Kek Posted October 20, 2020 ID:1415360 Share Posted October 20, 2020 So I have created this thread: And a person there told me to create this thread. Long story short: I can't install Malwarebytes for some ungodly reason, also I think I have serious problems with malware on my PC. By the way, when I tried to use this program FRST64, it actually CRASHED after a second or two but I could get it to work by clicking "Scan" fast enough, this tells me that there is something on my PC that hinders the work of all these antiviruses and stuff but who knows... Anyway I will attach all the files, please help me. Also sorry that my system isn't in English, hope this won't cause trouble. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 20, 2020 ID:1415363 Share Posted October 20, 2020 (edited) Hi, My name is Maurice. I will be helping and guiding you, going forward on this case. Let me know what first name you prefer to go by. Please follow my directions as we go along. Please do not do any changes on your own without first checking with me. Please only just attach all report files, etc that I ask for as we go along. *** Hold on a few minutes. I did just see the MBST zip file on your other post. stay tuned. *** Please know I help here as a volunteer. and that I am not on 24 x 7. Help on this forum is one to one. Again, please be sure to ONLY attach report files with your reply (s) as we go along. Do not do a copy / paste into main body. Thank you, Sincerely. Edited October 20, 2020 by Maurice Naggar made updated note Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 20, 2020 ID:1415369 Share Posted October 20, 2020 Thanks for the report files. We are going to start out small, with this basic tool from Microsoft. Later on we will address the proper installation of Malwarebytes for Windows. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Let me know the result of this. The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 20, 2020 ID:1415387 Share Posted October 20, 2020 Just a note to @Kek I do look forward to your reply. Do be aware that we have more work ahead to get rid of settings that bar all sorts of security apps from running. I will cover that we you after I have your result from my prior post. Sincerely. Link to post Share on other sites More sharing options...
Kek Posted October 20, 2020 Author ID:1415390 Share Posted October 20, 2020 Yeah, I'm sorry but I can't use my computer right now. I will reply with all the files etc in about 10 hours. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 20, 2020 ID:1415392 Share Posted October 20, 2020 That is allright. Just know that this machine is at risk due to the infection state. Link to post Share on other sites More sharing options...
Kek Posted October 21, 2020 Author ID:1415469 Share Posted October 21, 2020 Hi, sorry for the delay. I did the scan, here is the log. That said: I only did a fast scan (there was a choice between fast and full). Tell me if I need to do a full scan. msert.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 21, 2020 ID:1415553 Share Posted October 21, 2020 (edited) Thanks for the Safety Scanner report. The default scan will do. We will do a follow up virus scan later on. At this point, we do need to run the special anti-rootkit tool from Malwarebytes. Then after that, a new run of the FRST report. [ 1 ] This should take perhaps 15 or so minutes. Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please. Please download Malwarebytes Anti-Rootkit (MBAR) from this link here and save it to your desktop. Doubleclick on the MBAR file and allow it to run. •Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar. •mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open. •After reading the Introduction, click 'Next' if you agree. •On the Update Database screen, click on the 'Update' button. •Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button. With some infections, you may see two messages boxes: 1.'Could not load protection driver'. Click 'OK'. 2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. •If malware is found, press the Cleanup button when the scan completes. . . [ 2 } After that completes, go ahead and do this also. Please also run a new fresh report with the FRSTENGLISH report tool which is on the Downloads folder. . Right-click on FRSTENGLISH and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run. Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen. Click YES when prompted by Windows U A C prompt to allow it to run. Note: If you are prompted by Windows SmartScreen, click More info & follow-up & choose Run anyway. Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. Click Yes when the* disclaimer* appears in FRST. The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use. Make sure that Addition options is checked - listed under Optional scan on the FRST screen and click the box "90 day files " Press Scan button and wait. The tool will produce 2 logfiles on your desktop: FRST.txt , Addition.txt Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files. Please attach these 2 files to your next reply. Also attach the log from the MBAR you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply. NOTE: At that point, your security programs should be able to run. Just remember, we do have to do more scans and checks on this machine. Your persistence & patience is appreciated. Edited October 21, 2020 by Maurice Naggar Link to post Share on other sites More sharing options...
