Jump to content

Recommended Posts

The ransomware protection wont turn on. It tells me its starting and that's it! . I have the latest version of Premium Malwarebyte. I have deleted the program using the online tool and also the control panel in windows 10. I have re downloaded the program from scratch and still have the same problem. Any suggestions?

Link to post
Share on other sites

Hello and Welcome

Let's try this first, even though you mentioned you have tried it, it will ensure we have a clean start.... (It is recommended that you de-activate your Malwarebytes first before un-installing or using the clean removal tool - the tool can only backup the license info for MB3 so if you have MBAM v1 or v2 you have to de-activate it manually)

  1. Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - Malwarebytes mb-clean tool (after uninstalling you can download the latest version (currently v3.0.6 CU4) to re-install from HERE)
  2. If that does not correct the issue, then please read the following and attach to your next reply the 4 requested logs - Diagnostic Logs (the 4 logs are: mbam logs zipped, FRST.txt, Addition.txt and mb-checkResult.txt)
  3. NOTE: More info about the latest Malwarebytes 3.0.6 CU4 HERE; MB 3 User Guide ONLINE; MB 3 User Guide PDF; MB 3 FAQ: Malwarebytes 3.0 - Frequently Asked Questions


Please let us know how it goes.


Thank You,

Firefox

Link to post
Share on other sites
  • Root Admin

Hello @martinsykes

The computer is having a few minor issues that may or may not be contributing to the issues with Malwarebytes.

One issue is that you have multiple hidden installations of AVG that were not removed from a previous uninstall of their program. Let's go ahead and do some manual clean up as well as run their own cleanup utility.

Please download and run the following AVG Remover and restart the computer.

Please read the following article concerning the use of MSCONFIG
Msconfig Is Not A Startup Manager


Run MSCONFIG and restore it back to NORMAL and reboot. Then run it again and make sure it's on NORMAL

Once that's done please run FRST again and place a check mark in the Addition.txt check box and post back both new logs as an attachment.

Thanks

 

 

Link to post
Share on other sites
  • Root Admin

You have an old, compromised version of Java on your computer. Please uninstall Java 8 Update 45. If at all possible try to run your computer without Java, but if you find you must have it make sure you keep it up to date at all times as it is often targeted for bugs to compromise it.

The logs show that MSCONFIG in not running in Normal mode. It has not changed from the last log.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

 

Link to post
Share on other sites
  • Root Admin

Hmm, logs still show MSCONFIG is enabled.

Please copy/paste the following into the Start, Search and hit the Enter key.

 

reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig" "%USERPROFILE%\desktop\my_msconfig.txt"

Then find the my_msconfig.txt file on your desktop and upload it please.

Thanks

 

Link to post
Share on other sites
  • Root Admin

Please save the attached file "stop_msconfig.zip" to your desktop or other download folder. Doubleclick to open and then double click on the registry entry inside the zip file and allow it to merge into the registry.

Then restart the computer and run new FRST scans again and post back those logs.

Thanks

Ron

stop_msconfig.zip

Link to post
Share on other sites
  • Root Admin

We're not done yet. Sorry for the delay. The logs were not complete which means something stopped them from completing.

Let's try doing a full disk check of the system.

 


Please click on the "Search the web and Windows" box.

win10search.jpg.ab49407705b2ffa8728339ae


Then type in CMD.EXE and when it shows on the start menu right click and select "Run as administrator"

 

cmd_prompt_run_as_administrator.jpg.252a

 

In the command prompt please type the following exactly.

CHKDSK  C:  /R

This will tell Windows to run a full disk check, however you'll get the following, telling you it cannot run because it's in use.

Press the Y key to tell it to run on the next restart of the computer.

 

Quote

Microsoft Windows [Version 10.0.10586]


(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>CHKDSK C: /R
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process.  Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)

 

Then restart the computer and let it run.
Then find and copy the disk check entry from the Event Logs and paste back the results here.

