Jump to content

Malwarebytes won't open and Chameleon uninstalls itself


Recommended Posts

I just found out like 3 days ago that my browser is managed by an organization and I searched for what that means and it said that my computer possibly has malware. I tried to open malwarebytes but it didn't open, then I installed Chameleon and whenever I try to run a quick scan, it automatically uninstalls itself. I actually tried Chameleon last year and it worked. I've also ran an antivirus aside from malware but it doesn't seem to detect it. I'm scared that this malware might affect my computer so much.

Please help! I've followed everything in here https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ and attached FRST.txt and Addition.txt

Addition.txt FRST.txt

Link to post
Share on other sites
Hello Keyenpeydee,

Continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "security tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Single click on the target sight above scanner window.
  • In the new window select Report
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Export to Txt" then attach the log to your reply...


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply...

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Does Avast work normally, update and scan ...? Its disallowed certificate was blocked from removal in FRST fix..

HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (Avast Antivirus/Software) <==== ATTENTION

HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA => could not remove, key could be protected

Link to post
Share on other sites

Try this please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

fixlist.txt

Link to post
Share on other sites

The certificate is still blocked from removal even though FRST did unlock the key... Can you run anothe scan with Malwarebytes and post its log...

Link to post
Share on other sites

Removal failed again......

Programs that are installed on your system require an allowed certificate to work, if for whatever reason any program has a disallowed certificate it will not work. Your system had several disallowed certificates in place to stop certain Security Programs from running, we removed all except for one allotted to Avast. It would seem that reg entry has permissions denying removal...

Are you comfortable working in the registry..? if you are you can open regedit then navigate to the following key

HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA

Then right click on the numerical key and select "Permissions" from there you need to take full ownership for the Admin account that you use...

A good description with images is at the following link:

https://www.groovypost.com/howto/take-full-permissions-control-edit-protected-registry-keys/

Link to post
Share on other sites

Hello I just followed the instructions with the link you sent, but it everything is in error. It says something like "unable to change owner" and "unable to add new permissions" 

What is causing this? 

Link to post
Share on other sites

Run the following and post the produced log...

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on 3 chimney icon (top right hand corner) and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.

Thanks...

Link to post
Share on other sites

Yes you are correct, I`ve just installed a new version to check. The only way to get the log as a text is to > Open Reports > select the report in question to highlight > select "Ctrl - A" keys together to highlight full report message > then "Ctrl - C" keys to copy to clipboard > then open notepad and select paste to copy the report there, then attach to reply....

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.