Jump to content

MSAScuiL.exe in startup


Recommended Posts

Be sure you do not overlook my preceding reply above  ^^^^^^

This is a separate request for clarification from you.   For the screen you supplied on the post

https://forums.malwarebytes.com/topic/260671-msascuilexe-in-startup/?do=findComment&comment=1388087

 

What program /  or applet is it that you are using there ?

I cannot tell.   Plus there is the issue of language.

Link to post
Share on other sites

  • Replies 76
  • Created
  • Last Reply

Top Posters In This Topic

I only asked  because I could not figure out what screen you have been looking at.   Now I know.

 

As to my reply that preceded this,  I want to make sure you have seen that & that you have done the procedure with the DELFILE

So ,  after you have done that, please confirm.

Link to post
Share on other sites

There is not much more I could do about Avast still showing "as enabled".   From the earlier set of custom scripts, plus the last with Delfile,  I have pretty much exhausted what I can think of.

We need to put that to the side.

OTL is another report tool.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

       Close as many opened programs as you can before starting, so you have a clear view all around.     

Be sure you SAVE the file first.   It's name is OTL.exe

 

Right click the OTL   icon and Run as Administrator  to start the report tool.

If prompted by Windows,  reply YES  to allow it to proceed.

 

       In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".

       Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.

       It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.

       Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!

       Exit OTL by clicking the X at top right.

 

Attach the report files  OTL.txt;  &  Extras.txt

 

 

 

Link to post
Share on other sites

Thank you very much for the OTL reports.

There are a few items that need removing, for which we will use the OTL.exe

Find OTL.exe   & do a RIGHT-click on it and select Run as Administrator

Reply YES to proceed if prompted by Windows.

 

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of  OTL


 

:OTL
O4:[b]64bit:[/b] - HKLM..\Run: [WindowsDefender] "%ProgramFiles%\Windows Defender\MSASCuiL.exe" 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
:files
net pause  WindowsDefender /c
net stop  WindowsDefender /c
sc delete WindowsDefender /c
WMIC SERVICE WHERE Name="Microsoft Defender Antivirus Service" CALL ChangeStartMode "Automatic" /c
WMIC SERVICE WHERE Name="Microsoft Defender Antivirus Service" CALL startservice /c
WMIC SERVICE WHERE Name="windefend" CALL ChangeStartMode "Automatic" /c
WMIC SERVICE WHERE Name="windefend" CALL startservice /c

 

  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
  • Please include the following in your next reply:

  • OTL Fix log

 

Hopefully, after all this,  you will not see a reference to a 'windowsdefender' service, since that is not the actual name of the real Microsoft Defender.

Nor should you see any reference to 'msascuil'   which has a typo  & does not belong there anyhow.

Further, hopefully after all this,  you should see that the Microsoft Defender Antivirus Service is on.

Link to post
Share on other sites

Thanks for doing the OTL run.   Thanks for the log from OTL.

Lets jump up & down & say Hurrah  that the Startup message is now gone away.     :bananas:          :guitar:     

The readout about the antispyware state of Windows Defender is not serious.

Find OTL.exe   & do a RIGHT-click on it and select Run as Administrator

Reply YES to proceed if prompted by Windows.

 

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of  OTL


 

:files
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender /v DisableAntiSpyware /f /reg:64 /c
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender /v DisableAntiSpyware /t REG_DWORD /d 0  /f /reg:64 /c
sc config winmgmt start= disabled /c
net stop winmgmt /y /c
Winmgmt /salvagerepository %windir%\System32\wbem /c
Winmgmt /resetrepository %windir%\System32\wbem /c
sc config winmgmt start= auto /c
net start winmgmt /c

 

 

  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
  • Please include the following in your next reply:

  • OTL Fix log
Link to post
Share on other sites

Thank you for that report.   All should be good with the Windows 10 Defender Antivirus.

You can use Windows Settings  to  see that visually.

From the Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

image.png.53b8290f51fb52ad1f67f2be5d1a7198.png

 

Once the screen is on Windows Security,   look at the section just under "Protection areas"   ( like in image just below).

You should see Virus & threat protection with a shield  and a green check-mark.