Kek Posted October 21, 2020 Author ID:1415581 Share Posted October 21, 2020 First of all I wanted to say that after I used that Microsoft Safety Scanner, my PC performance has increased dramatically, which is just great! That said, I'm kind of terrified of the fact that I had 151 (!) malware that was found using Malwarebytes Anti-Rootkit, I even had Bitcoin Miner, how crazy is that. Anyway, thank you for your assistance, I attached the files and I shall await for further instructions. mbar-log-2020-10-21 (22-38-16).txt FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 21, 2020 ID:1415600 Share Posted October 21, 2020 Thanks. The MBAR cleanup is awesomely helpful. The main gist is that it removed 57 registry entries that had prevented the use of security programs. It also found and removed 29 files of various classifications. Trojans and adware. First thing, make very sure that you have done one Windows Restart today. If you have not done one after the run of MBAR, Do one now ! . The following custom script is to do additional cleanups, to run the Windows System File Checker tool, the Windows DISM tool to check the system, and to rebuild the Winsock. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. The system will be rebooted after the script has run. . This custom script is for KEK only / for this machine only. Close and save any open work files before starting this procedure. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. I am sending a custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair. Please RIGHT-click the (attached file named) FIXLIST and select SAVE link AS and save it directly ( as is) to the Downloads folder The tool named FRSTENGLISH .exe tool is already on the Downloads Start the Windows Explorer and then, to the Downloads folder. RIGHT click on FRSTENGLISH and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. Do let me know how things are overall, after all this. Just know that there is more to do after this, too. Sincerely, Maurice Fixlist.txt Link to post Share on other sites More sharing options...
Kek Posted October 22, 2020 Author ID:1415711 Share Posted October 22, 2020 Finished. Nothing unusual except for a pretty long fix process (around 45-50 minutes). Here is the file. Fixlog.txt Link to post Share on other sites More sharing options...
Kek Posted October 22, 2020 Author ID:1415737 Share Posted October 22, 2020 Wait, there IS actually something unusual now. Every time I turn on my PC after the fix procedure, there is a short screen asking me if I want to load Windows ten. It's doesn't really bother me because it goes away after a few seconds, but I wonder if there is a fix for that. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 22, 2020 ID:1415802 Share Posted October 22, 2020 Hi. To your very last post, that is a screen that times out after 8 seconds. Its there just in case, to allow a way to get to the options for selecting the startup mode of Windows, in case normal mode is having non-start issues. That is to say, a way to get to other start options in case of emergency. You can see a bit more about that here https://forums.malwarebytes.com/topic/261912-general-notes-on-windows-recovery-media/?do=findComment&comment=1395375 I hope that is informative. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 22, 2020 ID:1415803 Share Posted October 22, 2020 Thank you for the Fixlog report. The cleanups have been done. The Windows System File Checker ( SFC ) app was run & Windows Resource Protection found corrupted files and successfully restored them. . Malwarebytes can detect and remove most malware with no further actions required for free. Please download, install, update and do a Threat Scan with Malwarebytes and post back the log Also see this on how to run a 'Threat scan' https://support.malwarebytes.com/hc/en-us/articles/360038984773-Scan-types-in-Malwarebytes-for-Windows 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 23, 2020 ID:1416085 Share Posted October 23, 2020 Good afternoon. You have written to me Quote I think that since I can finally get Malwarebytes to work, I can say that my problem has been fixed and that thread can be closed now. Before we wrap up this case, Let me suggest that we run this check to see about the status of updates on some key applications. SecurityCheck by glax24 I would like you to run a tool named SecurityCheck to inquire on the current-security-update status of some applications. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Link to post Share on other sites More sharing options...
Kek Posted October 24, 2020 Author ID:1416195 Share Posted October 24, 2020 Here is the file. It's in my system's language sadly. SecurityCheck.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted October 24, 2020 Solution ID:1416262 Share Posted October 24, 2020 Thank you for the Securitycheck report. It shows a lot of applications that need your attention. This machine has several very old versions of Java that need to be uninstalled. Windows does not need Java. Uninstall all these old versions. Only if you really have a application that really needs Java then make real sure to get the latest release from Oracle. Java 8 Update 191 (64-bit) v.8.0.1910.12 Внимание! Скачать обновления^Удалите старую версию и установите новую (jre-8u271-windows-x64.exe)^ JavaFX Scene Builder 1.0 (64-bit) v.1.0 Java SE Development Kit 8 Update 181 (64-bit) v.8.0.1810.13 Java SE Development Kit 8 Update 191 (64-bit) v.8.0.1910.12 JavaFX Scene Builder 2.0 v.2.0 ------------------- Also Adobe Flash player Adobe Flash Player 21 NPAPI v.21.0.0.197 Внимание! Скачать обновления Adobe Flash Player 32 PPAPI v.32.0.0.192 Внимание! Скачать обновления -------------------------- You should also look more on your copy of the SecurityCheck and see all the notes about your other applications. . Cleaning up on the tools I had you use before: To remove the FRSTENGLISH tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete msert.exe Delete mbar.exe Any other download file I had you save, you may delete. . Backup is your best friend. Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/ It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use. Best practices & malware prevention: Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources. First rule of internet safety: slow down & think before you "click". Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos). Free games & free programs are like "candy". We do not accept them from "strangers". Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing. Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program. Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next". Use a Standard user account rather than an administrator-rights account when "surfing" the web. See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet. Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. For other added tips, read "10 easy ways to prevent malware infection" Stay safe. I wish you all the best. 😎 Sincerely, Maurice 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 24, 2020 ID:1416263 Share Posted October 24, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts