Jump to content

Might be infected cant run malwarebytes


lordbodom

Recommended Posts

Lately Iv noticed my laptop slow down at points and iv been restarting more and more. Looking at the task manager i see disc usage and memory usage is high a lot. I tried to run malwarebytes to scan the system but getting this error "Explorer.exe The the item referred to by this shortcut cannot be accessed. You may not have the appropriate permissions.

I tried to uninstall malwarebytes and get this error" Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.".

I think i may be infected, any help is appreciated.Thank you.

Link to post
Share on other sites

  • Root Admin

Hello @lordbodom

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Link to post
Share on other sites

  • Root Admin

Please uninstall the following - go to Control Panel, Programs, Programs and Features

Bonjour
Java 8 Update 251

If  you really need Java then  make sure you keep it up to date at all times.

 

The logs show that you have Bitdefender items running, but it does not show that Bitdefender antivirus is installed. Was this part of some other application?

(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe

 

You also have the following policies set which is okay if  you set them but pretty rare, odd to see them for a home user.

HKU\S-1-5-21-3198212510-2490927848-912271126-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3198212510-2490927848-912271126-1001\...\Policies\Explorer\DisallowRun: [1] eav_trial_rus.exe
HKU\S-1-5-21-3198212510-2490927848-912271126-1001\...\Policies\Explorer\DisallowRun: [2] avast_free_antivirus_setup_online.exe
HKU\S-1-5-21-3198212510-2490927848-912271126-1001\...\Policies\Explorer\DisallowRun: [3] eis_trial_rus.exe
HKU\S-1-5-21-3198212510-2490927848-912271126-1001\...\Policies\Explorer\DisallowRun: [4] essf_trial_rus.exe
HKU\S-1-5-21-3198212510-2490927848-912271126-1001\...\Policies\Explorer\DisallowRun: [5] hitmanpro_x64.exe
HKU\S-1-5-21-3198212510-2490927848-912271126-1001\...\Policies\Explorer\DisallowRun: [6] ESETOnlineScanner_UKR.exe
HKU\S-1-5-21-3198212510-2490927848-912271126-1001\...\Policies\Explorer\DisallowRun: [7] ESETOnlineScanner_RUS.exe
HKU\S-1-5-21-3198212510-2490927848-912271126-1001\...\Policies\Explorer\DisallowRun: [8] HitmanPro.exe
HKU\S-1-5-21-3198212510-2490927848-912271126-1001\...\Policies\Explorer\DisallowRun: [9] 360TS_Setup_Mini.exe
HKU\S-1-5-21-3198212510-2490927848-912271126-1001\...\Policies\Explorer\DisallowRun: [10] Cezurity_Scanner_Pro_Free.exe
HKU\S-1-5-21-3198212510-2490927848-912271126-1001\...\Policies\Explorer\DisallowRun: [11] Cube.exe

 

What are these? Did you install or set them up?

Task: {547B2D8D-4AD9-4CD5-8862-677F91D37E1B} - System32\Tasks\Microsoft\Windows\Wininet\Taskhostw => C:\Programdata\RealtekHD\taskhostw.exe <==== ATTENTION
Task: {73C52C52-0EB8-41D0-BC77-A90A4AAAA1A9} - System32\Tasks\Microsoft\Windows\Wininet\Taskhost => C:\Programdata\RealtekHD\taskhostw.exe <==== ATTENTION

 

 

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

 

Link to post
Share on other sites

Quote

What are these? Did you install or set them up?

Task: {547B2D8D-4AD9-4CD5-8862-677F91D37E1B} - System32\Tasks\Microsoft\Windows\Wininet\Taskhostw => C:\Programdata\RealtekHD\taskhostw.exe <==== ATTENTION
Task: {73C52C52-0EB8-41D0-BC77-A90A4AAAA1A9} - System32\Tasks\Microsoft\Windows\Wininet\Taskhost => C:\Programdata\RealtekHD\taskhostw.exe <==== ATTENTION

Arn't these drivers audio drivers? I would have installed the realtek audio drivers but not sure if these are the same or something else?

  • Quote

    Click The blue “Save scan log” to save the log.

    So did the full scan and it found a few items. I did not see the option to save the log though? I did a reboot after the scan and tried malwarebytes and still the same issue. While the system tried to install eset full, it gave an error it couldnt install possibly due to virus. I remember avast not being able to install as well. Looks like i have something preventing me to run/install any virus software?

Link to post
Share on other sites

  • Root Admin

No, taskhostw.exe is valid, but not where it's being called from.

