Jump to content

Infected and can't to Open Malwarebytes


Recommended Posts

Hello @Hershko  & :welcome:

My name is Maurice.  I will be helping & guiding you on this case.

Please let me know, What happened recently?   what was maybe changed recently?

Do you have access to another computer to do downloads & then transfer to the problem computer ....via pen / flash / USB removable device ?

Please also be sure you tell me if this pc runs Windows 10 or 8.1, or Windows 7 ?

 

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually
  • Please attach both logs to your reply if possible. Otherwise, you may copy/paste the logs directly if you have to, but an attachment is better.
  • To save attachments please click the link as shown below. Then browse to where your file is located and select it and click the Open button.

_mb_attach.jpg

 

  • Then post into this thread and attch your FRST.txt, Additions.txt

Thank you.

Sincerely,

Link to post
Share on other sites

6 hours ago, Maurice Naggar said:

Hello @Hershko  & :welcome:

My name is Maurice.  I will be helping & guiding you on this case.

Please let me know, What happened recently?   what was maybe changed recently?

Do you have access to another computer to do downloads & then transfer to the problem computer ....via pen / flash / USB removable device ?

Please also be sure you tell me if this pc runs Windows 10 or 8.1, or Windows 7 ?

 

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually
  • Please attach both logs to your reply if possible. Otherwise, you may copy/paste the logs directly if you have to, but an attachment is better.
  • To save attachments please click the link as shown below. Then browse to where your file is located and select it and click the Open button.

_mb_attach.jpg

 

  • Then post into this thread and attch your FRST.txt, Additions.txt

Thank you.

Sincerely,

 

FRST.txt Addition.txt

Link to post
Share on other sites

Good morning.

Thanks for sending the FRST reports.

Please do not use the "Quote" button when making a reply.  You and I are the only ones on this case.  I get all replies.  Quote only echoes what was written before & makes the whole thread longer and deeper than it needs to be.

Thanks in advance.

.

I see Roguekiller, Avast, HitmanPro, BitDefender, Advanced SystemCare 11  have been either used or installed on this box.

First question:   Are you getting help on this case at any other forum ?   If yes, lets stop and discuss that.

 

The Windows Winsock is broken and needs attention. A Windows sockets (Winsock) is an application programming interface  that allows for communication between Windows network software and network services.  It is foundational to pc Windows communications.

This next procedure is intended to get it properly set.

 

Please save and Close all open work  ( if any ) before starting on this.  The procedure will do a Windows Restart  ( pc reboot ) at the end.

 

I am sending a   custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) in the Desktop   C:\Users\win10\Desktop\‏‏תיקיה חדשה

{   IF this file opened up in Notepad .....please Close the file.

The FIXLIST.txt is meant to be SAVED    }

 


Start the Windows File  Explorer and then, open the Desktop & that sub-folder   \Desktop\‏‏תיקיה חדשה.


Double click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach that log into your next Reply.   Also, tell me, does Windows now get to the internet normally ?

We will do more later, after this.

Sincerely,

 

fixlist.txt

Link to post
Share on other sites

Hello Maurice
Thanks for your help
I have traied to install Roguekiller, Avast, HitmanPro, BitDefender because I thought that virus has taken over my pc, but non of the programs above was able to install itself.

And it is my first time that I getting help from a forum about this issue. 

After the fix I still have no internet connection, it show to me "unrecognized network" and I can't use the windows search.

Fixlog.txt

Link to post
Share on other sites

Thanks for the Fixlog.

Q:  Is the computer directly connected with a cable to the internet router box ?

or, is it using WIFI ?

If the latter, can you manage to get it connected with a cable to the router?
.

One other thing, this last log showed The RPC server is unavailable.

Remote Procedure Call is one of those key central Windows services that has to be on.

[ 1 ]

Please be sure that you are logged in to Windows with a login that has Administrator-level rights.

From Start button, select RUN (or Windows-flag-key +R key) and in the run-text-box type in MSCONFIG and press OK or Enter.

 

On Vista or Windows 7, press Windows-key on keyboard, and type in MSCONFIG

 

You should see the General tab. Click the General tab. It should have Normal startup selected (in the radio-box=selection)

 

IF it does not, then you click on Normal startup.

 

now Click on Services tab. To get it's display of Windows services.

 

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

 

Look at the bottom line Hide all Microsoft services

 

IF and only IF its is checkmarked, then un-check it.

 

the list of services may be shown in non-alphabetical order, so ....

 

Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.

 

You can toggle as needed to get the desired order.

 

IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !

 

Then using the scroll-bar scroll down the list

 

Look for Base Filtering Engine. Click on the checkbox so that it is checked ( that is needed so that service is ENABLED).

