Jump to content
Gokussj

MBAM apps won't run

Recommended Posts

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset and clean up" > "Restore settings to their original defaults"
 
Restart Chrome.
<<<>>>

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites
52 minutes ago, nasdaq said:

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset and clean up" > "Restore settings to their original defaults"

If i do this, will i lose my extensions, favorites, saved passwords, etc? Thanks

Share this post


Link to post
Share on other sites

In the meantime, here's the log. I believe it already did what you asked me to do with chrome because i was logged out from every website i was logged in

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 20.02.2019 02
Executado por Victor (21-02-2019 17:17:22) Run:1
Executando a partir de C:\Users\Victor\Desktop
Perfis Carregados: Victor (Perfis Disponíveis: Victor)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [0 2019-01-24] ()
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [0 2019-01-24] ()
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {021bdfa6-3f13-11e8-865e-10c37bc2c9b2} - "F:\Setup.exe"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {0b1a89dd-a9f2-11e8-8719-5cc9d3f4fc4c} - "G:\Setup.exe"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {65a81ed1-22f0-11e8-862d-10c37bc2c9b2} - "F:\Setup.exe"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {7130a44a-8f2c-11e5-825c-10c37bc2c9b2} - "F:\autorun.exe"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {81d9f08f-1fbf-11e9-87d6-5cc9d3f4fc4c} - "F:\Setup.exe"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {81d9f0cf-1fbf-11e9-87d6-5cc9d3f4fc4c} - "F:\Setup.exe"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {a2e1737e-a184-11e5-8290-10c37bc2c9b2} - "G:\autorun.exe"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {a2e17385-a184-11e5-8290-10c37bc2c9b2} - "I:\autorun.exe"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {c2d774e3-efb7-11e7-85ca-5cc9d3f4fc4c} - "F:\Setup.exe"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {c738c06d-69f2-11e8-86ae-5cc9d3f4fc4c} - "F:\Setup.exe"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {ca4b0156-ba80-11e8-8739-5cc9d3f4fc4c} - "G:\Setup.exe"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {d145e799-efe8-11e8-878c-5cc9d3f4fc4c} - "F:\Setup.exe"
SearchScopes: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CustomCLSID: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001_Classes\CLSID\{F0D5B8DF-FA50-4AC1-B644-6DD3DABA2DC0}\InprocServer32 -> 42494E41525953545245414D0300000003000000591248CE8BE38A631FB24E0033D1BD35475DB327E7A9CAA293834BF04FC6 => Nenhum Arquivo
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> Nenhum Arquivo
FirewallRules: [TCP Query User{949C8AE4-B322-49A1-917A-5BD734FF6F10}C:\program files\java\jdk1.8.0_131\bin\jmc.exe] => (Block) C:\program files\java\jdk1.8.0_131\bin\jmc.exe Nenhum Arquivo
FirewallRules: [UDP Query User{D258D11B-A796-4157-9489-0F984D486AF9}C:\program files\java\jdk1.8.0_131\bin\jmc.exe] => (Block) C:\program files\java\jdk1.8.0_131\bin\jmc.exe Nenhum Arquivo
FirewallRules: [TCP Query User{B8F0A294-E864-4C2C-9ABB-B9A263EBE038}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe Nenhum Arquivo
FirewallRules: [UDP Query User{728F8E4A-8674-4476-AF77-30F656BB3CB7}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe Nenhum Arquivo
FirewallRules: [{4EE0C92B-443B-46BA-B28B-F5CDDF60FECF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe Nenhum Arquivo
FirewallRules: [{06679319-6A7B-4472-B4A8-33F0D47F8AB1}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe Nenhum Arquivo
FirewallRules: [{7FE8EB3D-3470-43E5-B236-C550309BC058}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe Nenhum Arquivo
FirewallRules: [{7C7437CF-E1B4-4EF2-84D8-BC5F84EF5C80}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe Nenhum Arquivo
Reboot:

