In both cases, installation appears successful, however I am not asked about setting up a scan, and updating and rebooting does not fix the Real-Time Protection, even though selected in settings (and owning Premium and re-inserting key).

I am forced to use Safe Mode, if I attempt to reboot into regular mode the PC becomes almost locked up, I presume by something attempting to reach out and touch someone.  If Internet connectivity is removed, the PC will not fully boot up, hangs on a black screen, could be something again looking for a connection.

I have downloaded and run FRST and mbam-check-2.3.2.0.  The resulting report files are attached.

Appreciate any assistance you can provide.  (telling me how to interpret the result files would also be appreciated, one file seemed to indicate multiple pieces of hardware not working due to out of date driver files, etc.)

Thank you!

FRST.txt

Addition.txt

CheckResults.txt

Link to post
Share on other sites
  • Staff

Hello and :welcome:

 

cmd_icon.png Check Disk

  • Press the WindowsKey.png on your keyboard. Type cmd and right click >> Run as Administrator.
  • Copy/Enter the command below and press Enter:
  • chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.


Check Disk report:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

Link to post
Share on other sites
  • Staff

Okay, let's try to reinstall MalwareBytes:

 

mbam-old.png Uninstall outdated Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.

  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the newset MBAM version.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.


Save the file to your desktop and include its content in your next reply.

Link to post
Share on other sites

I have Premium, clicking your link to download a new copy of Malwarebytes sends me to the following link: https://www.malwarebytes.com/mwb-download/  I have read that Premium users do not want to download the free version (which is what this site offers) because (apparently?) the free version is difficult to get to install as the Premium version.  Just checking to ensure you do want me to install the free version.  I have already downloaded mbam-setup-2.2.1.1043 from a Malwarebytes forum posting. 

Link to post
Share on other sites

Followed your directions.  New installation (running in Windows Safe Mode) still has "Available with Malwarebytes Anti-Malware Premium" on the dashboard for Real-Time protection.  As you will see in the attached scan log, Malware protection is disabled.

If I allow the PC to bring up full Windows, the PC pretty much immediately slows to the point of not responding.  My first post above spells out the events from re-installing Malwarebytes through running the scan.  I am hopeful you can figure out what is preventing the real-time protection from loading.

Thank you again!

mbam-scan-9-29.txt

Link to post
Share on other sites

Yes, I can do what you describe above.  As I mentioned in my previous posts, when Windows comes up, without Malwarebytes, the virus will take over the machine, only now with no anti-virus protection.  Since the virus was smart enough to disable both Norton and Malwarebytes, I am very concerned that this is a particularly nasty virus, so bringing up the PC with no protection could give the virus the ability to do who knows what. Not sure what we will prove with those actions, but if that's your best advice, I'll try it.

Link to post
Share on other sites

We lucked out: I was able to enable and disable internet connectivity to get Malwarebytes to activate the Premium license and the Real-time protection.  Approximately 200 additional objects were scanned, but running the scan with Real-Time protection enabled took almost 50% longer, 57 minutes vs. 40 minutes.  Unfortunately, no virus was identified, but my computer is running "full" Windows now and has not been taken over.  I am attaching multiple files from FRST, malwarebytes-check and Malwarebytes itself. I'm not convinced we have removed the virus (since nothing was noted as removed).  I fear that it has gone dormant and will return.   Hopefully the attached files will reveal something.

FRST-9-30.txt

Addition-9-30.txt

CheckResults-9-30.txt

mbam-daily-protection-9-30.txt

mbam-scan-9-30.txt

Link to post
Share on other sites

I agree.  I am concerned that we did not remove the virus, it has just gone dormant, however I can't disprove a negative, so in the absence of any evidence of infection, I will presume your help was able to get rid of the virus.  Malwarebytes and Norton both appear to be working correctly.

Thank you again for your assistance!!  I would donate, but your PayPal link looks sketchy to me. If you can send me a one-off to my registered e-mail address, with your PayPal info, I will donate.

Thank you and have a great weekend!

Link to post
Share on other sites
  • 2 months later...

Hello again,

The same issues last posted about in September have returned again.  I have printed the entire thread and will follow the same steps, this time in order and from the beginning.  I am hopeful the links used to download MBAM-clean, FRST, etc. are still valid.  I will attempt to download all again, to ensure I have the most recent version of each.  Just posting now to let you know I am starting the process again, and so you can confirm the links are all still valid/correct.

Thanks!

Robert

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.