Jump to content
Alwithaprob

Windows 10 + Malwarebytes recent update

Recommended Posts

So I recently updated Malwarebytes Premium to 3.8.3. My system is clean and spotless as a white lamb that isn't the issue so figured this was the best place to ask for support. 

Ever since the 3.8.3 update I have had issues when booting my system I have to disable pre-boot antimalware protection via  #8 option in advanced system startup to even get into  Windows 10. I don't claim to be a huge tech person or anything, but I also understand the importance of preventing rootkits and the alike. 

I've scanned my PC via multiple tools provided by Malwarebytes and other suggested tools from content posters on these forums. Everything comes back clean so like I said at this point I just don't think it is related to such an infection and more so has to be something with Windows 10 versus Malwarebytes itself. 

Just to kind of explain the situation I am having in some more detail...every time I boot my PC it will start the wheel turning thing talking about having to disagnoze my pc, and having to  attempt repairs and that sort of thing. Then it goes to the blue recovery screen where you can either reset your pc by Windows 10 factory defaults and/or use advanced settings such as by disabling the antimalware option I mentioned earlier. 

Normally I wouldn't be too bothered by this, just this has been becoming frustratingly more bothersome to me so I apologize if I come off as I do. 

Any and all support is greatly appreciated and welcomed. Malwarebytes you guys do an awesome job and I've been supporting and suggesting you guys to everyone I do business with. 

All the best, 

-Al

Share this post


Link to post
Share on other sites

Hello @Alwithaprob and :welcome:

Thank you for using Malwarebytes 3 for Windows.

Please follow only steps 1 thru 8 in the Upload Malwarebytes Support Tool logs manually procedure.  Then, attach the mbst-grab-results.zip archive file in your next reply to this topic for proper analysis by Staff/Experts.

Thank you.

Share this post


Link to post
Share on other sites

Hopefully I did this right! 

 

I also went ahead and went into safe mode and used the support tool to do a "repair attempt"  have not had a chance yet to test it since then but will wait for your response anyway just to be on safe side. 

All the best,

-Al

mbst-grab-results.rar

Share this post


Link to post
Share on other sites
Posted (edited)

Hello @Alwithaprob:

Please tell the forum if the mbst-grab, you have posted. was taken before or after you ran the mbst-repair.

Then, please await further instructions.

Thank you.

Edited by 1PW

Share this post


Link to post
Share on other sites
11 hours ago, 1PW said:

Hello @Alwithaprob:

Please tell the forum if the mbst-grab, you have posted. was taken before or after you ran the mbst-repair.

Then, please await further instructions.

Thank you.

Hi! 

Thanks for the fast reply. The repair tool/button was used before the scan was done. At that time I had not considered that this could very well affect any scans so I do apologize entirely. As of right now (like one reboot only) Windows loaded fine, but we all know how Microsoft can be as well! Once I have more time later today I will reload windows several times and try to report back. 

Sincerely,

-Al

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, Alwithaprob said:

The repair tool/button was used before the scan was done.

Hello @Alwithaprob:

Not to worry.  It happens several times per week.  IMHO the mb-support-X.X.X.XXXX.exe GUI could do with some reworking.  Since you have accomplished the mbst-repair, we need to see a fresh mbst-gather if you have the time.

BTW - that computer's C:\ partition is running dangerously low on free space.  Please consider some serious cleanup that strives to achieve about 25% (or more) free space.  Your "white lamb" could also use some minor cleanup within Windows 10 itself.  If that system tries to update to W10 1903 (from 1803) the process would likely fail before completion.

Also, please give close scrutiny to updating Mozilla's Firefox and Java.  Both are quite dangerously out-of-date.

Reference: Free Up Drive Space in Windows 10

Thank you.

Edited by 1PW

Share this post


Link to post
Share on other sites
16 hours ago, Alwithaprob said:

Just to kind of explain the situation I am having in some more detail...every time I boot my PC it will start the wheel turning thing talking about having to disagnoze my pc, and having to  attempt repairs and that sort of thing. Then it goes to the blue recovery screen where you can either reset your pc by Windows 10 factory defaults and/or use advanced settings such as by disabling the antimalware option I mentioned earlier. 

