Minus_MB Posted September 9, 2020 ID:1406674 Share Posted September 9, 2020 Hi everybody, Per this thread, my MBAM can't seem to install or update over the internet, and we don't know why. The malwarebytes support tool also apparently can't zip up its own reports, which is weird, and makes troubleshooting difficult. I ran the FRST tool manually. As soon as it opened, it gave me an error about not being able to update, but the scan seems to have run fine anyway. My logs and error screenshots are attached. We can't tell if there's an infection, but appreciate your help in figuring out what's wrong here. Thanks in advance. FRST.txt Addition.txt ThreatScan.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 9, 2020 ID:1406712 Share Posted September 9, 2020 Hi, My name is Maurice. I will be helping and guiding you, going forward on this case. Let me know what first name you prefer to go by. Please follow my directions as we go along. Please do not do any changes on your own without first checking with me. Please only just attach all report files, etc that I ask for as we go along. Thanks for the reports you provided. We are going to go slow & methodical. These are are just first steps. [ 1 ] The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Let me know the result of this. The log is named MSERT.log the log will be at %SYSTEMROOT%\debug\msert.log which in most cases is C:\Windows\debug\msert.log Please attach that log with your reply. [ 2 ] This OS is a Windows 7 SP1 which is no longer in support at Microsoft. Have you considered to upgrade to Windows 10 which is supported & more up-to-date with latest security. . I just would like you to do one run with the windows System File Checker applet. This procedure will use the Windows System File Checker tool ( SFC ). Open an elevated command prompt window i.e. run Command Prompt as an administrator . See this guide https://www.sevenforums.com/tutorials/783-elevated-command-prompt.html It is best to use the Windows Copy ( CTRL+ C ) and paste ( CTRL+V ) for the whole line, as-is On that command prompt, Copy & Paste this command sfc /scannow and tap Enter. Have patience. I would like to know the message lines at the very end, after it has finished. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 9, 2020 ID:1406717 Share Posted September 9, 2020 Just an information remark. Re-reading from the last Scan report from Malwarebytes, it does seem to be very much Current Version: 4.2.0.82 Components Version: 1.0.1036 Update Package Version: 1.0.29623 It definitely has the latest release Version & Component & even the latest definitions, as well. . Do be aware that there is some cleanups to be done ( later on this machine). It has some traces of the Microsoft Security Essentials, some traces of Avast, 2 old versions of Java. Link to post Share on other sites More sharing options...
Minus_MB Posted September 10, 2020 Author ID:1406831 Share Posted September 10, 2020 We were able to update to the latest MB version with an offline install, but we want to make sure future updates will work. Anyway, the SFC scan "did not find any integrity violations", but the Safety Scanner found and removed Trojan:Win32/CryptInject. Afterwards I noticed that MB could download and install updates, so it looks like we solved it? Thanks Maurice, you're the best. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 10, 2020 ID:1406866 Share Posted September 10, 2020 Thanks for the info. There are some leftover traces, some as tasks, of Microsoft Security Essentials and Avast that need cleanup action. Oftentimes, when a antivirus app is uninstalled, it still leaves traces behind. Here there are 2 such leftovers, by Avast & MSE. Such things make unwanted complications. I am relaying a custom script to do that. The script will run in conjunction wit the FRST tool. It will not take a lot of time. The system will be rebooted after the script has run. . This custom script is for Minus_MB only / for this machine only. Close and save any open work files before starting this procedure. I am sending a custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair. Please RIGHT-click the (attached file named) FIXLIST and select SAVE link AS and save it directly ( as is) to the Downloads folder The tool named FRST64 .exe tool is already on the Downloads Start the Windows Explorer and then, to Downloads folder RIGHT click on FRST64 and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity . Please stick with me. There are 2 obsolete insecure versions of Java on this pc that need to be uninstalled : Java 8 Update 121 & Java SE Development Kit 8 Update 121 IF there is some 3rd-party app that must require Java, then see this article about getting the most recent release https://securitygarden.blogspot.com/2020/07/oracle-java-se-jre-security-updates.html . It looks to me, also, that the version of Adobe Flash is out of date. See https://securitygarden.blogspot.com/2020/09/adobe-released-version-32.html It appears that Adobe Reader also is outdated. Please check this article on how to update to latest security version https://securitygarden.blogspot.com/2020/08/adobe-acrobat-dc-and-reader-dc-security.html Keep me advised on overall situation. On a later pass, I will guide you on cleaning up after the tools we used here. Sincerely. Fixlist.txt Link to post Share on other sites More sharing options...
Minus_MB Posted September 10, 2020 Author ID:1406924 Share Posted September 10, 2020 This is done. File attached. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 11, 2020 ID:1407105 Share Posted September 11, 2020 Good afternoon. Thanks for the log report. That is a good run. You did well. How is the Malwarebytes for Windows program today ? Are you needing other help ? Link to post Share on other sites More sharing options...
Minus_MB Posted September 11, 2020 Author ID:1407146 Share Posted September 11, 2020 I think everything's fine now. MB seems to behave normally when updating. Is there anything else to be done regarding cleanup? Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted September 11, 2020 Solution ID:1407153 Share Posted September 11, 2020 Your pc is good to go. These are to cleanup after the tools we used. Delete msert.exe Delete mb-support-1.7.0.827.exe To remove the FRST tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup proceed. Delete FRSTENGLISH.exe on the Downloads folder. Any other file that I had you download, you may delete. As far as the Windows operating system, you should consider getting a free upgrade from Microsoft for Windows 10. The way to do that is outlined at Tenforums https://www.tenforums.com/tutorials/139745-upgrade-windows-10-windows-7-free.html I wish you all the best. Sincerely. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 11, 2020 ID:1407154 Share Posted September 11, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts