Jump to content
opurt

Can not get Malwarebytes GUI to display - Infected

Recommended Posts

This is a follow up to the thread in the Windows Support Forum (please see link embedded below).    
I can not get to the Malwarebytes Gui, so I do not have a threat log to attach and we were not able to get a log  file (mbst-grab-results.zip) from the support tool.

FRST has been run and I have the FRST.txt  and Addition.txt files attached.  Please note that FRST locks up at the "Scanning Other Areas..." Step

My

  at

 

Addition.txt FRST.txt

Share this post


Link to post
Share on other sites

Hi, 

My name is Maurice. I will be helping and guiding you, going forward on this case.   Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

 

There is no basis at present for thinking that a infection is involved.  I tend to rely on security tools to make the first judgements on infection.

This is more likely a glitch of some sort.

By the way, the FRST do not show a sign of infection.   Though it does show a few startup entries that need to be removed.

Your pc shows to be running the Fall 2018 build of Windows 10.   It would be much better to get the O S  upgraded to the November 2019 Build 1909.

That should be the near future goal.   For now, a mini-cleanup.

The Addition.txt  report file is truncated.  Likely a by-product of the notation you made "" that FRST locks up at the "Scanning Other Areas..." Step "".

 

This custom script is for  OPURT  only.

Close and save any open work files before starting this procedure. 

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please save the (attached file named) FIXLIST   ( as is) to the  DOWNLOADS\Malwarebytes  folder

The tool named FRST64.exe   tool    is already on the Downloads\Malwarebytes folder

Start the Windows Explorer and then, to the Desktop.


Double click FRST64

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

.

[  2  ]

After the Windows system restarts, allow it a minute or two to settle in.   Keep going down this list, no matter what.  Do all items listed in #2 , #3, #4

Then, lets do this tweak in Malwarebytes for Windows, if at all possible.

 See to it that Malwarebytes for Windows is not registered with the Windows 10  Windows Security Center.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with WindowsSecurityCenter Click theSecurity Tab. Scroll d.own to 

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".

When done, close the window.

Then I suggested Restart-ing Windows.

 

[  3  ]

Let's have you run the Microsoft Malicious Software Removal Tool   (  MS  MSRT ).

This tool is a limited one.  It targets some specific "common" malicious threats.  It is a tool run typically once a month when your Windows does a Windows Update check.

I would just like a one time on demand run.

Point your browser to this MS website link    https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx

Look to see it matches your language & your version of Windows in terms of 64-bit or 32-bit

Download and save the tool.   Then go to the folder where saved  ( should be the Downloads folder).  

Double click the tool   and allow it to Run.   It should not take more than 12 - 15 minutes.


[   4   ]

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your reply.

Kindly do have patience during all this.

 

Please know I help here as a volunteer.  and that I am not on 24 x 7.

Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.

Sincerely.

 

 

Fixlist.txt

Share this post


Link to post
Share on other sites

Hi Maurice,
Thank you for the help, it is greatly appreciated.
I do agree with you that we most likely have a glitch rather than an infection, but, I will be happy to get this resolved.
After this issue is resolved, I will upgrade Windows 10 to 1909.
I've completed step (1) and the fixlog.txt is attached.  Now onto step 2!
Thank you,
Paul

Fixlog.txt

Share this post


Link to post
Share on other sites

Hi Maurice,

Step [2] - I can not get to the Malwarebytes GUI (which is my original problem), so I am not certain how to proceed.

Step [3] -  I was able to download the tool from  https://www.microsoft.com/en-us/download/details.aspx?id=9905 (rather than the link in the instructions) and I am now running a full scan.  Results will be shared later tonight.

Thank you,
Paul

Share this post


Link to post
Share on other sites

Thanks for the Fixlog report.   That was a very fine run.

I look forward to getting the reports from step 3  and step 4.

.

