Jump to content

Recommended Posts

I apologize in advance for the length of this description and for the many attachments. I wanted to include everything requested in the pinned post and also relevant screenshots showing various error messages I received. Screenshots listed will be attached as a screenshots.zip file.

The situation so far: Windows 10, Home, 64-bit, running Malwarebytes Premium for over a year now, with real-time protection enabled. As far as I know MB that was running when this happened was the latest version and signatures were up-to-date.

Out of nowhere, the machine locked. This has not happened on this PC before. No blue screen, no dump. I had to shut down and restart.

Once restarted Windows seemed fine but MB wouldn’t start, with the message “Cannot connect to service”. I had a problem with this on my last computer when I was running the Ransomware beta, but had not run into it since Ransomware was rolled into the current version.

I rebooted but once again MB would not load with the same message. I went into my Control Panel to uninstall MB, planning to reinstall as that had helped with this problem when I was running the Ransomware beta. To my surprise I saw two installations of MB, my normal version 3 icon and another that looked like a version 2 installation, a smaller icon with the Windows “Administration” overlay.

I also noticed at this time that this icon was also on my desktop as a shortcut. I usually keep only a few icons on my desktop, including my normal MB icon.  It is possible that I had an earlier version of MB still installed on my system, but I don’t recall this icon being present.

I uninstalled my primary MB without problem. I attempted to uninstall the secondary MB and got an error message. See attached screenshot: error0279.jpg. There was another message that I didn’t get a screenshot of, but which said something like “You need to turn off the self-protection on this installation”.  So I attempted to invoke the program from the desktop icon hoping to follow instructions for turning off self-protection. Instead I got the 0279 error, repeatedly.  At this time I went back into my Control Panel > Programs, and the second MB program was no longer listed under installed programs.

I located the files for this second MB installation in my Program Files (x86) directory (my normal installation was in the regular Program Files location). I scanned the folder with Windows Defender and that program didn’t report any problems.

The computer would not allow me to delete the shortcut icon from my desktop (see attached screenshot: icon-delete.jpg). I tried deleting the files in the x86 location and Administrator permission was requested. I okayed the deletion but was denied permission. (See attached screenshot: x86-folder.jpg). I attempted to change the security permissions on the desktop icon and was denied permission to do so (see attached screenshot: denied.jpg).

At this point I have the unremovable, unchangeable desktop shortcut, the files in the x86 directory that I cannot delete or change, and nothing in the Control Panel to show any version of MB installed.  I don’t see anything clearly unusual in Startup. The MBAM Scheduler and MBAM Service were listed there but I removed them from Startup. They still show in Services but are Stopped. I’m not sure why they are here since I’m not showing any MB installation at this time.

I then attempted to reinstall the latest MB version which I downloaded fresh from this site. It seemed to be installing normally, but then for several subsets of data I was refused permission to install. (See attached screenshot: install.jpg). I chose Retry but was denied again. I chose Ignore and the permissions were also denied for several successive folders. I aborted out of the installation at that point.

I then came to this site to look for information on what to do next. I read some and found the link to the MB-Clean program. I downloaded the program and ran it. I received another error message (see attached screenshot: error0142.jpg). The MB-Clean run screen had a message I didn’t expect (see attached screenshot: mb-check.jpg). The program did generate a zip file anyway, mb-check-results.zip, which I will also attach.

I read the pinned notice about what information to gather for help with infections and have also generated the requested files FRST.txt and Addition.txt using the FRST64.exe program and will attach them as well.

If this is somehow a munged double-installation I hope you can tell me how to fix it and get the current MB Premium up and running again. My computer seems to be running fine, with no signs of infection that I can see but I am of course very concerned about potential keyloggers or whatever since this is my private, primary computer that I use for banking and all other services.

Thanks for any help you can give.

Screenshots.zip

FRST.txt

Addition.txt

mb-check-results.zip

Link to post
Share on other sites

Hello @jnfr

From your logs it seems you have older version of MB 3.x and also some left over MBAM files. 

Lets try and run the MB-Clean tool and get a clean install on your system.

Tool can be found at : https://downloads.malwarebytes.com/file/mb_clean

1. After downloading the tool run the tool.
2. Tool will automatically clean up the older  product and will ask you for a restart.
3. Restart your system and then the MB-Clean tool will prompt you to re-install the latest product .
4. Click on "Yes" to reinstall MB 3.×.
5. Now you will have the latest product installed.

Let us know if that fixed the issue.

Link to post
Share on other sites

Hello @jnfr

Lets try this:

1. Restart your computer in the safe mode 

2. Open up the MBAM 2.x product and Disable self protection. (I am attaching a screenshot of this particular setting)

3. After you disable self protection reboot into the regular mode and run the Mb-Clean tool again.

Let us know if that worked for you.

Link to post
Share on other sites

Hello and thank you for your help again. I believe this problem is resolved now. I'll write down what happened in case it's useful for someone else.

I started my PC in safe mode as you suggested. The x86 MB program opened this time when I used the desktop shortcut and began an install. However, it installed a 3.0 version and I don't know why. I opened the program when it finished and found the screen to enable/disable self-protection but the program would NOT let me disable self-protection. I went to Control Panel > Programs and tried to uninstall the MB version which now showed up there. It began the uninstall but just spun its wheels and would not complete. The program was installed into the 64-bit folder, and the x86 version remained on the computer.

Still in Safe Mode I noticed that the desktop shortcut no longer had the Windows Administrator overlay. I deleted the shortcut from my desktop! Yay! I opened the folder containing the x86 program files and deleted those files.

I rebooted into normal Windows 10. The MB install still showed in the Program list. It was an old version (3.0.6 I think). I attempted to uninstall and once again the uninstall spun but never completed. I rebooted and the installation was gone both from the Program list and from my hard drive. The x86 version was also gone still (I half expected it to magically show up again). I ran MB-Clean but it did nothing as far as I could tell, I did not see it invoke a run window and it did not leave a results file.

I then installed the current version via the MB-Setup I had already downloaded and it ran fine. I entered my license info, the program updated itself and seems to be running normally.

I still have no idea where the x86 installation came from nor why it behaved as it did, but as long as it stays away I should be good.

Thanks for your patience and your help, Nikhil!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.