Hi Al.

Was there a very recent run of Microsoft Windows Update run for the latest Version?

The FRST seems to indicate some sort of operation

2019-07-21 00:58 - 2019-07-21 00:58 - 000000000 ____D C:\$Windows.~BT
2019-07-21 00:48 - 2019-07-21 01:06 - 000000000 ___HD C:\$SysReset

As an aside, please do not try to make changes or fixes on your own.

The $WINDOWS.~BT  folder are associated with the Windows 10 upgrade process.

My sense is that the first priority is to address the Windows build update issue.  Get that cured first, then later the Malwarebytes.

This pc is running build 1803  and would be a prime candidate for the build 1903 update from Microsoft.

 

FRST also indicates 4 zero-byte files / folders.   We may need to move your case over to the Windows Malware removal help forum.

C:\WINDOWS\system32\Drivers\1E1C67DE.sys [2017-06-03] <==== ATTENTION (zero byte File/Folder)
C:\WINDOWS\system32\Drivers\5C9A02AE.sys [2017-06-03] <==== ATTENTION (zero byte File/Folder)
C:\WINDOWS\system32\Drivers\68476414.sys [2017-06-03] <==== ATTENTION (zero byte File/Folder)
C:\WINDOWS\system32\Drivers\77120EFA.sys [2017-06-03] <==== ATTENTION (zero byte File/Folder)

 

Share this post


Link to post
Share on other sites

Hello @Alwithaprob:

Maurice has rephrased what I posted above and he's quite right.  I have requested that forum management move your entire topic to the Windows Malware Removal Help & Support sub-forum.

Thank you.

Share this post


Link to post
Share on other sites

You are right about the Windows Update. I have had issues ( before and after I had more disk space ) with updating my Windows. Not entirely sure why. From what I recall I've even attempted going through the Microsoft download center and getting the exact one for my PC (the  x64 AMD one) and it still gave errors. 

It came to a point where I was constantly getting the "your update failed and so is being reset error". I've had this issue for quite some time ( months) I had not considered it may be relative though either honestly. Out of purely curiosity today when it directed me to the Windows Recovery System blue screen thing I even attempted to do a PC reset (while keeping personal files) and it stated there was an "error" but didn't state what the error was just stated that "no changes were made"  

At this point I am not entirely sure what I need to do or how to go about it. 

Could those zero bytes be possible traces of  past malware infections? I know a good year or so ago I had some malware that the Malwarebytes support team did a wonderful job of helping me to remove. 

Share this post


Link to post
Share on other sites

Al,

The case ( topic ) has been moved to malware removal for one to one help.   I will be helping and guiding you, going forward on this case.

As Pete noted earlier, one of the first things to do is to Free up space on this pc.

Like Pete said    Reference: Free Up Drive Space in Windows 10

and you may also set Windows to do a clean-boot startup.  Plus also be very sure to not do any web-surfing, do anything un-necessary online with any web browser.

How to perform a clean boot startup of Windows

https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows

 

Please have lots of patience.  We will do one thing at a time.  Do not do any fixes or changes on your own.  If you have questions, ask me first.

Not sure what those files/folders are about.  We can clean them up later on.

Share this post


Link to post
Share on other sites

p.s.  added note.   Just be sure you do not move user folders or anything of that sort.

Just see https://www.tenforums.com/tutorials/70830-delete-temporary-files-windows-10-a.html

and

https://www.tenforums.com/tutorials/3012-open-use-disk-cleanup-windows-10-a.html

These 2 should not take that much time.   and let me know after you have Windows 10 in a clean-boot startup.

Thanks

 

Share this post


Link to post
Share on other sites

Okay I have  freed up about 30% of my drive. I have also followed the instructions from the links you provided. I have as well prepared my computer for a clean boot. I have NOT actually restarted my computer as of yet as one of the items I had to disable was my network adapter ( which will mean I will not have any internet to view your messages! ) So waiting for further instructions :)

Share this post


Link to post
Share on other sites

On the network adapter startup (s) , make very very sure it is not turned off.

Then, do a Windows restart.

Lets start with a couple of checks.

