Jump to content

Malwarebytes will not run in any way, pc infected for sure.


CHANSON

Recommended Posts

Hello,

For several weeks now I have been attempting to clean my pc. I have already posted in the BSOD's subforum to combat all the crashes in my computer and although I have already solved a number of them, the largest threat is now malware of which I am pretty sure has infected my computer.

For instance Malwarebytes won't run, not in safe mode, not in admin nor in admin and safe mode. Malwarebytes Chameleon will only run when directly downloaded from this website but it is only version 2.2 and as I attempt to install the latest version, it becomes inoperable. It simply won't start.

I have updated all my drivers manually including my BIOS, which made the computer nice and quiet

I have run FRST, DDS, Rkill and Roguekiller and attached all files below but I just cannot get Malwarebytes threat analysis. I also booted with Bitdefender which solved one infected item.

FRST.txt

Addition.txt

Rkill.txt

dds.txt

attach.txt

rk_C314.tmp.txt

Link to post
Share on other sites

Hello CHANSON and :welcome:

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Please read the instructions carefully and follow the directions in the order listed.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process has to be completed in order to ensure the success of the clean-up. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware.


Please proceed with the following steps in the order listed.

I noticed that you have a program with malicious purpose installed on your system. Please completely remove Popcorn Time from your system through Start > Control Panel > Programs and Features.

Next,

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Run as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;


Next,
Please re-run RogueKiller and perform a new scan. When finished, check mark ONLY the items listed below and click the Remove Selected button.
Please attach that log in your next reply.


Check mark these under Registry tab:

[PUP.Conduit|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Found

[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\deskSvc -> Found

[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\hdcode -> Found

[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\AVG Secure Search -> Found

[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\AVG Secure Search -> Found

[PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2658818964-3869618227-1131224419-1001\Software\Conduit -> Found

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2658818964-3869618227-1131224419-1001\Software\DriverTuner -> Found

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2658818964-3869618227-1131224419-1001\Software\DriverTuner_Init -> Found

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2658818964-3869618227-1131224419-1001\Software\IGearSettings -> Found

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2658818964-3869618227-1131224419-1001\Software\Softonic -> Found

[PUP.SweetIM|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2658818964-3869618227-1131224419-1001\Software\SweetIM -> Found

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2658818964-3869618227-1131224419-1001\Software\Video Player -> Found

[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2658818964-3869618227-1131224419-1001\Software\Conduit -> Found

[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2658818964-3869618227-1131224419-1001\Software\DriverTuner -> Found

[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2658818964-3869618227-1131224419-1001\Software\DriverTuner_Init -> Found

[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2658818964-3869618227-1131224419-1001\Software\IGearSettings -> Found

[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2658818964-3869618227-1131224419-1001\Software\Softonic -> Found

[PUP.SweetIM|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2658818964-3869618227-1131224419-1001\Software\SweetIM -> Found

[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2658818964-3869618227-1131224419-1001\Software\Video Player -> Found

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\AVG Secure Search -> Found

[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\AVG Secure Search -> Found

[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8CA3DF18-B163-4DCB-9CEB-D6D8126EB6F7}C:\users\thijs jansen\appdata\local\popcorn time\node-webkit\popcorn time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\thijs jansen\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| [x] -> Found

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{A54C02D9-1DA1-40F5-AA2B-28E50A430000}C:\users\thijs jansen\appdata\local\popcorn time\node-webkit\popcorn time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\thijs jansen\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| [x] -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0BCC338D-B7C4-47E9-A3E7-8BE47CF801B3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Users\THIJSJ~1\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe|Name=drs4trend|Desc=drs4trend|EmbedCtxt=drs4trend|Edge=TRUE|Defer=App| [x] -> Found

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8CA3DF18-B163-4DCB-9CEB-D6D8126EB6F7}C:\users\thijs jansen\appdata\local\popcorn time\node-webkit\popcorn time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\thijs jansen\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| [x] -> Found

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{A54C02D9-1DA1-40F5-AA2B-28E50A430000}C:\users\thijs jansen\appdata\local\popcorn time\node-webkit\popcorn time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\thijs jansen\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| [x] -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0BCC338D-B7C4-47E9-A3E7-8BE47CF801B3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Users\THIJSJ~1\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe|Name=drs4trend|Desc=drs4trend|EmbedCtxt=drs4trend|Edge=TRUE|Defer=App| [x] -> Found

 

 

Check mark these under Files tab:

[PUP.Gen1][File] C:\Users\Thijs Jansen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Popcorn Time.lnk [LNK@] C:\PROGRA~2\POPCOR~1\POPCOR~1.EXE -> Found

[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner -> Found

[PUP.Gen1][Folder] C:\Program Files (x86)\Popcorn Time -> Found


Check mark this under Web browsers tab:

[PUM.HomePage][Firefox:Config] r7pdv0o2.default-1471442601477 : user_pref("browser.startup.homepage", "rt.com/"); -> Found


Next,

  • Please download AdwCleaner and move it to your Desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator.
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it.
  • After the restart, a log will open when logging in. Please attach that log in your next reply.


