Jump to content

I require help, it might be over for me...


Go to solution Solved by Maurice Naggar,

Recommended Posts

So I have created this thread: 

And a person there told me to create this thread. Long story short: I can't install Malwarebytes for some ungodly reason, also I think I have serious problems with malware on my PC. By the way, when I tried to use this program FRST64, it actually CRASHED after a second or two but I could get it to work by clicking "Scan" fast enough, this tells me that there is something on my PC that hinders the work of all these antiviruses and stuff but who knows... Anyway I will attach all the files, please help me. Also sorry that my system isn't in English, hope this won't cause trouble.

 

FRST.txt Addition.txt

Link to post
Share on other sites

Hi,       :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.   

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
Please only just attach   all report files, etc  that I ask for as we go along.


***  Hold on a few minutes.   I did just see the MBST zip file on your other post.   stay tuned.    ***
   

Please know I help here as a volunteer.  and that I am not on 24 x 7.
Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.

Thank you,
Sincerely.

Edited by Maurice Naggar
made updated note
Link to post
Share on other sites

Thanks for the report files.  We are going to start out small, with this basic tool from Microsoft.

Later on we will address the proper installation of Malwarebytes for Windows.

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system. 
The download links & the how-to-run-the tool are at this link at Microsoft 
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

  
Let me know the result of this.
The log is named MSERT.log  
the log will be at  C:\Windows\debug\msert.log
Please attach that log with your reply.
 

Link to post
Share on other sites

Just a note to @Kek   I do look forward to your reply.  Do be aware that we have more work ahead to get rid of settings that bar all sorts of security apps from running.

I will cover that we you after I have your result from my prior post.

Sincerely.

Link to post
Share on other sites

Hi, sorry for the delay. I did the scan, here is the log. That said: I only did a fast scan (there was a choice between fast and full). Tell me if I need to do a full scan.

msert.log

Link to post
Share on other sites

Thanks for the Safety Scanner report.  The default scan will do.  We will do a follow up virus scan later on.   At this point, we do need to run the special anti-rootkit tool from Malwarebytes.   Then after that, a new run of the FRST report.

[    1     ]

This should take perhaps 15  or so minutes.

Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please.

Please download Malwarebytes Anti-Rootkit (MBAR) from this link here

and save it to your desktop.

Doubleclick on the MBAR file and allow it to run.

•Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

With some infections, you may see two messages boxes:

1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, press the Cleanup button when the scan completes. .

.

[    2    }      After that completes, go ahead and do this also.

Please also run a new fresh report with the FRSTENGLISH   report tool which is on the Downloads folder.

.

Right-click on FRSTENGLISH and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.


Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen.
Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & follow-up & choose Run anyway.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is checked    -        listed under Optional scan on the FRST screen
and click the box "90 day files "
Press Scan button and wait.


The tool will produce 2 logfiles on your desktop: FRST.txt , Addition.txt
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.

Also attach the log from the MBAR  you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
  
NOTE:  At that point, your security programs should be able to run.   Just remember, we do have to do more scans and checks on this machine.

Your persistence & patience is appreciated.

Edited by Maurice Naggar
Link to post
Share on other sites

First of all I wanted to say that after I used that Microsoft Safety Scanner, my PC performance has increased dramatically, which is just great! That said, I'm kind of terrified of the fact that I had 151 (!) malware that was found using Malwarebytes Anti-Rootkit, I even had Bitcoin Miner, how crazy is that. Anyway, thank you for your assistance, I attached the files and I shall await for further instructions.

mbar-log-2020-10-21 (22-38-16).txt FRST.txt Addition.txt

Link to post
Share on other sites

Thanks.  The MBAR cleanup is awesomely helpful.   The main gist is that it removed 57 registry entries that had prevented the use of security programs.  It also found and removed 29 files of various classifications.  Trojans and adware.

First thing,  make very sure that you have done one Windows Restart today.  If you have not done one after the run of MBAR,  Do one now !