Next, In Windows Security section:  Click on the grey button Open Windows Security

 

image.thumb.png.770ff10e37da546f33963da571bd3378.png

.

Now, click on the shield Virus and threat protection

By the way, when you see a green check-mark on your display, it means a good status  and that  protection is on. 

 

image.thumb.png.d3c40d161bda6630f463e83ce53f9782.png

 

I believe this system is now in much better state, especially as far as the Windows Defender.

Link to post
Share on other sites

This is reply 2   of   2.    see the one above   ^^^^^

 

Here is another way to check on Security which is simpler.
Go to the Windows taskbar.
Look for the search box
type in

security and maintenance


and click on it

Look for the section   ( in blue ) Security
click on the down-arrow  to expand
then you will see a screen like this

 

image.thumb.png.b3681d6e0db2457ef89e6278ea4a19db.png

Link to post
Share on other sites

 

I am so very glad that the situation is fine.

You mentioned 

Quote

What caused the problem with MSASCuiL? Do I no longer have to worry about my computer being infected?

I honestly do not know what that was with the   MSASCuiL     I can only speculate / guess

Either someone was trying to manually set Windows Defender.....but they mis-typed things  plus used a odd name for the service.

In any event,  the line you had seen & that we removed was garbage.

 

But yes, you do not need to "worry".

But you may if you wish do a new Quick Scan with Windows Defender just to re-check.

 


The Windows defender can be run from  a elevated Command prompt.   

 

On the Windows taskbar ,  on the Windows search box,  type in

cmd.exe


and then look at the entire list of choices, and click on Run as Administrator.

 

It is best to  use COPY & Paste for the following.

At the Command prompt either type or copy/paste the following commands, tap  Enter-key after the command:

 

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1

then tap the Enter-key to get that going.

 

You will see this as initial on-screen display

Scan starting ...

 

Have patience during the run.   Wait for this display

Scan finished.

Then look for the bottom line result.   Jot that down for your records.

When all done, you can Close the command-prompt window.

[    2   \

You may run the Windows System File Checker tool just to check on integrity of some key parts of Windows.

On the Windows taskbar ,  on the Windows search box,  type in

cmd.exe


and then look at the entire list of choices, and click on Run as Administrator.

 

It is best to  use COPY & Paste for the following.

At the Command prompt either type or copy/paste the following commands, tap  Enter-key after the command:

sfc /scannow
Link to post
Share on other sites

Congratulations.    We can plan to wrap up this case soon.

There is one utility that you should check up on  & see if there is a newer release or security patch.

K-Lite Mega Codec Pack 6.2.0 v.6.2.0 Warning! Download Update

 

There is one other scan I would suggest, to check for adwares.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

 

Link to post
Share on other sites

You can leave them in Quarantine.   They are no longer a threat.

But yes, if you so desire,  you can permanently Delete all.

.

Now to do some cleanups of the tools I had you use.

Locate the OTL.exe

Start it.   Then look way at the top bar on OTL.   Look on the 2nd row of buttons  & on the right side, click on "Cleanup".

Let it do its cleanup procedure.

Next,

To remove the FRST tool & its work files, do this.  Go to your Downloads folder.  Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

.

Delete  mb-support-1.6.1.784.exe

Delete mbst-grab-results.zip   on the Desktop

Adwcleaner you may keep & run on-demand as needed to check on adwares.

Link to post
Share on other sites

On the keyboard, try these

press and hold the CTRL   ( control) key and then tap the ESC  ( escape) key

That ought to bring up the start menu options list

 

Then if you see that, click on the icon for Power off   & then select RESTART

 

Note,  you may also try tapping the Windows-logo key on keyboard and tapping the letter T for taskbar

Link to post
Share on other sites

Use a special keyboard set of keys

Press and hold the ALT key & then tap the F4 function key

That should trigger a Close options choice.   If it is the Windows one,  look at the options box  and select the Shutdown  >  RESTART.

 

If no luck,  then look for the machine Power on/off button  and then press is it to OFF

If this is a laptop machine, press the button & keep it down  until you can sense the disc  has stopped.

Then wait one minute.   Then power ON the machine  and have lots of patience  as it loads up.   Patience is key.

I think this is a temporary mysterious glitch   that can happen to any system / any Windows machine.

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.