*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktopChanges" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktop" => removido (a) com sucesso.
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{021bdfa6-3f13-11e8-865e-10c37bc2c9b2} => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{021bdfa6-3f13-11e8-865e-10c37bc2c9b2} => não encontrado (a)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b1a89dd-a9f2-11e8-8719-5cc9d3f4fc4c} => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{0b1a89dd-a9f2-11e8-8719-5cc9d3f4fc4c} => não encontrado (a)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65a81ed1-22f0-11e8-862d-10c37bc2c9b2} => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{65a81ed1-22f0-11e8-862d-10c37bc2c9b2} => não encontrado (a)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7130a44a-8f2c-11e5-825c-10c37bc2c9b2} => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{7130a44a-8f2c-11e5-825c-10c37bc2c9b2} => não encontrado (a)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81d9f08f-1fbf-11e9-87d6-5cc9d3f4fc4c} => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{81d9f08f-1fbf-11e9-87d6-5cc9d3f4fc4c} => não encontrado (a)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81d9f0cf-1fbf-11e9-87d6-5cc9d3f4fc4c} => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{81d9f0cf-1fbf-11e9-87d6-5cc9d3f4fc4c} => não encontrado (a)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2e1737e-a184-11e5-8290-10c37bc2c9b2} => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{a2e1737e-a184-11e5-8290-10c37bc2c9b2} => não encontrado (a)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2e17385-a184-11e5-8290-10c37bc2c9b2} => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{a2e17385-a184-11e5-8290-10c37bc2c9b2} => não encontrado (a)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2d774e3-efb7-11e7-85ca-5cc9d3f4fc4c} => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{c2d774e3-efb7-11e7-85ca-5cc9d3f4fc4c} => não encontrado (a)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c738c06d-69f2-11e8-86ae-5cc9d3f4fc4c} => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{c738c06d-69f2-11e8-86ae-5cc9d3f4fc4c} => não encontrado (a)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca4b0156-ba80-11e8-8739-5cc9d3f4fc4c} => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{ca4b0156-ba80-11e8-8739-5cc9d3f4fc4c} => não encontrado (a)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d145e799-efe8-11e8-878c-5cc9d3f4fc4c} => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{d145e799-efe8-11e8-878c-5cc9d3f4fc4c} => não encontrado (a)
"HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removido (a) com sucesso.
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => não encontrado (a)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001_Classes\CLSID\{F0D5B8DF-FA50-4AC1-B644-6DD3DABA2DC0} => removido (a) com sucesso.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{949C8AE4-B322-49A1-917A-5BD734FF6F10}C:\program files\java\jdk1.8.0_131\bin\jmc.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D258D11B-A796-4157-9489-0F984D486AF9}C:\program files\java\jdk1.8.0_131\bin\jmc.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B8F0A294-E864-4C2C-9ABB-B9A263EBE038}C:\program files\android\android studio\jre\bin\java.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{728F8E4A-8674-4476-AF77-30F656BB3CB7}C:\program files\android\android studio\jre\bin\java.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4EE0C92B-443B-46BA-B28B-F5CDDF60FECF}" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06679319-6A7B-4472-B4A8-33F0D47F8AB1}" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FE8EB3D-3470-43E5-B236-C550309BC058}" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C7437CF-E1B4-4EF2-84D8-BC5F84EF5C80}" => removido (a) com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 75965248 B
Java, Flash, Steam htmlcache => 1154 B
Windows/system/drivers => 517804933 B
Edge => 0 B
Chrome => 400065908 B
Firefox => 838210877 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile32 => 0 B
LocalService => 326878 B
NetworkService => 1062 B
Victor => 247243285 B

RecycleBin => 0 B
EmptyTemp: => 1.9 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 17:23:47 ====

Share this post


Link to post
Share on other sites
43 minutes ago, nasdaq said:

Has the problem been solved with MBAM?

Actually i couldn't update MBAM but it updated after. But it seems MBAM exe files won't run on my computer. Right now i tried to run MBAM support tool but nothing happens when i click it

Share this post


Link to post
Share on other sites

Hi,

If you right click the malwarebytes .exe file as an Administrator does it run?

Any other .exe file you cannot run to execution?

Share this post


Link to post
Share on other sites
3 hours ago, nasdaq said:

Hi,

If you right click the malwarebytes .exe file as an Administrator does it run?

No, it doesn't run either

 

3 hours ago, nasdaq said:

Any other .exe file you cannot run to execution?

No, not that i'm aware. All the rest will run just fine

Share this post


Link to post
Share on other sites
On 2/23/2019 at 4:02 PM, nasdaq said:

Keep the old one.

Hey, sorry for coming back here. I don't know if i should create a new topic. Tell me if that's necessary

 

I did a scan with malwarebytes and it found a bitcoin miner. This is just the scan log but i deleted it all. 

 

Here's the log:

 

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 03/03/2019
Hora da análise: 19:20
Arquivo de registro: 8d867ca8-3e02-11e9-846a-5cc9d3f4fc4c.json

-Informação do software-
Versão: 3.7.1.2839
Versão de componentes: 1.0.538
Versão do pacote de definições: 1.0.9524
Licença: Premium

-Informação do sistema-
Sistema operacional: Windows 8.1
CPU: x64
Sistema de arquivos: NTFS
Usuário: ASUS-PC\Victor

-Resumo da análise-
Tipo de análise: Análise Rápida
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 2191
Ameaças detectadas: 5
Ameaças em quarentena: 0
Tempo decorrido: 1 min, 36 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Desabilitado
Sistema de arquivos: Desabilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Desabilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 3
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft Windows Search Indexer, Nenhuma ação do usuário, [734], [574717],1.0.9524
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D96E71FD-8C1B-4F81-BEFD-CDD9ADC4428F}, Nenhuma ação do usuário, [734], [574717],1.0.9524
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{D96E71FD-8C1B-4F81-BEFD-CDD9ADC4428F}, Nenhuma ação do usuário, [734], [574717],1.0.9524

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 2
RiskWare.BitCoinMiner, C:\WINDOWS\SYSTEM32\TASKS\Microsoft Windows Search Indexer, Nenhuma ação do usuário, [734], [574717],1.0.9524
RiskWare.BitCoinMiner, C:\USERS\VICTOR\APPDATA\ROAMING\ZHP\WINDOWS SEARCH\SEARCHINDEXER.EXE, Nenhuma ação do usuário, [734], [574717],1.0.9524

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

Share this post


Link to post
Share on other sites

Hi

Please just post a fresh MBAM log.

Has the bitcoin been removed and the computer is running well.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.