Jump to content

Looking for a clean bill of health


Recommended Posts

I had posted in another forum ( https://forums.malwarebytes.com/topic/261566-malwarebytes-removal-confirmation/ ) asking for help in making sure Malwarebytes was off of my system.  Why I needed to do that is explained in the other post.

Anyway, a reply there asked me to post here first to confirm I didn't have any infection on my system.

I've followed the instructions here ( https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ ) to create the necessary files.  The FRST and Additions files are attached.  Please note that I did not include a Malwarebytes log file because I uninstalled it yesterday due to constant blue screening.  I know this doesn't give you much info, but I can tell you that prior to uninstalling Malwarebytes, I had it set to run a scan everyday.  And the daily scan that was run prior to uninstalling did not find any threats. 

Please also note that since uninstalling Malwarebytes, I did run some clean up utilities (ccleaner, Windows Disc Cleaner) trying to troubleshoot my issue.  I mention this in case you ask for some logs that might still be on my system since uninstalling the software.

 

Addition.txt FRST.txt

Link to post
Share on other sites

Hi,     :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Let me know what first name you prefer to go by.

 

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

Please only just attach   all report files, etc  that I ask for as we go along.

Please know I help here as a volunteer.  and that I am not on 24 x 7.

Help on this forum is one to one.  

I understand that the main issue was Stop code aborts ( bsod ) of Windows,   In this case Windows 10 build 2004.

You also said

Quote

So I uninstalled Malwarebytes.  I also used the Malwarebytes Support tool to clean it from my system.

Did you do a manual / normal uninstall thru Settings module of Windows ?

and then, did you also run the Support tool for a uninstall ?

 

My first question  ( since I would like to get all possible history and logs of Malwarebytes ) is,  where is the Support tool now ?

Where did you save it ?

 

The Malwarebytes program  & its services are not running on this system at this point.   But there are some leftover elements, like one setting for Windows Security Center.

.

There is ( at least on initial look-see of the reports) a obvious BSOD clue.

But, Windows Defender appears to have a few issues of potentially harmful threats, like

PUA:Win32/FusionCore ,  PUA:Win32/CandyOpen

 

I will guide you on doing some scans with Windows Defender.  I will also guide you on other issues as well, that relate to Malwarebytes app, potential malware,  and a few checks on Windows 10.

Patience throughout all this is key.  So is detail and clarity.

One more question:  Do you have a Premium license for Malwarebytes ?  How long was the program installed ?

Do you recall the Version number ?   when it was first installed ?

Some of this I would very much like to collect, s long as you can find where you saved the Support tool file mb-support-1.6.2.802.exe

 

BTW, please do not run any more "cleanup" tools on your own.  and lets be sure that CCleaner is not set as a automated task.

Yup, it is.

Task: {5A3A7855-E5FE-41FA-9E1A-3C92C7DED7D2} - System32\Tasks\CCleanerSkipUAC => D:\Dropbox\Computer Related\Programs\CCleaner\CCleaner.exe [24584376 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)

 

I wonder if you can just take a minute or so.  Look at the Task Scheduler  & remove CCleaner task (s).

In the taskbar Windows search box, type in

task scheduler

then when you see the result display, click on the one marked as app for "Task Scheduler"

Look under Active Tasks

 

 

 

 

 

Edited by Maurice Naggar
correct typo
Link to post
Share on other sites

P.S.   As we go along, and you do downloads of tools, etc  that I guide you on....Please be very sure to first SAVE to the downloads folder   [  or else, to the Desktop].  Downloads need to be saved to disc first.

It turns out the FRST64 was just only in the Chrome browser cache.   We are likely to need to use that tool later on.

Link to post
Share on other sites

Hi Maurice,

Thanks so much for the reply.  My name is Mike.

Re uninstalling Malwarebytes: I initially used the Support tool.  It went through its steps and reinstalled Malwarebytes after rebooting.  My bsod persisted, so I tried to manually uninstall at that point from Windows Control Panel (not the Setting app) in Safe Mode.  The uninstall seemed to hang at some point during the process (though Windows itself wasn't hung).  So I gave it some time to possibly finish in the background, and then rebooted into normal mode.  Malwarebytes did not load automatically like it used to (and my bsod's stopped).  Though the Start Menu icon for it was still there.  At this point, I ran the Support tool again and chose the option that I think is labeled "Clean Up," and chose not to reinstall when that was done.

When I had downloaded the Support tool, I saved it just in my Chrome cache.  But I just re-downloaded it now and saved it somewhere more accessible.

I also noticed the two "threats" that Windows Defender flagged:
PUA:Win32/FusionCore ,  PUA:Win32/CandyOpen

I don't believe these are actually installed on my system.  Rather, Windows Defender is flagging setup files for two programs I use once in a while.  These two programs are not currently installed on my system.  The files are simply the install files if I wish to install them.  Though if you would prefer I remove them, I would have no problem doing so.  Let me know.

