Jump to content

Can't run Malwarebytes

Siddharthk

By Siddharthk
in Resolved Malware Removal Logs

 Share

Recommended Posts

Siddharthk

Siddharthk

Posted
Posted

I can't use Malwarebytes. I had these problems with MalwareBytes

1. When I used installer It shows a message saying that .You must unblock the publisher for using the program

2. When I used installer as a admin it shows a message saying that "This problem is blocked for your Protection". (Fixed by Local Policy Group Editor)

3. And When I installed then it does not open. I tried many solution but didn't got any answer please help me. :(

And when i ran FRST and MB-check and asked for files. A person in forum said that your computer is infected and sent me here. PFA the infected files information. Please help me.

Waiting for positive reply

Addition.txt

FRST.txt

mb-check-results.zip

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted (edited)

Hello Siddharthk and welcome to Malwarebytes,

Run the following fix with FRST, when complete update Malwarebytes and run THreat scan, post results in next reply....

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Post those logs for me to see, also tell me if there are any remaining issues or concerns....

Thank you,

Kevin..

 

fixlist.txt

Edited by kevinf80
typing error
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Just run Malwarebytes threat scan, see what that log shows. If its clean leave Sophos and run the following:

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....
Link to post
Share on other sites
Siddharthk

Siddharthk

Posted
  • Author
Posted


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.52, September 2017 (build 5.52.14201.0)
Started On Tue Sep 26 16:06:41 2017

Engine: 1.1.14104.0
Signatures: 1.251.334.0
Run Mode: Interactive Graphical Mode

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.52, September 2017 (build 5.52.14201.0)
Started On Thu Sep 28 10:43:18 2017

Engine: 1.1.14104.0
Signatures: 1.251.334.0
Run Mode: Interactive Graphical Mode

Quick Scan Results:
-------------------
Threat Detected: BrowserModifier:Win32/Soctuseer!excl and Removed!
  Action: Remove, Result: 0x00000000
    regkeyvalue://HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Windows\cd5307a3b84833154bf4e710c50a74c8.exe
        SigSeq: 0x000005554A1D9F60
    regkeyvalue://HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\ff683d7f61a68856779a758226eb59f8\
        SigSeq: 0x000005554A1D9F60

Results Summary:
----------------
Found BrowserModifier:Win32/Soctuseer!excl and Removed!
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 28 10:53:31 2017


Return code: 6 (0x6)


PFA the results by Sophos

SophosVirusRemovalTool.log

SophosVirusRemovalTool_cloud4.log

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted
Upload a File to Virustotal

Go to http://www.virustotal.com/
 
  • Click the Choose file button
  • Navigate to the file C:\Program Files\Cypress\TrackPad\CyHidWin.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the URL address of each scan back here please.
  • Repeat the above steps for the following files


C:\Program Files\Cypress\TrackPad\CyCpIo.exe
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for the updates/logs, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

user posted imageEmsisoft Emergency Kit
  • Click Here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8/10 users: Accept UAC warning if it is enabled). A screen like this will appear:
    user posted image
     
  • Leave everything as it is, then click Extract. This maybe listed as Install This will unpack or install Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction or installation is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
    user posted image
     
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    user posted image
     
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    user posted image
     
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    user posted image
     
  • Please Copy and Paste the contents of the scan log in your next reply.

Post those logs, also let me know if there are any remaining issues or concerns...

Thank you,

Kevin...

 

fixlist.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

How is your PC responding now, are there any remaining issues or concerns...?

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"


Post those new logs and we check your system overview...

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for te update, good hear your system is now responding as expected... We just need to clean up as follows:

MBAR can be deleted from your Desktop or where it was saved to...

Next,

Navigate to and delete the following, (if still present):

C:\ProgramData\Emsisoft
C:\Users\{your user name}\Desktop\start emergency kit scanner - Shortcut.lnk
C:\EEK
C:\Users\{your user name}\Desktop\EmsisoftEmergencyKit.exe

Next,

Uninstall Sophos AV http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we may have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept