Malwarebytes not actually removing virus

[MaxRiv]

Remaking this post due to me not reading and incorrectly making the first post. Good news is that I managed to fix it partly. I now am able to use the internet on my computer with the browsers, but I don't think what I did was a permanent fix. Also fixed it so I can open MalwareBytes again. But now, the problem is MalwareBytes doesn't detect anything, but I know 100% there is still malware on the computer (due to other programs such as RKill, HitmanPro Here's my stuffs, thanks for the quick help.

 

 

FRST.txt

Addition.txt

MalwareBytesLog.txt

[kevinf80]

Hello MaxRiv and welcome to Malwarebytes, Your logs indicate smartservice infection, to defeat that infection you will need access to a spare PC and a USB Flashdrive 4GB or above. First do the following on the infected PC: Open FRST, copy/paste the following inside the text area of FRST. Once done, click on the Fix button. A file called fixlog.txt should appear on your desktop or the folder you saved FRST to. Attach it in your next reply. Start:: CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes End:: Next, Boot up your spare PC plug in the flash drive, navigate to that drive, right click on it direct and select format. Quick option is adequate... Next, On that same PC downoad and save FRST to same Flash drive, make sure to get the correct version, if you are unsure d/l and save both, only the correct one will run. Do not plug Flash Drive into sick PC until booted to Recovery Environment. http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ Next, Boot sick PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference... https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html Next, From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10 From that window select "Troubleshoot" From the next window select "Advance Options" From that Window select "Command Prompt" Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open...... Continue with the following:   Select Command Prompt In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" or "My PC" and find your flash drive letter and close the notepad. In the command window type E:\frst64 or E:\frst depending on your version. Press Enter Note: Replace letter E with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Leave the infected PC in Recovery mode, post the produced log from your flash drive via the spare PC.... Thank you, Kevin..

[MaxRiv]

I will be trying this out immediately when I get home. Thank you very much for the quick reply.

[kevinf80]

You`re very welcome, post logs when ready..

[MaxRiv]

Sorry, but I'm running into a bit of trouble trying to follow these steps. I've gotten up to getting FRST onto a flashdrive, but im having trouble booting into the recovery environment. After doing a bit of research, I learned that my SSD which has my OS on it doesn't have a recovery partition on it, only the OS. I believe that is needed to boot into the recovery environment. What should I do?

[kevinf80]

There is a recovery environment, we are not looking for a recovery partition. Did you complete the first step of my last reply..?

[MaxRiv]

yeah, it wont let me access the recovery environment after following the steps given (Control panel recovery restart, holding shift and restarting). It always puts me right back to the login screen. Sorry for being so difficult

[kevinf80]

Did you complete the first step of my initial reply, can I see that log....

[MaxRiv]

of course, sorry

Fixlog.txt

[kevinf80]

Thanks for that log, at least we know the first step is completed. I did explain that a spare PC and Flash drive were required, which version of windows is installed on the spare PC..

Edited October 15, 2018 by kevinf80
typing error

[MaxRiv]

Well, I don't have another windows computer at my house, so I used a windows 7 machine from my Networking class to download the FRST onto the flashdrive

 

[kevinf80]

Did you try all seven options fiven at Windows10 forum link, link follws:

https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

If all of those options fail you can create a System Repair CD and boot from that to get Advanced Optiions, not sure if the infection will allow that on the sick PC:

https://www.tenforums.com/tutorials/36083-create-system-repair-disc-windows-10-a.html

Or, you can create the same CD on a Windows 7 system and boot sick W10 PC to same Advanced Options:

https://support.microsoft.com/en-gb/help/17423/windows-7-create-system-repair-disc

[MaxRiv]

Ok so I made the recovery disk on the win7 machine and tried running it on the sick win10 machine, but it said that the version of the recovery on the disk isn’t supported for the win10 version on the sick pc. I’ve tried making a recovery disk on my win10 sick pc, but it fails every time I try to, along with the recovery usb.

[MaxRiv]

Im kind of ready to just install linux over windows then reinstall linux. Would that work? The only thing I'm worried about is that I have 3 storage devices in total. 1 SSD, which stores my OS and some programs. Then I had 2 HDD's, which store everything else on my computer. So if I were to install over my OS, I would maintain most of my other stuff, but is there a way for me to make sure there is no malware or anything on my HDD's which will transfer over to windows once I reinstall it over linux? I don't want to do all of that and end up still having the smartservice infection on my computer.

[MaxRiv]

install linux over windows, then reinstall windows over linux*

(messed it up in the last post and dont know how to edit it.

1 minute ago, MaxRiv said:

Im kind of ready to just install linux over windows then reinstall linux. Would that work? The only thing I'm worried about is that I have 3 storage devices in total. 1 SSD, which stores my OS and some programs. Then I had 2 HDD's, which store everything else on my computer. So if I were to install over my OS, I would maintain most of my other stuff, but is there a way for me to make sure there is no malware or anything on my HDD's which will transfer over to windows once I reinstall it over linux? I don't want to do all of that and end up still having the smartservice infection on my computer.

 

[kevinf80]

You can create W10 recovery CD here: https://www.tenforums.com/software-apps/27180-windows-10-recovery-tools-bootable-rescue-disk.html

I`m not 100% sure but system refresh is also an option to try, basically windows is reinstalled whilst all of your personal stuff is preserved. Any 3rd party software that came with the system is also preserved. Stuff you installed yourself is lost, is that an option you may consider....

https://www.tenforums.com/tutorials/4090-refresh-windows-10-a.html

[MaxRiv]

I cant refresh the system, when I click the button it does nothing. Tried following the W10 recovery CD instructions, but it wouldn't actually boot to the WindowsPE. I know it's not your fault in the slightest, but im getting very tired of nothing im doing working. I follow all of the guides down to the letter yet it never seems to work. Probably just going to get a Win10 disk from my Networking class, format my SSD, then completely reinstall windows. I just want my PC back in working order

 

[kevinf80]

Thanks for that update MaxRiv,

I agree with you, sometimes it more productive to go for a fresh install

If you have a licence key for Windows 10 you can create a bootable flashdrive to make a fresh install using the following link:

https://www.tenforums.com/tutorials/2376-create-bootable-usb-flash-drive-install-windows-10-a.html

That will have to be done on a seperate clean PC as the infection on sick PC will corrupt the flashdrive...

Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...

[MaxRiv]

WAAAAAAIT! I did it! I managed to get a friend to make a recovery disk for win10 for me, and I now have the log which we wanted in the first place! A miracle! Posting it in just one minute!

[MaxRiv]

FRST.txt

[kevinf80]

Well done, protective rootkit is removed... We should have more control of your system now. Continue:

Boot your system back to Normal mode....

Open Malwarebytes Anti-Malware.   On the Settings tab > Protection Scroll to and make sure the following are selected: Scan for Rootkits Scan within Archives   Scroll further to Potential Threat Protection make sure the following are set as follows: Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended) Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)   Click on the Scan make sure Threat Scan is selected, A Threat Scan will begin. When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab If asked to restart your computer to complete the removal, please do so When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more to retrieve the log. To get the log from Malwarebytes do the following:   Click on the Reports tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply   Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror   Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Let me see those logs in your reply... Thank you, Kevin...

 

[MaxRiv]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/18/18
Scan Time: 6:37 PM
Log File: 7254c0d0-d326-11e8-956e-00ffaa7997d4.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7421
License: Trial

-System Information-
OS: Windows 10 (Build 17134.345)
CPU: x64
File System: NTFS
User: DESKTOP-SUEN9VL\Max Rivera

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 354187
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 1 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Trojan.Agent, C:\WINDOWS\TASKS\TEST TASK17.JOB, Quarantined, [397], [584333],1.0.7421
PUP.Optional.Goobig, C:\USERS\MAX RIVERA\APPDATA\LOCAL\SNOIWGD\REKGPOZ.EXE, Quarantined, [14651], [562661],1.0.7421

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)
 

 

[MaxRiv]

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-10-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-18-2018
# Duration: 00:00:07
# OS:       Windows 10 Education
# Scanned:  31969
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****
 

FRST.txt

Addition.txt

[kevinf80]

Thanks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop Ensure to get the correct version for your system.... https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time....   Let me see those logs in your next reply, also tell me if you have any remaining issues or concerns..   Thank you,   Kevin

fixlist.txt

[MaxRiv]

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.65, October 2018 (build 5.65.15327.2)
Started On Tue Oct  9 18:27:46 2018

Engine: 1.1.15200.1
Signatures: 1.275.1525.0
MpGear: 1.1.15201.1
Run Mode: Scan Run From Windows Update

Results Summary:
----------------
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct  9 18:28:32 2018

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.65, October 2018 (build 5.65.15327.2)
Started On Thu Oct 18 19:24:08 2018

Engine: 1.1.15200.1
Signatures: 1.275.1525.0
MpGear: 1.1.15201.1
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 18 19:25:02 2018

Return code: 0 (0x0)
 

 

 

dont believe I have any more issues. No more "Windows Background Processes" in task managed, malwarebytes realtime web protection is actually able to turn on now, windows defender is working fine. You're a godsend. Sorry for being difficult haha

Fixlog.txt