I do have a premium license for Malwarebytes.  It was a two year license and is set to expire next month actually.  However, I had a license previous to that as well.  On the computer in quesiton, Malwarebytes has been installed since I first got the laptop--about two and a half years ago.

As for the version number: I do recall last week installing v4.1.2.  What the numbers for the other components were, I don't remember.  But I had it set to automatically update (not to beta versions though).  And I would also manually update every so often as well.

Re ccleaner: I've disabled the task you pointed out.  (Though I don't believe that was actually running ccleaner to clean.)  I also had some other tasks there that I manually created, which I've disabled.  (These were under the Task Scheduler folder named "Mike Tasks."  In one of them, I actually called ccleaner from a batch file to clean.  But, as I said, that is now disabled as well.)

I also just saved the FRST64 to the same folder I had saved the Support tool.
 

Link to post
Share on other sites

Hi Mike.   Thanks.  So you have now saved the Support tool somewhere distinct.  I would like to Gather logs using it.

Use File Explorer to go to that folder.

Double-click mb-support-1.6.2.802.exe  to run the report

 

Once it starts, you will see a first screen with 2 buttons.  Click the one on the left marked "I don't have an open support ticket".


        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next

Now click the left-hand side pane "I do not have an open support ticket"


    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.


    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK.  Then Exit the tool.


    Please attach the ZIP file in your next reply.

Link to post
Share on other sites

Thanks, Mike.

Oddly enough, I cannot determine just exactly where the tool FRST64.exe  is saved to.   I will need for you to find it.

It seems to be at C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Cache

 

I have a custom script that needs the use of FRST64.   and it needs to be Saved to the same location-folder as where FRST64 is.

This custom script is for  Digger78  only / for this machine only.

This script will remove 2 leftover Malwarebytes folders; run the Windows System File Checker tool;  and run Windows' DISM tool to check the health of the system.


Close and save any open work files before starting this procedure. 

I am sending a  new  custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  same location-folder  as the FRST64


Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRST64    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST64 window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg
 
PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
This run should finish without the need for a Restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

Thanks for your patience.

Fixlist.txt

Link to post
Share on other sites

I have the FRST64.exe saved in D:\Downloads\mwb.  Perhaps because I have my Downloads folder on a second drive, it wasn't appearing in the previous log?  I don't know.

Anyway, I ran it (with the Fixlist.txt) as you explained.  No reboot was required.

Attached is the Fixlog.txt.

 

 

Fixlog.txt

Link to post
Share on other sites

ah, hah.  D drive.   ok.

The script has removed the 2 Malwarebytes folders that were left.   At this point, there is no Malwarebytes on this rig.

Though I would very much like you to consider a new install, followed immediately by getting the latest Beta.  I expect this pc will do well with that.

 

The System File Checker found no issue on this Windows.   Lets see if I can get you to run a couple of things with Windows Defender.

Start a Elevated Powershell command prompt-window.

On the Windows taskbar, on the Search box, type in

powershell

Wait and look for the results list.  Click on the line that shows Powershell with "Run as Administrator".

Then you will see the Powershell window.

Into that, we want to Copy & Paste

Start-MpScan

tap Enter-key to proceed.   This should run a scan with Windows defender.

 

Next, Copy & Paste

remove-mpthreat

tap Enter key.

Let me know what the results were.  You may close the Powershell window after all is done.

NEXT:

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

The log is named MSERT.log 

the log will be at  C:\Windows\debug\msert.log

Please attach that log with your reply.

 

Link to post
Share on other sites

When you say you'd like me to consider a new install, do you mean a new *Windows* install?  I was considering that as well, though as a last resort.

Here are the results from the other scans...

For both powershell commands, no message displayed afterward.  Though the first one did have a progress bar while it ran.

As for the Microsoft Safety Scanner, I chose the Full Scan option, which is why it took so long to run.  Log file is attached.

msert.log

Link to post
Share on other sites

Hi.  No, I meant to do a new setup of Malwarebytes for Windows and then get it updated to the Beta.

Glad to read that the powershell runs with Windows defender  were un-eventful.

The Safety Scanner result is excellent.

No infection found as part of the extended scan

Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Thu Jul 09 20:44:45 2020

Link to post
Share on other sites

I was almost hoping something would be found.  It's a bit disappointing, because my system is still so slow and sluggish compared to before this issue started yesterday morning.  

I'll try re-installing Malwarebytes and updating to the beta quickly, as you suggest.  I hope the bsod's don't return, because uninstalling Malwarebytes was the only way I could stop them yesterday.

We'll see what happens.  If the beta doesn't improve anything, unless you have any other suggestions, I'm thinking my only option is to just reinstall Windows.