SO as long as Microsoft Malicious Software Removal Tool   & the Microsoft Safety Scanner  report no malware, then I would suggest these next steps.

[   A   ]

Download   Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.

If using Windows 7/8 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.
If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services

 
Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Attach FSS.txt  with  your reply.

 

[  B   ]

RSIT (Random's System Information Tool)
Please download RSITx64 by random/random... save it to your desktop.

  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.

.

 

Share this post


Link to post
Share on other sites

Step [3] - full run of Microsoft Malicious Software Removal did not find any malicious software.   On to step 4!

Share this post


Link to post
Share on other sites

Apologies that I did not include the log from the Microsoft Malicious Software Removal run(step[3]).  Here it is!

mrt.log

Share this post


Link to post
Share on other sites

Thank you for the MSRT log.    That is all good.

Started On Fri Jan 10 19:41:05 2020

Engine: 1.1.16500.1
Signatures: 1.305.2804.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Hi Maurice,
The Microsoft Safety Scanner (step [4]) did find some problems (40) and fixed the issues.  Please see the attached log.
Thank you,
Paul

msert.log

Share this post


Link to post
Share on other sites

Hello Paul.

Thanks for the log from  Microsoft Safety Scanner.

Let us do a follow-up scan.

 

 

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now
It will start a download of "esetonlinescanner_enu.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan
Click on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Share this post


Link to post
Share on other sites

The ESET found a number of java exploit types, + some riskwares  +some risky torrent downloader types.

 

One further scan.  This one local to the pc.

Windows 10 has the Microsoft Windows Defender Antivirus which can run the Windows Defender Offline scan.
Windows Defender Offline in Windows 10 can be run directly from within Windows, without having to create bootable media.

Click the Windows Start menu button on the Taskbar, select Settings icon. Then choose Update and Security.
 

In Windows Settings  >>> click on Windows Security from the left side list.

Next, In Windows Security section:  Click on the grey button Open Windows Security

next click on the blue Scan options

Look down the options list.  Tick on Windows Defender Offline scan.   Then click the grey "Scan now" button.


and let it scan the system.

Keep in mind that the design and what is scanned by Windows Defender is a whole different design from Malwarebytes. But do let me know how this scan goes and what the result is.

Share this post


Link to post
Share on other sites

Thanks for the logs.  Windows Defender reported 0 malware .   

Quote

Number of threats from scan: 0

 

Please try uninstalling and reinstalling Malwarebytes for Windows using the Malwarebytes Support tool. 

Uninstall and reinstall using the Malwarebytes Support Tool
https://support.malwarebytes.com/docs/DOC-2674

Please have lots of patience with the tool.  The first phase is a cleanup and does require a Windows Restart.
After the Restart, it may take 2 - 3 - 4 minutes till the Support tool screen shows up.   Please be patient and have faith.  Wait for it, whatever it takes.
The 2nd phase is where it offers to do a new Install.   Have lots of patience /  wait for the 2nd phase for however long it takes

Let me know if this run clears up the issue or not.

Share this post


Link to post
Share on other sites

Hi Maurice,

The "cleanup" phase of the "Uninstall and reinstall" is still running after 6.5 hours (CPU usage about 2.0% and ~22MB of memory).   Unless you think otherwise, I will just let it keep running....

Share this post


Link to post
Share on other sites

Howdy.

6.5 hours is way outrageous.   This normally is all done under 20 minutes, including the intermediate reboot / restart.

Look at any open windows other than the tool itself   and close each one of the others.

Use a two-key keyboard sequence   .....press and hold the ALT_key  and tap the TAB key on keyboard to cycle thru the open windows.   Do you see the support tool ?

If not do a Windows Restart.   after the system finishes loading ....WAIT as much as it takes ...up to 15 minutes for some phase of the support tool to come back.

If after that, there is no appearance, then let me know.

I am sorry for all this trouble.

