Jump to content
alwaysthinking

Threat scan has been "checking for updates" for over 13 hours

Recommended Posts

In addition, my computer's overall performance has slowed significantly as well. Opening web pages and applications takes much longer than it usually did. Something even as simple as right-clicking a file will take close to a minute to open the menu. My detection history shows some detections in the past few days, so I am suspecting that that may be the culprit, however my most recent threat scans have shown no threats detected or quarantined. I have attached my FRST.txt, Addition.txt, a screenshot of my threat scan checking for updates, a screenshot of my detection history, and the log of my most recent successful threat scan.

history.jpg

scan.jpg

Addition.txt FRST.txt log.txt

Share this post


Link to post
Share on other sites

Hello @alwaysthinking

Go ahead and stop Malwarebytes and reboot the computer.

Next, Please download and run the following Avast removal tool. You have left over elements from Avast on the system.

http://files.avast.com/files/eng/aswclear.exe

Then run the following fix.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Share this post


Link to post
Share on other sites

I have completed the steps. My computer's performance went back to normal after I ran aswclear, and I was able to complete a threat scan in a normal amount of time. But I still ran FRST64 and produced the Fixlog anyway just in case.

Also, I have noticed that Malwarebytes Tray Application keeps appearing in my Task Manager. Is this normal? Why does this keep appearing in Task Manager?

Fixlog.txt

Share this post


Link to post
Share on other sites

Yes, it is normal for the Malwarebytes Tray to be in the list of Task Manager because it is running.

Please go ahead and run reboot the computer one more time. Then run a new scan with FRST and attach both new logs so I can take a look. It looks like one item was not removed.

Thanks

 

Share this post


Link to post
Share on other sites

That is part of our program that allows access to certain changes, it also allows alerts to users, etc.

image.png

 

Do you read Chinese? There is a driver that appears to be in Chinese or some other obfuscated entry on the computer

S3 ⸮僾否馹ﳞ嶌ቱ眖㚩츮訑ꭉ㼃䗦莻₁皑屛᏶ﵙ嗱頾艬℆㻔䑡识꫎㝾쾩翖㡁썮崦發뎉쫄훮ᵙ濖ꇡ઱ᓳꡋ腹쬓흩瞫눎승岡縁㧆ꦜ胾ᔤꀶଶ᲎湑暆꜖�쉱漬Ⳟ펔䦹Љ뢱闦ඣ等넛Ḯ퉃䠾滻ⵙ�쏶村ꚑ냌ᾩ౴竎륦鑡מ煛c䀇⦔劭扯湩⸥f⸥㜱gHdsKe; C:\Windows\system32\drivers\⸮僾否馹ﳞ嶌ቱ眖㚩츮訑ꭉ㼃䗦莻₁皑屛᏶ﵙ嗱頾艬℆㻔䑡识꫎㝾쾩翖㡁썮崦發뎉쫄훮ᵙ濖ꇡ઱ᓳꡋ腹쬓흩瞫눎승岡縁㧆ꦜ胾ᔤꀶଶ᲎湑暆꜖�쉱漬Ⳟ펔䦹Љ뢱闦ඣ等넛Ḯ퉃䠾滻ⵙ�쏶村ꚑ냌ᾩ౴竎륦鑡מ煛c䀇⦔劭扯湩⸥f⸥㜱gHdsKe.sys [105136 2017-09-08] (AVAST Software) [File not signed]

 

A Google Translation only seems to translate some of it.

image.png

 

Share this post


Link to post
Share on other sites

Let me have you run the following to see if it will show more of what is going on there.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Share this post


Link to post
Share on other sites

Yes, I used the Avast Cleaner to delete my "avast!" folder from my C drive.

No, I don't read Chinese. There are also some Korean and Hebrew characters in there. I don't know why the file was named like this. I have located the file in my C drive and its properties say that it's from AVAST Software. Should I run the Avast Cleaner again to delete this file?

Share this post


Link to post
Share on other sites

Yes, please go ahead and delete that file. We'll also probably need to scan your Registry another way to try to remove that value

Try opening REGEDIT on your system and then browse to the following key location:   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

See if you can find an entry with Unicode like that and let me know.

 

Share this post


Link to post
Share on other sites

Do you know how to remove the entry in the Registry?

If so and you know you're removing only the correct bad value, or key then go ahead and remove. If it is a Parent - Top key location then do not delete it. Show me a screen shot first please.

Thanks

 

Share this post


Link to post
Share on other sites

Here is a screen shot of the registry. I can right click the entry and see a delete option, but I don't know how to identify if it's a Parent - Top key location.

registry2.jpg

Share this post


Link to post
Share on other sites

No it's not a Parent. The Parent in the tree is SERVICES - do not delete that one.

Go ahead and delete the one you've found and selected. That is the correct option. Let me know if it won't delete

 

Share this post


Link to post
Share on other sites

Great. Glad you were able to remove it without issue.

Let me have you do a clean removal and reinstall of Malwarebytes now

https://support.malwarebytes.com/hc/en-us/articles/360038522234-Uninstall-and-reinstall-Malwarebytes-for-Windows-with-the-Malwarebytes-Support-Tool

Take your time and be patient. Let me know if there are any issues with that

 

Share this post


Link to post
Share on other sites

Yes, that is a download from our MBST program that is used to help gather logs when needed. In  your case we're just using MBST to do the removal and reinstall of our program. Please do that and let me know how it goes

 

Share this post


Link to post
Share on other sites

I used the MBST and it seemed to have gone fine. In recent days, I have noticed my computer's internet has occasionally stopped working until I restart the computer, but I'm not sure if that's a virus/malware issue.

Share this post


Link to post
Share on other sites

Are you using Wireless or Wired connection to your router?  Can  you please take a screen shot and show me which version of Malwarebytes  you're using.

Here is mine

 

image.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.