 

Look for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

 

Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

 

Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

 

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

 

Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Defender Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

 

Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

 

When done, press the Apply button, and the OK button.

 

You're likely to be prompted to Restart Windows, do so.

 

If not prompted, you need to do a Logoff and Restart of Windows.

.

[ 2 ]


This Windows seems to have a issue on some specific Windows services.
I need for you to have pen and paper handy and take notes on what follows, please.

Press and hold the Windows-flag-key on keyboard and tap the *R* key to get the RUN menu option.

type in

 

Quote

services.msc



and press Enter key. 

Scroll down the list. Look for "Remote Procedure Call ( RPC )".

Does it show in the list as Running?
If it does not, then click the line "Remote Procedure Call ( RPC )   to be sure it is selected

look on the upper left corner and click on Start service.


Scroll down the list. Look for "Windows management Instrumentation".

Does it show in the list as Running?
If it does not, then click the line "Windows management Instrumentation: to be sure it is selected

look on the upper left corner and click on Start service.

Close the window when done.

[ 3 ]

Start NOTEPAD { you can press Windows-key+R keys to get the RUN option
and then type in

Quote

NOTEPAD.exe


and press Enter key to start NOTEPAD.

Check and make sure "word wrap" is off. 
From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
IF it -is- checkmarked, click that one time so that it is un-checked.

Please copy/paste the lines below to Notepad:


@Echo on
pushd\windows\system32
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset resetlog.log
shutdown -r -t 1




now Save as flush.bat to your desktop.
Double-click flush.bat file to run it. Your computer will reboot.

[ 4 ]

Then, since this computer is running Windows 10 Enterprise, do a lookup & check on the Windows Network status.

Press the Windows-flag key on keyboard to get the fly-out menu.

Click on the Windows Settings icon.  then press the "Network & Internet.

Look at the network status display.   click on the line Show available networks.

What does it show for your network ?

Kindly relay to me all details. Thank you.

.

 

Link to post
Share on other sites

The prior suggestions ( fixes) had nothing to do with Windows search.

 

To enable Windows search service, follow these steps:
  1. a. Click on start, go to control panel.
  2. b. Open administrative tools, right click on services and click on run as administrator.
  3. c. Scroll down for Windows search service, check if it is started.
  4. d. If no, then right click on the service and click on start.

My main suggestion as to your priority issue:  was & is to contact your internet service provider about getting the Network settings taken care, the whole connection issue with the internet.

That is something basic & foundational.

 

Once your pc has a working internet connection, you should see much improvement.

and after that, I can guide you to making some security scans.

Just contact your I S P  to get going.

 

As to one of the long term  ( but needing attention soon) is to get this Windows upgraded to the Windows 2019  upgrade version.   Version 1903 OS build 18362.175

That requires a working internet connection   and some manual Windows Update checks by you.

Link to post
Share on other sites

One other thing that needs checking on, is for the Malwarebytes Service.

From Start button, select RUN (or Windows-flag-key +R key) and in the run-text-box type in MSCONFIG and press OK or Enter.

 

On Vista or Windows 7, press Windows-key on keyboard, and type in MSCONFIG

 

You should see the General tab. Click the General tab. It should have Normal startup selected (in the radio-box=selection)

 

IF it does not, then you click on Normal startup.

 

now Click on Services tab. To get it's display of Windows services.

 

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

 

Look at the bottom line Hide all Microsoft services

 

IF and only IF its is checkmarked, then un-check it.

 

the list of services may be shown in non-alphabetical order, so ....

 

Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.

 

You can toggle as needed to get the desired order.

 

IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !

 

Then using the scroll-bar scroll down the list

 

 

Look for Malwarebytes Service. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Lets make real sure it is not disabled.

 

 

When done, press the Apply button, and the OK button.

 

You're likely to be prompted to Restart Windows, do so.

.

NEXT

Press and hold the Windows-flag-key on keyboard and tap the *R* key to get the RUN menu option.

type in

 

Quote

services.msc



and press Enter key. 

Scroll down the list. Look for "Malwarebytes Service".

Does it show in the list as Running?
If it does not, then click the line  Malwarebytes Service    to be sure it is selected
look on the upper left corner and click on Start service.

That service Startup type should be shown as Automatic


Scroll down the list. Look for "Windows Defender Firewall".

Does it show in the list as Running?
If it does not, then click the line "Windows Defender Firewall: to be sure it is selected

look on the upper left corner and click on Start service.

That service Startup type should be shown as Automatic

Close the window when done.

 

If not prompted, you need to do a Logoff and Restart of Windows.

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.