Jump to content

Real Time Protection in Safe Mode

Emma1

By Emma1
in Resolved Malware Removal Logs

 Share

Recommended Posts

Emma1

Emma1

Posted
Posted

I was hit with Phobos In Sept. and replaced the pc hard drive. I am now trying to locate any non infected files on the old drive. Every time I run Malwarebytes in safe mode the Real Time Protection shuts off and will not activate while in safe mode.

Can someone please enlighten and instruct me how to fully scan my files.

Thanks!

Link to post
Share on other sites
  • Staff
Malwarebytes

Malwarebytes

Posted
  • Staff
Posted

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column

    mbst_get_started.jpg
     
  7. Click the Gather Logs button

    mbst_advanced_gather_logs.jpg
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer

    mbst_getting_logs.jpg
     
  9. Upon completion, a file named mbst-grab-results.zip will be found on your Desktop. Click OK

    mbst_log_saved_desktop.jpg
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Link to post
Share on other sites
exile360

exile360

Posted
Posted

As long as the ransomware isn't active and attempting to encrypt your files/data, there is no activity for the Ransomware Protection component to detect so it wouldn't do you any good in dealing with an offline drive/inactive system anyway.  The Ransomware Protection, Exploit Protection and Web Protection components rely entirely on in-memory activity to detect threats based on malicious and suspicious behaviors, they do not analyze inactive/dormant files on disk to look for threats; that's what the scan component is for.

You can learn more about how the various components of Malwarebytes function by reviewing the diagram and information found on this page.  If it were me, I'd scan the files with Malwarebytes and at least one or two of the many freely available AV scanners such as those from Microsoft (included in your operating system by default), Kaspersky, ESET, Dr Web, Bitdefender, Norton/Symantec and several other reputable AV/AM vendors.  Most offer free scanning and threat removal so you should be able to scan your device for any dormant threats and get them cleaned up before moving any of your data over to your new installation.

I hope that helps to clarify things a bit, and if there is anything else we might assist you with please let us know.

Thanks

Link to post
Share on other sites
Emma1

Emma1

Posted
  • Author
Posted

Thanks Exile & Firefox.

My knowledge of Ransomware, before the infection, was little. It hit the home network both desktop and laptop. I was concerned something might still spread from the old hard drive if I did not scan in Safe mode. I did not find a ransom note so I was unsure if I might have interrupted the infection before it completed.

Sorry for the stupid question. I thought I was well protected and overwhelmed at the destruction.

Thanks again!

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

IF you have an old drive   and a new drive   and both are accessible, then perhaps you should scan the old drive first   ( by a Custom scan run with Malwarebytes).

Scan the old system before copying to the new drive.   and also, scan your new drive too beforehand.

It seems the mention of "safe mode" ( on original post)  got us sidetracked.  My colleagues are right on in that you should be scanning while in normal Windows.

( it is only in very unique conditions that safe mode scanning is needed).

 

You mentioned something earlier  

Quote

ransomware files

What files are those ??

IF you have a unresolved cleanup after a ransomware situation, you ought to be posting in the Windows  Malware Removal sub-forum.

See the preliminary steps   

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

First, please make sure the current working Operating System is running security protection. Windows 10 by default has Windows Defender running. If you have Malwarebytes Premium it has multiple protection modules as well to help protect the system.

With the other hard drive connected as long as you don't click and run anything on the old drive, it should not pose too much of a security risk.

Using Malwarebytes in Safe Mode though will not produce anywhere near the best detection rates. Even in Windows Normal Mode scanning a flat-file system is not what Malwarebytes was designed for and you would probably be better off using a program like Kaspersky to scan the old hard drive as well.

 

Please download and run the following Kaspersky antivirus scanner to remove any found threats

Kaspersky Virus Removal Tool

I would also suggest posting the logs as suggested by @Maurice Naggar - AFTER running the Kaspersky antivirus scan.

Thank you

Ron

 

Link to post
Share on other sites
Emma1

Emma1

Posted
  • Author
Posted

Hi,    Yes I'm in and out. Life gets in the way sometimes!

  I am slowly weeding my my way through old backups to recover "stuff". Many lessons learned. When this attack occurred I also had an old laptop on the home network. Luckily it held little but was completely fried.

Funny, I always thought myself prepared and cautious. I received no ransom note.....bizarre.

Thanks for taking the time.

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Encrypted files are typically not curable.   Unless they are of a certain set that do have 3rd-party decrypter tools.

Upload 2 of your "encrypted" files up to Id-Ransomware site for an analysis to see ( if possible ) which family of ransomware.

Upload 1 at a time.  Save the summary-analysis for each.

https://id-ransomware.malwarehunterteam.com/

 

P.S.  The ransom notes can be removed.   Just please know that Malwarebytes has no decrypter.

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello.

How are things ?  Do you need other help?

I believe you indicate that your current system has been scanned.   You had said

Quote

I have scanned and re-scanned with Malwarebytes. Also external drives. No threats detected.

Have you scanned your current system with Kaspersky like AdvancedSetup suggested ?

Ransomwares delete themselves after doing their deed.

 

IF you still need help on this current system, I will need this readout report for review.

I would like to have you run a report tool known as FRST. This has no personal information. It is a well-known & widely used &safe.
FRST will help provide me with a list of installed programs and other information about your computer that will help me see if there are any other problems that are not being detected. Please follow the steps below to run FRST.


1: Please download FRST from the link below and save it to your desktop:

"Download link for 32-Bit version Windows"

"Download link for 64-Bit Version Windows"

Please wait and look toward the top or bottom of your browser for the option to Run or Save.
Click Save to save the file version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Run report with FRST

Right-click on FRST icon and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.

_Windows 8 or 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._

Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
Press Scan button and wait.




The tool will produce 2  logfiles on your desktop: FRST.txt , Addition.txt 
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.

Thank you.

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.