Next,

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.


In your next reply please attach the following logs:
Fixlog.txt
RogueKiller clean log.
AdwCleaner clean log.
Malwarebytes log.

How is the computer running? Were you able to run Malwarebytes now?

Thank you.

Rui

fixlist.txt

Link to post
Share on other sites

Hi Rui,

Thank you for helping me. I have run FRST with the fix txt and the file is attached. I then ran Roguekiller again, all in Admin, but couldn't find all the detections you listed in your reply. I removed the ones I did find and left the rest. I downloaded ADWcleaner and it ran succesfully with the file attached below.

But I still could not open Malwarebytes and I have to say that there is no Malwarebytes Chameleon in my C:\Program files, only in C:\Program files (x86) and it doesn't work there. The way this website describes getting into Chameleon and how it is in my C: drive differs greatly.

Afterwards I did an additional scan with Roguekiller in Admin and attached that file here too.

These are the links I could not find, it's possible that there are a few more but these I know for sure.

 

11 hours ago, Android8888 said:

[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=N360&pvid=21.1.0.18 -> Found

 

Fixlog.txt

rk_B85.tmp.txt

AdwCleaner[C0].txt

additional rk_2434.tmp.txt

Edited by CHANSON
Link to post
Share on other sites

11 hours ago, Android8888 said:

[PUP.Gen1][File] C:\Users\Thijs Jansen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Popcorn Time.lnk [LNK@] C:\PROGRA~2\POPCOR~1\POPCOR~1.EXE -> Found

 

11 hours ago, Android8888 said:

[PUM.HomePage][Firefox:Config] r7pdv0o2.default-1471442601477 : user_pref("browser.startup.homepage", "rt.com/"); -> Found

And these two I couldn't find either.

Link to post
Share on other sites

Okay, please follow and execute the next steps in the order listed.

Go to Start > Control Panel > Programs and Features and completely remove Driver Easy 5.6.0. Please read this information https://www.howtogeek.com/198758/never-download-a-driver-updating-utility-theyre-worse-than-useless/ concerning driver updating utilities.

Please read also the information at this link https://www.howtogeek.com/233115/the-only-way-to-safely-update-your-hardware-drivers-on-windows/ to see how can you safely update your drivers.


Next,

Re-run another scan with RogueKiller, and when the scan is complete check-mark ONLY the items below and click the Remove Selected button.


check-mark under Registry tab:

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F0A4918D-1625-44D3-84C8-BDD9D51E8CA7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [x] -> Found

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A5BB25F1-4998-4AB7-9DA2-803B0F6D5A8A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [x] -> Found

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F0A4918D-1625-44D3-84C8-BDD9D51E8CA7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [x] -> Found

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A5BB25F1-4998-4AB7-9DA2-803B0F6D5A8A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [x] -> Found

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {74ECC7CE-E289-4924-9B2B-3BB559DFFC6E} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files\Easeware\DriverEasy\DriverEasy.exe|Name=Driver Easy|Desc=Allow Driver Easy Access Internet to Scan and Download Drivers.| [7] -> Found

 

check-mark under Files tab:

[PUP.Gen1][Folder] C:\Users\Thijs Jansen\AppData\Roaming\Easeware -> Found

[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Driver Easy.lnk [LNK@] C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Found

[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Verwijder Driver Easy.lnk [LNK@] C:\PROGRA~1\Easeware\DRIVER~1\unins000.exe -> Found

[PUP.Gen1][Folder] C:\Program Files\Easeware -> Found


Next,

Download and run MB-CLEAN. Please run from an administrator account.

  • Download MB-CLEAN
  • Close all open applications
  • Double-click and run mb-clean-3.1.0.1031.exe
  • A prompt with an option to clean up the system will appear: click Yes
    • Yes - will proceed with backing up the license key (Malwarebytes 3.x only) and initiating the cleanup process
  • Once the cleanup process is completed, a prompt will appear:
    • Yes - will proceed and post reboot you will be prompted to continue with the downloading, installation and activation of latest version of Malwarebytes 3
    • No - will exit the utility and you will not be prompted (post reboot) to download, reinstall and re-activate (not recommended)
      • We recommend rebooting immediately. Additionally, stopping at this step is not recommended and will most likely not resolve your issue(s).
  • Upon reboot, a prompt will appear: click Yes
    • Yes - will download, install and activate the latest version of Malwarebytes 3
    • No - will exit the utility and Malwarebytes 3 will not be downloaded, reinstalled or re-activated (not recommended)

 If it does not offer the new install after the reboot you can download and install from here. 

https://downloads.malwarebytes.org/file/mb3  

 

After reinstalling Malwarebytes 3 please read carefully the link below to add specific Malwarebytes files to Norton Security exclusions list to be sure the application does not scan and interfere with Malwarebytes:

https://forums.malwarebytes.com/topic/190468-exclusion-list-for-norton-security/?tab=comments#comment-1071703

 

Next, if you were able to start Malwarebytes please do the following:

  • Open Malwarebytes and update the tool;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.

