Jump to content
castrofdrc

MSAScuiL.exe in startup

Recommended Posts

Hi. I have the same problem as https://forums.malwarebytes.com/topic/258291-msascuilexe-in-startup-then-gone/

Today for the first time I saw MSAScuiL.exe on my startup, and when I went to right click it "open file location" was greyed out. In the registry editor it marks that it should be in "% ProgramFiles% \ Windows Defender \ MSASCuiL.exe", but I can't find the file in this folder.

Also, MSAScuiL.exe appeared on my startup, then disappeared and now reappeared.

I scanned with MWB and SuperAntiSpyware and they couldn't find anything.

Sorry for my english!

Share this post


Link to post
Share on other sites

Hi,      :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible. 
  
Please only just attach   all report files, etc  that I ask for as we go along.


I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.
Download Malwarebytes Support Tool
     

    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.6.1.784.exe  to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

Please know I help here as a volunteer.  and that I am not on 24 x 7.
Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.
Thank you,
Sincerely.

Share this post


Link to post
Share on other sites

Thank you for the report.  I notice that Avast antivirus ( apparently)  had been installed in the past.  But now it is not installed.  Yet, it seems there are leftover indicator of it supposedly in the Windows Security Center.

Do you recall when Avast was uninstalled ?   and by what means ?

 

The first thing to do is to get and run the Avastclear tool from Avast    https://www.avast.com/uninstall-utility

 

Be sure you do a Windows Restart after completing.

Once you have completed that,  please confirm here.   We will do more after that.

Share this post


Link to post
Share on other sites

Yes, I had Avast installed and about 1 month ago I uninstalled it using the uninstall utility, but I always find remnants.

I just uninstalled Avast again using the uninstall utility, this time in Windows Safe Mode.

Share this post


Link to post
Share on other sites

Thanks for the news.  OK.   Now, you need to put Windows back  ( RESTART )  into normal mode.

Next,

This custom script is for  Castrofdrc   only / for this machine only.
Close and save any open work files before starting this procedure. 

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  Downloads  folder

The tool named FRSTENGLISH.exe   tool    is already on the Downloads folder
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRSTENGLISH    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRSTENGLISH window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg
 
PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

 

Thereafter, provide me a overall status update on this system,  and specifically as far as Windows Defender.

Sincerely.

Fixlist.txt

Share this post


Link to post
Share on other sites

I have already done the process with FRSTENGLISH.exe. I attach the generated file.

Regarding the last thing you mentioned, should I diagnose the state of the system using the Performance and Resource Monitor and then send you the report? Excuse me for the ignorance.

Fixlog.txt

Share this post


Link to post
Share on other sites

Thank you for the Fixlog report.   The basic goal of that specific custom  fix has been done.

I do not believe that the situation on this machine involves any "infection".   But that this is more like a small glitch of some sort on this Windows configuration or "state" of the Windows Defender service.

Download   Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.

Right-Click on fss.exe and select Run As Admisnitrator.
 

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services

 
Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Attach  FSS.txt  with your reply.

Thank you for your patience.

 

Share this post


Link to post
Share on other sites

This custom script is for  Castrofdrc   only / for this machine only.

Thanks for the report.   I need for you to delete the file named FIXLIST.txt   that you saved before.

I have a new one for you.   So delete the previous copy of Fixlist.txt

 

Next,
Close and save any open work files before starting this procedure. 

I am sending a  new  custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  Downloads  folder

The tool named FRSTENGLISH.exe   tool    is already on the Downloads folder
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRSTENGLISH    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRSTENGLISH window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg
 
PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

 

Thereafter, provide me a overall status update on this system,  and specifically as far as Windows Defender.

Sincerely.

 

Fixlist.txt

Share this post


Link to post
Share on other sites

Thanks for the log.   Would you let me know,  How is the original situation regarding Windows startup &  the Windows Defender antivirus ?

Share this post


Link to post
Share on other sites

Hi.  Sorry I overlooked one thing.   So this is another custom adjustment to help out.

This custom script is for  Castrofdrc   only / for this machine only.

Thanks for the report.   I need for you to delete the file named FIXLIST.txt   that you saved before.

I have a new one for you.   So delete the previous copy of Fixlist.txt

 

Next,
Close and save any open work files before starting this procedure. 

I am sending a  new  custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  Downloads  folder

The tool named FRSTENGLISH.exe   tool    is already on the Downloads folder
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRSTENGLISH    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRSTENGLISH window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg
 
PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

 

[   2   ]

Now let me have you do a visual check on the Microsoft Windows Defender antivirus.

From the Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

image.png.53b8290f51fb52ad1f67f2be5d1a7198.png

 

Next, In Windows Security section:  Click on the grey button Open Windows Security

 

image.thumb.png.770ff10e37da546f33963da571bd3378.png

.

Now, click on the shield Virus and threat protection

By the way, when you see a green check-mark on your display, it means a good status  and that  protection is on.

 

 

 

image.thumb.png.d3c40d161bda6630f463e83ce53f9782.png

 On the next display,  look at all the options.   Look down the list and see "Check for Updates" which I have highlighted with a blue icon.

You can click on that to have the system check for updates for Windows Defender.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.  Click on Quick scan to check the system.

 

image.thumb.png.1bfbd5b3023eeabe0dbea2025a5fa556.png

Fixlist.txt

Share this post


Link to post
Share on other sites

Here I attach the Fixlog.txt file. Also a screenshot of Windows Defender scan result.

MSASCuiL.exe no longer appears at Windows startup and does not appear in Registry Editor, as you can see.

image.png

Captura de pantalla (20).png

Captura de pantalla (19).png

Fixlog.txt

Share this post


Link to post
Share on other sites

Bravo !   The Windows Defender scan did run.  and, it found no threats.    YAY !

The issue that started this case is no more.

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.

  • Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • and save the tool on the desktop.
  • If Windows's  SmartScreen block that with a message-window, then
  • Click on the MORE INFO spot and over-ride that and allow it to proceed.
  • This tool is safe.   Smartscreen is overly sensitive.
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

[    2     ]

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your reply.

 

Share this post


Link to post
Share on other sites

Here I send the reports.

I checked the SecurityCheck.txt report and noticed that it says Windows Defeder is disabled and Avast is enabled, but I uninstalled Avast a while back. Is rare.

Furthermore, the Microsoft Safety Scanner analysis indicated that viruses, spyware and other potentially unwanted software were found to be removed, as can be seen in the attached image.

image.png

SecurityCheck.txt msert.log

Share this post


Link to post
Share on other sites

The Safety Scanner  was only referring to one registry setting for the Windows Defender as anti-spyware security program.  It fixed that entry.

I would like you to do a new search to see if there may be any leftovers of Avast.

You have the FRSTENGLISH  tool on the Downloads folder.   We will use that to do a search.

Find then start FRSTENGLISH
Type the following ( better yet, use COPY  then Paste)   into the search box exactly as show then press the Search Files button 
 

SearchAll: avast


 
Please wait while the program searches for all entries relating to this program, when done a  search.txt    log will be saved to the desktop. Please attach this log to your next reply. 

Thanks for your patience.

Share this post


Link to post
Share on other sites

Thank you for the report.   Sadly, I see that Avast had left lots of traces behind.   It took me quite a lot to get this custom cleanup script.

This custom script is for  Castrofdrc   only / for this machine only.

I need for you to delete the file named FIXLIST.txt   that you saved before.

I have a new one for you.   So delete the previous copy of Fixlist.txt

 

Next,
Close and save any open work files before starting this procedure. 

I am sending a  new  custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  Downloads  folder

The tool named FRSTENGLISH.exe   tool    is already on the Downloads folder
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRSTENGLISH    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRSTENGLISH window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg
 
PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

Fixlist.txt

Share this post


Link to post
Share on other sites

OK.   How are things at this point ?

Share this post


Link to post
Share on other sites

I don't notice anything strange. MSASCuiL.exe did not appear anymore at startup.

I did a test with MWB and Windows Defender and they found nothing.

Take a look at SecurityCheck too, and noticed that Avast still appears as enabled and Windows as disabled. Is this normal?

Share this post


Link to post
Share on other sites

It is very odd  that after I had you run the Avast cleanup utility that Windows still seems to think that Avast may be available.

The bottom line is that that is not fatal  /  not a show-stopper / not harmful.

 

next, please do this custom cleanup.  Its intent is to remove & clean out any leftover trace of Avast

I would like you to do this irregardless of prior steps.   and as an additional measure.

 

I am attaching a ZIP file named DELFILE.zip

Save that to either the Downloads folder, or else, to the Desktop.

Next, extract 1 file from it.   The name of this file is DELFILE.bat

Once extracted, go to where it is extracted-to.

 

Next,  Using the mouse, do a RIGHT-click on DELFILE.bat  and select RUN AS Administrator

Reply YES to allow Windows to let it run.

[  if this script does   not  seem to start in a Command prompt ....then double-click on DELFILE.bat    ]

This command-script should run rather quickly. 

Let me know how things are after this.  

Cheers.

Delfile.zip

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.