Jump to content

Infected and Malwarebytes Web Protections will not turn on.

toolazyforalogin
 Share

Recommended Posts

toolazyforalogin

toolazyforalogin

Posted
Posted

Hi,

I have some type of infection that is stopping my Malwarebytes Web Protection from turning on.  I've run the Malwarebytes RootKit checker and it did prompt me to finding something before it would run.  I selected to remove the possible .dll file (don't recall the name as it was a quick process I was hoping to fix myself) and after the rootkit program ran, it did not come up with an infection.  I was able to scan using Malwarebytes as well and it did not come up with anything.  My ZoneAlarm antivirus was not able to find anything either.  I'm at a loss and unsure of what direction to proceed.  Any ideas would be welcomed and much appreciated.  Thank you in advance for your suggestions and strategies.

Link to post
Share on other sites
toolazyforalogin

toolazyforalogin

Posted
  • Author
Posted

I'm not even close to an expert but I believe I've found using Process Explorer a version of "lsass.exe" that does not belong.  I can't end the process and I can't find out where it is located.  The Process Explorer does not identify it belonging to Microsoft and it is 6484 KBytes.  In reading from file.net 

 

 

How to recognize suspicious variants?

  • If lsass.exe is located in a subfolder of the user's profile folder, the security rating is 64% dangerous. The file size is 29,696 bytes (4% of all occurrences), 65,024 bytes and 118 more variants. The file is not a Windows core file. The program is not visible. There is no description of the program. The software starts when Windows starts (see Registry key: MACHINE\Run, Run, Winlogon\Shell, Userinit, exefile, User Shell Folders, MACHINE\RunOnceEx, win.ini, MACHINE\RunOnce, MACHINE\User Shell Folders, RunOnce, DEFAULT\Run). Lsass.exe is able to monitor applications and manipulate other programs.

 

 

Unfortunately I'm not sure how to get rid of this file (if it is even malicous).

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello toolazyforalogin and welcome to Malwarebytes,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Next,

Run FRST one more time:

Type the following in the edit box after "Search:".

lsass.exe

Click Search Files button and post the log (Search.txt) it makes to your reply.

Let me see these logs in your reply:

FRST.txt
Addition.txt
Search.txt

Thank you,

Kevin....

 

Link to post
Share on other sites
toolazyforalogin

toolazyforalogin

Posted
  • Author
Posted (edited)

No, I changed my "realname" name to "editedname" rather than posting what it actually was as I was not comfortable posting my first and last name in a public forum.  I replaced all "myrealname" with "editedname" in the two .txt files that I uploaded.  

Thank you again,

 

Edited by toolazyforalogin
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

I cannot continue unless the navigational addresses are correct, when I list an entry into a fix to be run through FRST it will not work....  My real name is Kevin Finan, that will be seen by thousands of people who frequent these boards, also the thousands of posts both here and the other multitude of similar forums have logs with real genuine names. They make absolutely no difference.

If you want to continue post fresh logs:

Run FRST one more time, ensure all boxes are check marked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt


Thank you,

Kevin

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept