Jump to content

could not connect to internet


Recommended Posts

  • Replies 85
  • Created
  • Last Reply

Top Posters In This Topic

Greetings,

Does changing servers help at all?  We've seen some cases where changing servers allowed the VPN to connect, then you should be able to switch back to your preferred server and have it work.

If that doesn't fix the issue, if you are using Malwarebytes Premium in addition to Malwarebytes Privacy, please open Malwarebytes Premium and navigate to settings by clicking the small gear in the upper right, then select the Security tab and scroll down to Exploit Protection and click the Advanced settings button, then click the Restore Defaults button and restart the system and test to see if the VPN is now able to connect or not.

If the problem still persists please try uninstalling Malwarebytes Privacy, then restart your system and reinstall the latest version and test to see if it now works or not.

Please let us know how it goes.

Thanks

Link to post
Share on other sites

By the way, I just noticed these entries in your logs which indicate that Malwarebytes' licensing servers are being blocked.  This may be impacting Malwarebytes Privacy's ability to get online as well:

Hosts File Blocks
==================================
Host data:    # 0.0.0.0    keystone.mwbsys.com
Host data:    # 0.0.0.0                   telemetry.malwarebytes.com

Removing the entries and restarting the system should correct it if this is the cause of the problem.  If you need instructions, details on resetting the HOSTS file can be found in this Microsoft support article.

Link to post
Share on other sites

exile360,  Yes I tried other servers and the same thing happens.  If to look at the hosts file blocks that you state, the lines are commented out and are not part of Malwarebytes installation.  If I un-comment them out, Malwarebytes itself will remove those lines.  I will reboot when I can and if that doesn't fix the problem, I will remove and reload MB Privacy.  I will post the outcome.  Remember this started after I installed the latest update.

I have a second desktop that also runs MB Privacy.  It was running version 2.0.2.443.  tested it and it assigned to the server correctly.  I then loaded the up (2.1.0.448) and guess what, during the install I got a message from Windows saying the "driver" was unsigned and did I want to continue.  Knowing the source of the update I accepted and let it continue.  After it loaded, it failed to connect.  Rebooted that system and tried again, it still fails.  Attached is that system results.

mbst-grab-results.zip

Link to post
Share on other sites

You have User Account Control disabled; please re-enable it, set it to its default, then restart the system and try uninstalling and reinstalling Malwarebytes Privacy and hopefully that will correct the driver issue (it's digitally signed so it shouldn't have shown that error message).  Also, is the system fully up to date with Windows Updates?  Microsoft has released some updates that affect security certificates, so please ensure that Windows is fully patched to see if that has any impact on the issue.

In the meantime I will also be reporting this issue to the Product team in case there is anything they can look into on their end.

Thanks

Link to post
Share on other sites

I'm not aware of any links from Malwarebytes to download previous builds unfortunately, but if toggling UAC doesn't help, please follow the instructions in this topic, skipping any steps you are unable to complete, then create a new topic in our malware removal area by clicking here and I will request one of our specialists to take a look and guide you in more advanced diagnostics and repairs which will hopefully lead to a resolution of the issue.  Post back here to let me know once you've done so and I will ping one of our malware removal specialists to take a look.

Thanks

Link to post
Share on other sites

Now it gets a little strange.  I set the UAC back on the second system (it didn't ask for a reboot to set it) to the default setting.  I deleted Privacy and the tunnel software from "Programs and Features".  I then re-installed Privacy/  After the install I had to reinstall the activation code.  So now the second system works.  Did you know you can't install Malwarebytes (anti-virus) while the VPN is on?  Anyway, I tried the same on the first system and it didn't work.  I set the UAC to default (had to reboot) deleted the same as before; rebooted (I didn't remove anti-virus pgm) and then reloaded and rebooted again.  No joy.  Removed Privacy again and tried to remove from Program Files folder the Privacy entry from the sub-folder Malwarebytes.  I couldn't even tho I am an administrator.  UAC didn't help.  The tunnel software (looks like drive info) is still there and I can't remove it.  I will note that the Microsoft nag about not being signed wasn't there after the first time I got it from the update.

Link to post
Share on other sites

Try disabling the kill switch function in Malwarebytes Privacy before uninstalling it (the kill switch option is located under Privacy's advanced settings as described in this support article), then open Malwarebytes Premium (the AV) and go to settings by clicking the small gear icon in the upper right, then select the Security tab and click the Advanced link under the Windows startup section and toggle the Enable self-protection module option to the OFF position, click Yes if prompted by UAC, then try removing Privacy again to see if you are now able to delete it (self-protection might have been guarding it, preventing you from removing the folder manually).