[ 1 ]

Run a scan with Malwarebytes.
Start Malwarebytes from the Start menu.

Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed. Then too, Repeat the scan one more time. It does not take long.

and again, be sure all detected items are removed.


Let it remove what it has detected.
{ C }
Now, Restart Windows back to normal mode.



When that is completed, kindly send the report.
In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your reply.

 

[ 2 ]

Let's have you run the Microsoft Malicious Software Removal Tool   (  MS  MSRT ).

This tool is a limited one.  It targets some specific "common" malicious threats.  It is a tool run typically once a month when your Windows does a Windows Update check.

I would just like a one time on demand run.

Point your browser to this MS website link    https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx

Look to see it matches your language & your version of Windows in terms of 64-bit or 32-bit

Download and save the tool.   Then go to the folder where saved  ( should be the Downloads folder).  

Double click the tool   and allow it to Run.   It should not take more than 12 - 15 minutes.

We will do more later on.

Share this post


Link to post
Share on other sites

Hello! 

Apologies that took so long. I had accidentally did a full scan instead of a regular one for the Microsoft Tool. 

Both of the Malwarebytes and the Microsoft Malicious Tool came back clean here are the two mbam text files you requested. 

mbamreport1.txt mbamreport2.txt

Share this post


Link to post
Share on other sites

This Thread/topic is for member  Alwithaprob only. who is the topic starter.

If you are not  Alwithaprob   , do NOT post here  & do NOT use this on any other system.

 

Thank you for the reports and the info.

This next task may take a good bit of run time.  So keep that in mind, and have lots of patience.  Monitor the run from time to time.

This run is intended to do a few fixes for this system.

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads folder

The tool named FRSTENGLISH.exe  is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRSTENGLISH

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt log with your next reply, And, also let me know how things are at this point.

There will be more to do after all this.

Fixlist.txt

Share this post


Link to post
Share on other sites

Just for clarification, 

I click "scan" then "go" ? after the scan fixlist.txt is completed. It appears it made an addition.txt From looking at the fix log some kind of error was given at the bottom. 

Addition.txt Fixlog.txt

Share this post


Link to post
Share on other sites

Thanks for the reports. The last couple of "errors"  in the log are not show stoppers.

Tell me, how is Windows doing at startup just now ?  Is it starting more normal ?

I also would like you to see if you can spot the very last Microsoft Windows Update "error"   ( if you can find it ).

Go to the Windows start.  Select the Settings icon.  Click Update and security.  Then pick Windows Update.  Then take time, look over all of the list shown there.

Click on View Update history.

Do you see one dated July 2019  with a update failure "error code" ?

Further to that, there is a diagnosis & repair tool named SFCFIX by Sysnative.  Can you go to this next link

https://www.sysnative.com/forums/downloads/sfcfix/

Read it over.  Follow the listed steps.  After it has completed, you will see on your Desktop, called SFCFix.txt.

Kindly attach the SFCFIX.txt  with your next reply.

 

Share this post


Link to post
Share on other sites

The problem with Windows Recovery Environment is still persisting a good 50% of the time unfortunately.. I was worried the Farbar wasn't done as it restarted and had went to that Windows Recovery Environment once after it restarted the computer but once it was back in Windows it didn't restart the software so I assume it was over. 


I have had the following Window Update errors/updates

2019-07 Cumulative Update for WIndows 10 Version 1803 for x64 based systems (Kb4507435) (8)

Last failed 07/19/19 - 0x800f0922 

2019-06 Cumulative Update for Windows 10 Version 1803 for x64 based systems (kb4503286) 

Failed to install on 06/22/19 - 0x800f0922


The SFCfix said stage 1 of 6 failed on server whatever that means (when it was running) 

see attached file as requested 

I don't see the file you requested but this is what I do see  from the command prompt  + the directory it mentions 

Attempting repair . . .
Stage 1
Stage 2
Stage 3

Due to the nature of your corruptions, scan times have been extended by
approximately 15-20 minutes. Please be patient and allow the operation to
complete.


Deployment Image Servicing and Management tool
Version: 10.0.17134.1

Image Version: 10.0.17134.885

[==========================100.0%==========================]
Error: 0x800f081f

The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077.