Okay, do the following and I'll probably need to manually do a clean up script for you.

 

Please run the following steps and post back the logs as an attachment when ready.
Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download.

 

Spoiler
 
 
 
 
Spoiler

When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users.

Example of Microsoft Edge blocking the download

image.png

image.png

image.png

 



STEP 01

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.

 

Thanks

Link to post
Share on other sites

Quote
  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.

Still unable to run malwarebytes. Same error as originally mentioned. unable to remove/install/run.
 

Quote

 

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

 

Ran and found some items and had it quarantined. I seem to not be having luck with logs though, window closed and i was unable to save the log :(.

Attached are the frst files. Thanks for your help.

 

 

Addition.txt FRST.txt

Link to post
Share on other sites

  • Root Admin

Thanks @lordbodom

Okay, I'm going to write a script to manually remove Malwarebytes as well as correct a few other issues.

Please go ahead and uninstall the following program from Control Panel, Programs, Programs and Features

Bonjour
Java 8 Update 251

 

What exactly is mDNSResponder.exe? (Bonjour)

https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/

MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL.  On a Mac or iOS device, this program is used for networking nearly everything.  On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows.  Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery.

What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?
https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/

 

 

 

Link to post
Share on other sites

  • Root Admin

Your Event Logs say there is an issue with your VSS service.

 

Please download and run the following  Volume Shadow Copy Service (VSS), Diagnostic Tool, from Acronis

Acronis VSS Doctor

Free tool for diagnosing and repairing Volume Shadow Copy Service issues. Download link on the bottom of the page.
Download - Acronis VSS Doctor

In many cases, it can correct the issues on its own. If not, then it will give details on what may be causing the issues. Please save the report in text format and post back that log on your next reply.


You can also try the tool from Macrium Reflect if the Acronis tool did not work.

Macrium Reflect Volume Shadow Copy Service (VSS) Repair Tool


Once you've run the repair tool you need to restart your computer.
Then check your Event Logs to see if the error was corrected. You can post new logs from FRST which will also show the Event Log entries 

If you don't have System Restore enabled then please take this time to enable it. If possible choose 10% of your C drive to store Restore Points.

System Restore disabled or greyed out? Turn On System Restore in Windows 10
 

Thank you

 

Link to post
Share on other sites

  • Root Admin

Let me have you run the following fix as well. It will remove a few left over elements of Malwarebytes as well as remove the policies telling certain security software not to run.

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

1. Removed bonjour and Java 8

2 . Attached the acronis log. But was not able to enable system restore. Getting the error" There was an unexpected error in the proeprty page. System restpre encountered an error. Please try to run System restore again. (0x81000203)"

3. attaching fixlog

AcronisVSSDoctorReport_2020-09-19-13-51-33.txt Fixlog.txt

Link to post
Share on other sites

  • Root Admin

Thank you for the logs @lordbodom

Please go ahead and download the following Malwarebytes Offline Installer and save to your computer.

https://downloads.malwarebytes.com/file/mb4_offline

Then go ahead and install Malwarebytes and see if you can run a normal Threat Scan and post back the log

 

Link to post
Share on other sites

  • Root Admin

Please press the Windows key and the R key to bring up the Run dialog box and then type in or copy paste and click the OK button.

SystemPropertiesAdvanced

image.png

Then click the Environment Variables button

image.png

Highlight the PATH variable in the lower "System variables" panel and click the Edit button

image.png

Make sure your path has the first 4 entries as shown below.

C:\Windows\system32
C:\Windows
C:\Windows\System32\Wbem
C:\Windows\System32\WindowsPowerShell\v1.0

 

image.png

You can use the Move Up and Move Down button to adjust

The rest of the other paths below that don't matter too much, just make sure the first 4 are set as shown.

In a DOS Command prompt you would see the following starting the line when you issue a SET command

PATH=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\; (the rest of the line doesn't matter too much)

Something like this from DOS

image.png

 

Once that's done, go ahead and restart the computer after that and see if you can install now or not and let me know.

 

 

 

Link to post
Share on other sites

  • Root Admin

Okay, please try changing the name of the C:\ drive  - Please do not choose any long names or special characters. Something very basic like OS

How to Rename a Drive in Windows 10
https://www.tenforums.com/tutorials/53156-change-drive-label-name-windows-10-a.html

Restart the computer one more time and try again

 

Link to post
Share on other sites

  • Root Admin

We can attempt to continue reviewing if you like @lordbodom or you may want to consider backing up your user created data. Then format the drive and reinstall Windows clean.

Let me know if you'd like to continue trying to work on the computer or not

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.