Jump to content
Diminished7th

Can't install Malwarebytes

Recommended Posts

I just had a technician from Spectrum repair issues I was having with my internet and soon afterwards when I open both Firefox and Chrome I got the about:blank pages. Concerned I was going to run Malwarebytes, but the program appeared to have been uninstalled so I tried to install it again but was met with the message that I couldn't. Also there was a point soon after the technician had left when browsing there appeared to be a command prompt quickly appear and disappear. Any help is appreciated.

Share this post


Link to post
Share on other sites

Hi,    :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Let me know what first name you prefer to go by.

 

You made no mention of what version of Windows is on this pc.  Please be sure you run the report below,  AND  also provide other detail, like

a)  Does this pc run either Kaspersky Internet Security or Kaspersky Total Security ?

b) Does this pc run some antivirus program supplied by Spectrun ?

 

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

 


I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.5.3.749.exe  to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

Share this post


Link to post
Share on other sites

My operating system is Windows 7 and I'm not using any anti-virus programs. My problem started today when a technician from Spectrum came to my house to fix signal issues that I was experiencing. The technician managed to fix the issues by replacing my dying modem, but less than 2 hours after the technician left I saw what looked like a command prompt mentioning something about a DNS server. Concerned I attempted to run Malwarebytes but it appeared to have been uninstalled. Not being able to install Malwarebytes I tried to run the Mbar program which found about 15 different kinds of malware on my PC. After choosing the clean option in Mbar the PC restarted to complete the removal of the malware and it seemed to have remove the malware but when I tried to install Malwarebytes again the malware seemed to have installed itself again in the same manner. Sorry for the long post, just trying to inform you of my situation.

mbst-grab-results.zip

Share this post


Link to post
Share on other sites

Thanks.

I noticed you had used HitmaPro at some point.  And you report using MBAR on your own.

While we work this case,  please do not run other tools on your own.  Check with me first before making changes or doing some thing.

 

The Malwarebytes Support tool is mb-support-1.5.3.749.exe    on the Desktop.   We will use it.  You do not need to re-download it.

Before we do anything else,  I need for you to do one Shutdown  >>  Restart    so that you have a good Restart.

 

Next

Please try uninstalling and reinstalling Malwarebytes for Windows using the Malwarebytes Support tool. 

Uninstall and reinstall using the Malwarebytes Support Tool
https://support.malwarebytes.com/docs/DOC-2674

Please have lots of patience with the tool.  The first phase is a cleanup and does require a Windows Restart.
After the Restart, it may take 2 - 3 - 4 minutes till the Support tool screen shows up.   Please be patient and have faith.  Wait for it, whatever it takes.
The 2nd phase is where it offers to do a new Install.

Let me know if this run clears up the issue or not.

Share this post


Link to post
Share on other sites

As I suspected, uninstalling Malwarebytes via the support tool and trying to re-install it resulted in the malware infecting my PC to re-install itself and block the install.

Share this post


Link to post
Share on other sites

Did you manage to start and run the Support tool ?   yes or no ?

 

Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please.

Please download Malwarebytes Anti-Rootkit (MBAR) from this link here
 
and save it to your desktop.

 

RIGHT click on the MBAR file and  select Run as Administrator   &   allow it to run.

•Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

With some infections, you may see two messages boxes:

1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, press the Cleanup button when the scan completes. .

Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
  
 

Share this post


Link to post
Share on other sites

As an addendum to my previous post, the malware appears to a cryptocurrency miner virus called lsma12.exe for what it's worth.

Share this post


Link to post
Share on other sites

The run with MBAR was very beneficial.  It removed C:\Windows\inf\aspnet\lsma12.exe  along with several associated tasks.

Make sure that you Restarted the system since that run.   It had some removals scheduled with the Restart.

.

What follows are 2 parts.  The first is to do a Clean & re-install of the Malwarebytes for Windows version 4.0.4

[ 1 ]

Please try uninstalling and reinstalling Malwarebytes for Windows using the Malwarebytes Support tool. 

Uninstall and reinstall using the Malwarebytes Support Tool
https://support.malwarebytes.com/docs/DOC-2674

Please have lots of patience with the tool.  The first phase is a cleanup and does require a Windows Restart.
After the Restart, it may take 2 - 3 - 4 minutes till the Support tool screen shows up.   Please be patient and have faith.  Wait for it, whatever it takes.
The 2nd phase is where it offers to do a new Install.

Let me know if this run clears up the issue or not.

 

[ 2 ]

After the new install is in place, then a new Scan with Malwarebytes for Windows.

Run a scan with Malwarebytes.
Start Malwarebytes from the Windows  Start menu.
Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.
Then click the SECURITY  tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON  if it does not show a blue-color
Now click the small X  to get back to the main menu window.

Click the SCAN button.
Select a Threat Scan ( which should be the default).
When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.
Then click on Quarantine selected.

Be sure all items were removed. Then too, Repeat the scan one more time. It does not take long.
and again, be sure all detected items are removed.

Let it remove what it has detected.
 

Share this post


Link to post
Share on other sites

Ran the support tool, did the cleanup, restarted the PC and the install failed. As the installation was running a command prompt briefly appeared with text saying DNS sever is OK and then the malware reinstalled itself again. I can block the installation of the malware after removing it with the anti-rootkit and disconnecting from the internet before my PC has restated, but as soon as I try to install an anti-malware program the malware manages to re-install itself. Also there is an executable file that was created the same time malware installed itself called winnts that may be one of the reasons the malware perpetuates itself and it isn't being detected by the anti-rootkit. Strange that this malware installed itself soon after I had my internet modem replaced and was browsing a website called twitch.tv which is owned by Amazon which I don't think allows their websites to be cesspools for malware.

Share this post


Link to post
Share on other sites

Sorry to hear of the on-going trouble.  I had you run MBAR the other day.

 

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/
Look on the right side of the page.  Click Scan Now

It will start a download of "esetonlinescanner_enu.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.
Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".
Next, when prompted by Windows, allow it to start by clicking Yes
When prompted for scan type, Click on Full scan
Click on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.
Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
Click The blue “Save scan log” to save the log.
If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
Press Continue when all done.  You should click to off the offer for “periodic scanning”.
 

[   2   ]

Run report with FRSTENGLISH    ( it is on the Downloads folder)

Go to the Downloads folder.

 

Right-click on FRSTENGLISH   and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.

_Windows 8 or 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._
Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
Press Scan button and wait.


The tool will produce 2  logfiles on your desktop: FRST.txt , Addition.txt 
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.
Thank you.
 

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.