.

The following custom script is to  do additional cleanups, to run the Windows System File Checker tool, the Windows DISM tool to check the system, and to rebuild the Winsock.

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

The system will be rebooted after the script has run.

.

This custom script is for KEK  only / for this machine only.

 
Close and save any open work files before starting this procedure.    If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

I am sending a    custom Fix script which is going to be used by the FRSTENGLISH  tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  Downloads  folder

The tool named FRSTENGLISH .exe   tool    is already on the Downloads
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRSTENGLISH   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it do its thing.  

Do let me know how things are overall,  after all this.    Just know that there is more to do after this, too.

Sincerely,

Maurice

Fixlist.txt

Link to post
Share on other sites

Wait, there IS actually something unusual now. Every time I turn on my PC after the fix procedure, there is a short screen asking me if I want to load Windows ten. It's doesn't really bother me because it goes away after a few seconds, but I wonder if there is a fix for that. 

Link to post
Share on other sites

Hi.  To your very last post, that is a screen that times out after 8 seconds.  Its there just in case, to allow a way to get to the options for selecting  the startup mode of Windows, in case normal mode is having non-start issues.  That is to say, a way to get to other start options in case of emergency.

You can see a bit more about that here https://forums.malwarebytes.com/topic/261912-general-notes-on-windows-recovery-media/?do=findComment&comment=1395375

I hope that is informative.

  • Like 1
Link to post
Share on other sites

Thank you for the Fixlog report. The cleanups have been done.  The Windows System File Checker ( SFC ) app was run &  

Windows Resource Protection found corrupted files and successfully  restored them.

.

Malwarebytes can detect and remove most malware with no further actions required for free.

Please download, install, update and do a Threat Scan with Malwarebytes and post back the log 

Also see  this on how to run a 'Threat scan'  https://support.malwarebytes.com/hc/en-us/articles/360038984773-Scan-types-in-Malwarebytes-for-Windows

  • Like 1
Link to post
Share on other sites

Good afternoon.  You have written to me 

Quote

I think that since I can finally get Malwarebytes to work, I can say that my problem has been fixed and that thread can be closed now.

Before we wrap up this case, Let me suggest that we run this check to see about the status of updates on some key applications.

SecurityCheck by glax24    

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.
Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe


and save the tool on the desktop.

If Windows's  SmartScreen block that with a message-window, then

Click on the MORE INFO spot and over-ride that and allow it to proceed.
This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt
 

Link to post
Share on other sites
  • Solution

Thank you for the Securitycheck report.  It shows a lot of applications that need your attention.

This machine has several very old versions of Java that need to be uninstalled. Windows does not need Java.  Uninstall all these old versions.

Only if you really have a application that really needs Java then make real sure to get the latest release from Oracle.

Java 8 Update 191 (64-bit) v.8.0.1910.12 Внимание! Скачать обновления
^Удалите старую версию и установите новую (jre-8u271-windows-x64.exe)^

JavaFX Scene Builder 1.0 (64-bit) v.1.0 

Java SE Development Kit 8 Update 181 (64-bit) v.8.0.1810.13

Java SE Development Kit 8 Update 191 (64-bit) v.8.0.1910.12 

JavaFX Scene Builder 2.0 v.2.0 
-------------------

Also Adobe Flash player

Adobe Flash Player 21 NPAPI v.21.0.0.197 Внимание! Скачать обновления
Adobe Flash Player 32 PPAPI v.32.0.0.192 Внимание! Скачать обновления
--------------------------

You should also look more on your copy of the SecurityCheck  and see all the notes about your other applications.

.

Cleaning up on the tools I had you use before:

To remove the FRSTENGLISH  tool & its work files, do this.  Go to your Downloads folder.  Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

 

Delete msert.exe

Delete mbar.exe

 

Any other download file I had you save, you may delete.

.

Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

 

Stay safe.  I wish you all the best.   😎

Sincerely,

Maurice

  • Like 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.