Jump to content

How does Virus Disable MalwareBytes ?


Recommended Posts

My Computer infected with Virus

I was Running MBP

Computer slows way down tried to run MB.

MB Blocked from running. Web protection Unchecked.

Win 10 Security seems to be Blocked.

Tried to follow directions from Forum could not find Camilion app.

Very New at this how do I run suggested Programs ?

Should I try to Run them on Flash drive ?

Disconnected Computer from WiFI.

Computer  Dell XPS 8900.

Need Help to get Rid of Virus.

Fred

Link to post
Share on other sites

  • Replies 61
  • Created
  • Last Reply

Top Posters In This Topic

Hello    :welcome:

Please do NOT try to run "camilion"   ( chameleon) as that is a very ancient and now obsolete old tool.

 

I would appreciate  getting some key details from this machine.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.
Download Malwarebytes Support Tool
    
  
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.7.0.827.exe  to run the report

Once it starts, you will see a first screen with 2 buttons.  Click the one on the left marked "I don't have an open support ticket".

        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK.  Then Exit the tool.

    Please attach the ZIP file in your next reply.

Link to post
Share on other sites

Hi Maurice

Thanks for your Reply.

Before I start I have a Question.

Can I download the Scan Programs on another

Computer and load onto to Flash Drive ?

Or I have to DL them on the infected machine itself ?

I turned off the Internet on the Infected Computer

to Prevent it from stealing my Data.

FredZ

Link to post
Share on other sites

Be very sure that the USB-flash-thumb drive is clean.

Yes you may download on a clean pc.   Then take the USB to the problem-machine & then copy the tool (s) to the Desktop of that.

Yes you ought to copy the tools onto the problem pc.

Then run the tools.   I am looking to get the first report from you.

You may use the USB device to shuttle reports  & tools.

Link to post
Share on other sites

Me too,   I am also sorry.

I need you to be real careful.    I have to have you run the GATHER LOGS procedure.

Go to the folder where you saved the Support tool

Double-click mb-support-1.7.0.827.exe  to run the report

Once it starts, you will see a first screen with 2 buttons.  Click the one on the left marked "I don't have an open support ticket".

        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column       <<<    *****************       <<<<<<
    
    Click the Gather Logs button          <<<    *****************       <<<<<<
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK.  Then Exit the tool.

    Please attach the ZIP file in your next reply.

Link to post
Share on other sites

Change of plan because you had turned off the internet on the problem-pc.   Hold off on my preceding task request,

Just do this here.

Do the download on the good machine   & then take the USB & the program to the problem-pc.

Copy the saved file to that Desktop.   Then run it  like outlined on this pinned-topic

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

Link to post
Share on other sites

Thanks.    Now I am going to ask you to download a different tool on the good-working machine;   save it to the USB;

Rename it on the USB;   then take that to the  problem pc.


 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.   This run will not make any changes.

 

I would like to have you run a report tool known as FRST64. This has no personal information. It is a well-known & widely used &safe.
FRST will help provide me with a list of installed programs and other information about your computer that will help me see if there are any other problems that are not being detected. Please follow the steps below to run FRST.


1: Please download FRST64  from the link below and save it to your desktop:

"Download link for 64-Bit Version Windows"



Please wait and look toward the top or bottom of your browser for the option to Run or Save.
Click Save to save the file   to the USB device.

Next, use Windows File explorer to where that file is saved.   Right-click on FRST64.exe   and RENAME it to

gazork.exe

That is so   ( jut in case )  the executable file is not blocked by any infection   that may want to block its run.   Just like it blocks some security programs.

 

Now take the USB to the problem pc    and press and hold the ALT - key on the keyboard while doing this

and insert USB  into the USB-slot  of   problem pc.

Next, copy the gazork.exe  on to the DESKTOP  of the pc-with-the-probem.

 

Run report with gazork     ( the renamed FRST64 )

Right-click on gazork.exe     and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.
 

_Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._

Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
Press Scan button and wait.

 

 

image.png.5d47975010636d1d032768cefa8d6625.png




The tool will produce 2  logfiles on your desktop: FRST.txt , Addition.txt 
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.

Thank you.

Link to post
Share on other sites

Hi FredZ.   Help on this forum does not involve any "ticket".

Thanks for sending the FRST reports.   They show that Malwarebytes for Window is not currently installed.

I noticed you got Hitman pro on or about 14 August.   Did it report any infection ?

.

I had you run the Malwarebytes Anti-rootkit tool MBAR, which you ran Monday night, and it found no malware / no rootkit.

The FRST does not show a indicator that would prevent Malwarebytes from running, the next time you install it.   ( we will do that at a later time ).

 

What I would like to do is to run a custom script on the problem-pc  to do a bit of checking and to run a scan with the Microsoft Windows Defender antivirus.

Make sure that Windows is running now in normal mode.