Let me know hoe is the computer behaving at this point.

Thank you.

Rui

Link to post
Share on other sites

Hi Rui,

This time I was able to remove all detections in Roguekiller that are listed here.

I removed Easy Driver as well and am currently busy trying to update my drivers safely.

I downloaded MB cleaner and it removed Mbam and rebooted my computer, I did not get a message to re-download Mbam so I downloaded it from here. However it still did not work. The file is attached below.

I must add that I couldn't find all of the executables you listed to add to the Norton list of exceptions in anti-virus. These two I couldn't find;

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamdor.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

Also this time there was no Chameleon file either. So I went into Safe Mode, used Mbam cleaner again, re-downloaded Mbam again but it still did not work. I then tried downloading Chameleon from this Topic, in the cmd window it says that it is downloading the latest version (3.3.1) but then it opens version 2.2 and asks me to update to the latest version. I do that and as always I just cannot run Mbam any longer.

 

mb-clean-results.txt

Edited by CHANSON
Link to post
Share on other sites

Hi CHANSON,

Please read the instructions and proceed with the following steps:

 

Re-run mb-clean-3.1.0.1031.exe follow the prompts and completely remove Malwarebytes.

Download the latest version of Malwarebytes from https://downloads.malwarebytes.org/file/mb3 and save it to your computer Desktop.

Reinstall Malwarebytes 3 but DO NOT run it yet!

 

For the next step you need to show hidden files and folders

How to Show Hidden Files and Folders on Windows 7, 8 or 10

 

Exclude from Norton Security the files and folders of Malwarebytes listed on the link below:

https://forums.malwarebytes.com/topic/191650-malwarebytes-3-frequently-asked-questions/?tab=comments#comment-1133327

Note that for Malwarebytes 3 you need to exclude 2 folders and 6 files as listed on the link above.

How to exclude files and folders from Norton

 

Restart the computer and launch Malwarebytes.

 

How is it now? Were you able to launch the program or not?

Android8888

Link to post
Share on other sites

Hi Rui,

I did everything you instructed here and it still wouldn't launch, not even in Safe Mode.

The Chameleon option also isn't present anywhere in any of the Malwarebytes files. Before it was present in "C:\Program files (x86)\Malwarebytes' Anti-Malware" but now there is literally only a Macedonian language package there.

I must note that, while MBcleaner removes all of Malwarebytes, Malwarebytes Service is still running in Service Manager which I can only stop while in Safe Mode.

Link to post
Share on other sites

Hello CHANSON,

Please do the following:

Download Malwarebytes Anti-Rootkit BETA and save it to your computer Desktop.

  • Right-click on the icon and select Run as administrator to start the extraction of the program;
  • Click Yes to accept the security warning that may appear;
  • Click OK to extract it to your Desktop (MBAR will be launched shortly after the extraction);
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, if threats are found, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;


Please attach that log in your next reply for my review.

Thank you.

Rui

Link to post
Share on other sites

I have been able to make a malwarebytes threat scan with version 2.2

I must note that Mb clean did not remove all of Malwarebytes in my computer, certain files were still there. Once I removed those, I was able to download and use chameleon from my computer which I was unable to do before. It made a scan and the file is attached below.

hhhh.txt

Link to post
Share on other sites

Hi CHANSON,

3 hours ago, CHANSON said:

It did not find any Malware..

Good!

But this is weird. MB-Clean should remove all files and folders concerning your version of Malwarebytes.

Forget the version 2 of Malwarebytes. We will try to remove all remnants of MBAM using FRST.

Okay, let's try the following:

Re-run mb-clean-3.1.0.1031.exe follow the prompts and completely remove Malwarebytes. DO NOT install it yet and proceed to the next step.

Re-run FRST, make sure the Addition.txt box is check-marked, click the Scan button and provide me a new set of fresh logs for my review.

Thank you.

Rui

Link to post
Share on other sites

Hi CHANSON,

Alright, please proceed with the following instructions:

Follow the instructions below to execute a fix on your system using FRST, and provide the log (Fixlog.txt) in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Run as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;

Next,

Let's see if you are able to install and run Malwarebytes now. Please download the latest version of Malwarebytes from this link and install it on your computer.

  • Open Malwarebytes and check for updates; Usually, once started the tool will search for updates automatically.
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.

Please attach the logs and let me know if you are still having issues in running Malwarebytes.

Thank you.

Rui

 

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.