Share this post


Link to post
Share on other sites

Hi Maurice,

I closed all the open windows (Firefox, thunderbird, Winamp and task manager).  However, before I closed Task Manager, I noticed that Windows Defender was running.   I turned off Windows Defender (via settings) and the CPU and memory for mb-support shot up.   5 minutes later it was asking me to reboot and a new version was installed after the reboot.

I now have both the Support Tool and the Malwarebytes 4.04 Premium GUI open (first time I have seen the GUI in a while).

At this stage, what do you recommend that I do to ensure that I can open the GUI in the future?  Should I close the Support Tool?   Should I reboot and see if everything is working properly?  Or, is there a test you would like me to run at this time?

Thank you for the help!
Paul

Share this post


Link to post
Share on other sites

Hello Paul.

I do hope you had Closed the support tool.   For sure, close it.  You report having a good setup now of Malwarebytes for Windows.

What you experienced were flukes.   Having a good install now, I would not expect a repeat.

Just start Malwarebytes.  Click the Settings ( gear ) icon.   Then click the About tab.  Tell me what you see on there.

I am so glad to know the install, at last, completed.

Cheers.

Share this post


Link to post
Share on other sites

Hi Maurice,

The support tool has been closed.

Here is the info from the about screen (with an attached screenshot also):

Version Information
Malwarebytes version 4.0.4.49
Update package version 1.0.17722
Component package version 1.0.793

I am going to reboot the machine and ensure that I can get into the Malwarebytes GUI (after a reboot).  Right now, anything that hits the internet is behaving slowly (from only this computer).  

Thank you,
Paul

about.JPG

Share this post


Link to post
Share on other sites

After a reboot, I can still get to the Malwarebytes GUI.    However, anything that hits the internet is very slow from this machine.  I suspect that there is a conflict or overall config issue.  WHat do you recommend to look at next?
Thank you,
Paul

Share this post


Link to post
Share on other sites

Hi,

Thanks for the information.  The pc does have the latest version of the Malwarebytes for Windows.

 

Any slowness on this pc may be due to low Free space on the system disc.   Look at the free space on drive C.

Run the built-on disk cleanup applet included with Windows ..... CLEANMGR

Disk cleanup in Windows 10

The main goal here is to free up disk space

 

  • To delete temporary files:

 

In the search box on the taskbar, type disk cleanup, and select Disk Cleanup from the list of results.

 

Select the drive you want to clean up, and then select OK.

 

Under Files to delete, select the file types to get rid of. To get a description of the file type, select it.

Be sure you select Temporary Internet Files

Recycle Bin

Temporary files

 

  • you should  also delete/cleanup  system files:

 

In Disk Cleanup, select Clean up system files.    ( that is on the grey button on bottom left )

 

Select the file types to get rid of. To get a description of the file type, select it.

Select OK.

 

.

Share this post


Link to post
Share on other sites

Hi Maurice,
I do have 1.46 TB free on the system disk.  I will run the disk cleanup utilities and report back.  
About 30 minutes after the reboot, everything is now running much better.   Not sure what was bogging down the machine, but will still do the cleanup 🙂
Thank you,
Paul

Share this post


Link to post
Share on other sites

I see your last notes.  Thanks.

If there are lots of open windows/apps running minimized  ( that you yourself started) Close those that are really not needed immediately.

Lets see about running 2 special reports.

[   1   ]

Please download MiniToolBox save it to your desktop and run it.

Reply YES when prompted by Windows to Allow the program to run.

Reply YES when prompted by the tool to proceed.

 

Checkmark the following check-boxes:

  • Flush DNS
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files


Click Go and post the result ( MTB.txt ). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

 

[   2   ]

Download   Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.

If using Windows 7/8 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.
If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services

 
Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

 

Sincerely.

Share this post


Link to post
Share on other sites

Farbar's Service Scanner utility results

The machine has been running fine for the last few hours, we may be in good shape!

Thank you,
Paul

FSS.txt

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.