The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log

 

dism.log

Share this post


Link to post
Share on other sites

Thank you for the Windows Update error code.  and for the Dism.log

Now, let us go low and slow.  There are a few things ( it seems to me, more than one thing) in your paragraph

Quote

The problem with Windows Recovery Environment is still persisting a good 50% of the time unfortunately.. I was worried the Farbar wasn't done as it restarted and had went to that Windows Recovery Environment once after it restarted the computer but once it was back in Windows it didn't restart the software so I assume it was over. 

Please separate and break it down for me , just what is going on now.  why Windows Recovery Environment ?

How does that come about ?

Can you simplify for me what exactly is going on now ?

I just want to make sure that Windows is starting normally and OK,   Can you confirm?

I also want to make sure that you are not doing any changes or fixes on your own.  Can you confirm ?

I think we need to slow down, re-group.   after that, we will address the Update error & the DISM error

Share this post


Link to post
Share on other sites

1st issue:  This originates back to the original reason ( I think ) as to why I made the topic on here. After I updated to 3.8.3 I started to automatically go to Windows Recovery Environment a good 50% or more of the timed when I rebooted my machine. There had been absolutely zero surfing, zero additinal programs added, etc  in a relative amount of  time compared to malwarebytes upgrade. 

The recovery environment boots up quite often on restart claiming that is needs to  diagnose and repair my system only to fail in doing so. 


2nd issue: Well that was the whole windows update thing we are looking at now I guess 

3rd issue: no idea I guess that's whatever else you was looking for


I have done zero fixes on my own and have not done anything beyond what I have been instructed by you personally. 

Share this post


Link to post
Share on other sites
Posted (edited)

OK.  Thanks.  Lets take things in smaller chunks.  One of the first thing I would like done is to enable the use ( if needed, on demand) of the F8 function key at reboot or startup time.

These next are done using the elevated command prompt of Windows 10.   Just go slow, careful.

Press and hold the Windows-key on keyboard and then tap the X -key

then select Command Prompt ( Admin )       image.png.564a69e614e55478783d218a932ba0e7.png

For each one of the following lines,  take One at a time.   COPY each line as -is  in its entirety  ( CTRL+C )  and then Paste  ( click with the mouse pointer on the command prompt & then right click & select PASTE) onto the black command prompt window and

then tap Enter-key.   Do that for each line.

 

bcdedit /set {default} bootmenupolicy legacy

pushd\windows\system32

net stop wuauserv

net stop cryptSvc

net stop bits

net stop msiserver

Ren C:\Windows\SoftwareDistribution SoftwareDistribution.old

Ren C:\Windows\System32\catroot2 Catroot2.old

net start wuauserv

net start cryptSvc

net start bits

net start msiserver

exit

.

When this is all done, and the F8 function key use is enabled  ( for startup options), next startup you will see a option menu show up each time pc is rebooted.

Normally, you will just select Windows 10  to start normally.

For the following run, I would suggest to get Windows re=started into Safe mode WITH NETWORKING

Please make some time, quiet time, and do a study of this Microsoft how-to article

https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode

The suggestion I have is to go to the Start menu, click the Windows Settings icon. Select Update & Security.  Click on Windows Update.

The Windows Update ( eventually) will have a display like this when it shows up.

Note that the display will show the new build in a new way, in the middle of the display.  You will need to click on the blue line marked "Download and install now"  when ready.

 

 

image.png.a159dcd13e60df784d8184f6a2f411d6.png

 

Getting that Windows build update will put this pc in a better position for a more secure operating system.

 

 

 

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Hello command prompt is ran as admin and this error happens when I do 

Ren C:\Windows\SoftwareDistribution SoftwareDistribution.old

"Access is denied" 

Share this post


Link to post
Share on other sites
Posted (edited)

I got your last post. 

What follows is a first step to have Windows 10 show all files and folders. Do not let this spook you out.

There is a how-to at Tenforums. Use either option one or two or three

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html


after that, go back into the outlined procedure, and pick up once more on the line 

Ren C:\Windows\SoftwareDistribution SoftwareDistribution.old

and

all below that too.    IF you get another Access denied, STOP and let me know.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.