You also need to turn back ON  the internet connection    ( which you had turned off  before).

[    2     ]

The system will be rebooted after the script has run.

.

This custom script is for  Fredz  only / for this  machine only.

 
Close and save any open work files before starting this procedure. 

I am sending a    custom Fix script which is going to be used by the FRST64  ( gazork )    tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the Desktop folder

The tool named  gazork.exe  is  on  the DESKTOP
Start the Windows Explorer and then, to gazork


RIGHT click on  gazork     and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it do its thing.

[   3    ]

Now do a new setup-install of Malwarebytes for Windows.

See this how to article    https://support.malwarebytes.com/hc/en-us/articles/360038479134-Download-and-install-Malwarebytes-for-Windows-v4

 

[    4   ]

Now do a Scan with Malwarebytes for Windows

Start Malwarebytes.   Click the Scan button.

Let me know how it goes.

 

Fixlist.txt

Link to post
Share on other sites

You need to connect to the internet so that the last procedure works properly.   Please do that.

and then right away,  follow and do all my last steps.

Technically, I did not see signs of a infection on your reports.

The sooner you do the custom script and setup the Malwarebytes for Windows, the better.

Link to post
Share on other sites

Hi Maurice

SORRY for the Delay. Been with MB Support NO Help.

BIG PROBLEM WITH FORUM SIGN IN

I am having a Big problem Signing in to the Forum.
When I try to sign in it Says my password is not correct.
Then it sends me A E Mail which says Enter a new PW.
I Enter A New Password then I am signed in.
Next time I try to sign in the same thing Happens.
This has happened Several times.
Should I just Keep resetting the P W ?
What am I doing Wrong ?

I followed your directions last Night. I think it worked.

I will attach Fixlog

FredZ

 

Fixlist.txt

Link to post
Share on other sites

This IS the forum.   The fact that you posted here means your login worked.   Sorry, but I am at a loss to understand what you had run into.

Now then,  you sent to me the wrong file name.   I am looking for the file named FIXLOG

assuming that you did finish the run like I had listed.

.

I had also made two other suggestions after the Fix run

see  https://forums.malwarebytes.com/topic/262914-how-does-virus-disable-malwarebytes/?do=findComment&comment=1402450

 

One other point,  what does this mean

Quote

Been with MB Support NO Help.

IF you have been working with the Malwarebytes internal Support team,  I will need to suspend the help here.

Link to post
Share on other sites

Hello

 Sorry for the Error

I went to Support to get Help with Form PW log in Problem.

They thought I needed help to Log into my MB account and 

The Reset my MB Account not Forum PW.

No Help.

Every time I try to log into Form I get Error Message 

saying my pass word is Wrong.

The only way I can Log in to the Forum is to my Reset on E Mail

The next time I try to use NEW PW same thing again. Repeat

several times.

Attached File

Fixlog.txt

Link to post
Share on other sites

  • Root Admin

Hello @FredZ

Yes, you do have a Helpdesk ticket 3160527

In chat the Agent gave  you help on how to reset Firefox. Or choose another browser. There is something wrong in how your browser is setup to handle cookies more than likely. It's possible you may also have some type of sticking key on the keyboard but my guess is you just need to reset your browser back to defaults.

@Maurice Naggar can continue to help you with that issue as well. It is not the forums that is causing this.

Thank you

 

Link to post
Share on other sites

Hello

 Sorry for the Error

I went to Support to get Help with Form PW log in Problem.

They thought I needed help to Log into my MB account and 

The Reset my MB Account not Forum PW.

No Help.

Every time I try to log into Form I get Error Message 

saying my pass word is Wrong.

The only way I can Log in to the Forum is to my Reset on E Mail

The next time I try to use NEW PW same thing again. Repeat

several times.

Attached File

Link to post
Share on other sites

Hello

I am Confused.  I thought this was two different Problems.

Is there a M B  Forum FAQ ? I could not find It. ?

I cleaned out all FireFox History No Fix.

Tried to Long in with Chrome   NO Fix

Not Clear what is Meant By Reset FF to Defautts.

Delete It and Reinstall or some thing Else?

I would like to finish up with the First Problem

before  starting a new one. Should  I  Just

cancel the ticket for now ?

Thanks for your Help and Patients with me.

FredZ

Link to post
Share on other sites

Hello Fred.

Please have patience.  Also, understand I am a volunteer.   That I am not online all the time.

You should say which web browser it is that you used when you went to the forum.   Maybe you should try using a different web browser.

Your machine runs on Windows 10.  So it has the EDGE browser ,  as well as Google Chrome, and the Mozilla Firefox.

.

You have managed to make several posts to this forum with success.

I did see the Fixlog report.  Thanks for that.

I have 2 questions:

Did you do a new setup of Malwarebytes for Windows like I suggested ?

Did you do a Scan with  Malwarebytes for Windows like I suggested ?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.