Thanks for all your help, btw.  I know you are a volunteer, so it is doubly appreicated. 🙂
 

Link to post
Share on other sites

You should not be needing to re-install Windows.

and if ever you get a STOP code abort  ( bsod) be real sure to write down the STOP code from the bottom of the screen  and  tell me just what you may have been "using"  ( as far as any application)  at the moment of the "crash".

NOTE:  slow systems can be due to a number of different sources.   ( like for example perhaps, way low on free disc space).

Or, you may want to do a review of all of the auto-started / auto-loaded startup applications and add-ons.

added NOTE:  If you ever need to get into Safe mode or Safe mode with Networking, in Windows, just tap the F8 function key when you see the startup black screen showing "Windows 10"  when the machine is started up.  In either of those modes, you can make adjustments as to what programs get auto-started.

I mean a screen like this

Enable or Disable F8 Advanced Boot Options in Windows 10-f8_windows_boot_manager.png

 

after you tap F8  you would see a screen like this  ( with a list of advanced Start options)

Enable or Disable F8 Advanced Boot Options in Windows 10-advanced_startup_settings.jpg

Link to post
Share on other sites

Hi, Mike.

There are a couple of things we can do as follow-up, regarding what you mentioned before about the system being sluggish.

One is a custom one time script run.  The other is a run with the Malwarebytes ADWCEANER to look for adwares.

[   1    ]

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

.

Please delete the prior saved file named FIXLIST.txt

 

I have a custom script that needs the use of FRST64.   and it needs to be Saved to the same location-folder as where FRST64 is. D:\Downloads\mwb

This custom script is for  Digger78  only / for this machine only.


Close and save any open work files before starting this procedure. 

I am sending a  new  custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  same location-folder  as the FRST64


Start the Windows Explorer and then, to the D:\Downloads\mwb folder.


RIGHT click on  FRST64    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST64 window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg
 
PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
This run should finish without the need for a Restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

[  NEXT  ....   # 2  ]

This is to check for adwares.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Log

Also attach the FIXLOG.txt with your  reply.

Keep me advised.   Sincerely,

Fixlist.txt

Edited by Maurice Naggar
Link to post
Share on other sites

Hi Maurice--

Thanks again for the reply.  After reinstalling Malwarebytes last night, my system again started blue screening.  I couldn't even get the beta version installed.  I'm also not able to get into safe mode for whatever reason--F8 is not working.  (It was working only sometimes when this issue first started, and now it's not working at all.)  And I can't even get into normal mode long enough to go into Settings/Advanced Startup.

I am just going to reinstall Windows.  I'm confident that will get whatever is causing my issue off of my system.  If the slow/sluggish issue still exists after that, I think I can assume it is a hardware issue, and it was just coincidence that Malwarebytes caused the device to blue screen.

Thanks again for all your help.  

 

Link to post
Share on other sites

FYI-- I've reinstalled Windows, and things are flying as usual.  No slow/sluggish issues.  

Granted, I still have to go through my programs and make all my settings how I want.  

And I haven't reinstalled Malwarebytes yet.  I'm still considering whether I will install it again.  But my speed is back, so I'm happy now.  This ticket can be closed.

btw, even though I ended up having to reinstall Windows anyway, I do appreicate your help.  Do you have an account I can send you some beer money to?

Link to post
Share on other sites

I regret the recent trouble you encountered.  Do yourself a huge favor and insure that the function-key F8 is enabled for when the machine is at the vry cusp of loading up (starting up ) Windows.

Use the guide at Tenforums / use the Option One , step 3

https://www.tenforums.com/tutorials/22455-enable-disable-f8-advanced-boot-options-windows-10-a.html

 

And also make a USB with the Microsoft Media Creation tool    that can be used in a severe pinch, (such as the one you had had)  to boot up the system into any one of several special modes

Look at Option One on this article

https://www.tenforums.com/tutorials/2376-create-bootable-usb-flash-drive-install-windows-10-a.html

 

Backup your system to offline storage media  ( like a large USB removable drive)

Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

 

I am happy to have been of some help to you.   My help here is voluntary and free.

Since your system is now freshly re-installed and you seem to be set to go, I will close out this case.

Before I do that, a few other tips so that your web browsers are beefed up / made a bit more safe.

 

   

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.  

Scroll down to the tips section "How do I disable them".  

 

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome.  

To get & install the Malwarebytes Browser Guard extension for Chrome,  

   

Open this link in your Chrome   browser:  

   

Then proceed with the setup.  

  

. 

If the pc has Mozilla Firefox, to get & install the Malwarebytes Browser Guard  Firefox extension.  

Open this link in your Firefox browser:     

Then proceed with the setup.  

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down. 

 

I do wish you all the best.   Stay safe.

Sincerely,

Maurice

Edited by Maurice Naggar
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.