How to Read Event Viewer Log for Chkdsk (Check Disk) in Windows 10

 

Link to post
Share on other sites
Log Name:      Application
Source:        Chkdsk
Date:          01/05/2017 10:59:53
Event ID:      26226
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      martin-PC
Description:
Chkdsk was executed in scan mode on a volume snapshot. 
Checking file system on C:
Stage 1: Examining basic file system structure ...
                                                                                      
  464640 file records processed.                                                       
File verification completed.
                                                                                      
  15836 large file records processed.                                  
                                                                                      
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
                                                                                      
  570736 index entries processed.                                                      
Index verification completed.
                                                                                      
                                                                                      

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                      
  53049 data files processed.                                          
CHKDSK is verifying Usn Journal...
                                                                                      
  38977008 USN bytes processed.                                                          
Usn Journal verification completed.
Windows has scanned the file system and found no problems.
No further action is required.
 487922679 KB total disk space.
 170869104 KB in 268123 files.
    187408 KB in 53050 indexes.
    588595 KB in use by the system.
     65536 KB occupied by the log file.
 316277572 KB available on disk.
      4096 bytes in each allocation unit.
 121980669 total allocation units on disk.
  79069393 allocation units available on disk.
----------------------------------------------------------------------

Stage 1: Examining basic file system structure ...
Stage 2: Examining file name linkage ...
Stage 3: Examining security descriptors ...
Windows has scanned the file system and found no problems.
No further action is required.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Chkdsk" />
    <EventID Qualifiers="0">26226</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-05-01T09:59:53.083541100Z" />
    <EventRecordID>54792</EventRecordID>
    <Channel>Application</Channel>
    <Computer>martin-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
Checking file system on C:
Stage 1: Examining basic file system structure ...
                                                                                      
  464640 file records processed.                                                       
File verification completed.
                                                                                      
  15836 large file records processed.                                  
                                                                                      
  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
                                                                                      
  570736 index entries processed.                                                      
Index verification completed.
                                                                                      
                                                                                      

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                      
  53049 data files processed.                                          
CHKDSK is verifying Usn Journal...
                                                                                      
  38977008 USN bytes processed.                                                          
Usn Journal verification completed.
Windows has scanned the file system and found no problems.
No further action is required.
 487922679 KB total disk space.
 170869104 KB in 268123 files.
    187408 KB in 53050 indexes.
    588595 KB in use by the system.
     65536 KB occupied by the log file.
 316277572 KB available on disk.
      4096 bytes in each allocation unit.
 121980669 total allocation units on disk.
  79069393 allocation units available on disk.
----------------------------------------------------------------------

Stage 1: Examining basic file system structure ...
Stage 2: Examining file name linkage ...
Stage 3: Examining security descriptors ...
Windows has scanned the file system and found no problems.
No further action is required.
</Data>
    <Binary>00170700AEE5040096FF08000000000013250000E80000000000000000000000</Binary>
  </EventData>
</Event>
+ System
   
- Provider
      [ Name] Chkdsk
   
- EventID 26226
      [ Qualifiers] 0
   
  Level 4
   
  Task 0
   
  Keywords 0x80000000000000
   
- TimeCreated
      [ SystemTime] 2017-05-01T09:59:53.083541100Z
   
  EventRecordID 54792
   
  Channel Application
   
  Computer martin-PC
   
  Security
- EventData
      Checking file system on C: Stage 1: Examining basic file system structure ... 464640 file records processed. File verification completed. 15836 large file records processed. 0 bad file records processed. Stage 2: Examining file name linkage ... 570736 index entries processed. Index verification completed. Stage 3: Examining security descriptors ... Security descriptor verification completed. 53049 data files processed. CHKDSK is verifying Usn Journal... 38977008 USN bytes processed. Usn Journal verification completed. Windows has scanned the file system and found no problems. No further action is required. 487922679 KB total disk space. 170869104 KB in 268123 files. 187408 KB in 53050 indexes. 588595 KB in use by the system. 65536 KB occupied by the log file. 316277572 KB available on disk. 4096 bytes in each allocation unit. 121980669 total allocation units on disk. 79069393 allocation units available on disk. ---------------------------------------------------------------------- Stage 1: Examining basic file system structure ... Stage 2: Examining file name linkage ... Stage 3: Examining security descriptors ... Windows has scanned the file system and found no problems. No further action is required.
      00170700AEE5040096FF08000000000013250000E80000000000000000000000

Binary data:

In Words

0000: 00071700 0004E5AE 0008FF96 00000000
0010: 00002513 000000E8 00000000 00000000

In Bytes

0000: 00 17 07 00 AE E5 04 00 ....®å..
0008: 96 FF 08 00 00 00 00 00 ÿ......
0010: 13 25 00 00 E8 00 00 00 .%..è...
0018: 00 00 00 00 00 00 00 00 ........

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.