If you still can't uninstall it, try using the Malwarebytes Support Tool to do so; I suggest having UAC enabled when you attempt this so that it has the appropriate permissions to perform its tasks:

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes and Malwarebytes Privacy and re-activate using your license keys

If you run into any issues getting either software to reactivate, access your account at My.Malwarebytes.com (if you haven't created an account there yet, please do so by following the instructions in this support article, making sure to use the same email address you used when you originally purchased your licenses as this should allow it to automatically pull up your license info), then use the option to deactivate one or more of your previous installations/devices so that you may reactivate it on your current installation.  Instructions on deactivating can be found in this support article if needed.

Hopefully that will get it up and running again, then you should be able to deactivate UAC again (though we do recommend against it for security and compatibility reasons, as it helps prevent threats from automatically gaining admin level access to your device and helps with compatibility for most modern software apps since they are developed with UAC compatibility in mind).

Please let us know how it goes and if the problem still persists.

Thanks

Link to post
Share on other sites

Well, now the second system isn't connecting again.  After it connected the first time, I turned it off and a little while later tried to turn it back on.  I tried different servers and still it won't connect.  Fubar is still running on the first system and I will post that as soon as it is done scanning.

Link to post
Share on other sites

Well that's unfortunate; whatever is causing the issues might be different between the two systems, but hopefully we will get it figured out.

In the meantime you could also try removing or disabling some of the other network related apps on the system to see if it's one of their services or drivers conflicting and causing issues.  Your logs show that you have TeamViewer, FileZilla, DivXMediaServer, as well as Bonjour installed.  I'd suggest trying to remove each one at a time, then restarting the system and testing to see if your connectivity with Privacy comes back online, or you can wait to troubleshoot the issue with the specialist in the malware removal area and they'll guide you on the next steps to try and fix it.

Link to post
Share on other sites

OK, I've turned off TeamViewer, Filezilla isn't running,  neither is DivxMediaServer or Bonjour.  Please remember that on the second system all was running OK until I loaded the update.  The same for the first system, I just couldn't say on that one that it was the update because I didn't test it right after it installed.  But I did on the second system.  On the second system all the same programs are loaded, before the update and Privacy ran. 

Attached is the first system Farbar files.

Addition.txt FRST.txt FRST.txt Addition.txt

Link to post
Share on other sites
  • Root Admin

Yes I understand what the remark lines are but not sure why they were even left in the hosts file.

 

Please run MSCONFIG and restore it back to NORMAL and restart the computer. After the restart run MSCONFIG again and make sure it is on NORMAL

If you want to use a Startup manager then possibly look at using Microsoft AutoRuns - MSCONFIG is a Diagnostic tool and with it currently being used as a Startup Manager it cannot be used as a Diagnostic tool.

Your version of Java is old and possibly compromised. If you really need Java please uninstall the current version and make sure you keep it up to date at all times. https://java.com

Please review your Firewall BLOCK settings to ensure they're valid for you. I don't see an issue for our program, just mentioning it in general for you.

 

FirewallRules: [TCP Query User{E42F258C-F504-4F34-9CF0-BDDD479BFE00}C:\users\home\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\home\appdata\local\akamai\netsession_win.exe => No File
FirewallRules: [UDP Query User{58D61D5E-1BB7-486A-AF63-8811085B6C83}C:\users\home\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\home\appdata\local\akamai\netsession_win.exe => No File
FirewallRules: [{FC5901FD-4AEB-4682-8CDC-D349E25924D4}] => (Block) C:\program files (x86)\winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{30BE683B-AE98-4879-A44C-866DB6F3FC97}] => (Block) C:\program files (x86)\winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{F2B53BA5-7316-4D08-A256-83DCDF8620AF}] => (Block) C:\myriad\mirc.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [{3AECCEB9-27D3-49C9-A088-5FB2D816DD5E}] => (Block) C:\myriad\mirc.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [{71CE1166-04C5-451F-BF3E-D46CA3F28C92}] => (Block) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F7783F9E-44E4-4FB1-A939-DA401A9C1286}] => (Block) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9CF3BB76-A662-42C6-8F42-B1E5945045B7}] => (Block) C:\program files (x86)\java\jre7\bin\java.exe => No File
FirewallRules: [{5C2CC45F-B7E2-44AD-AC9A-EB7523BCDB2C}] => (Block) C:\program files (x86)\java\jre7\bin\java.exe => No File
FirewallRules: [{AAB69815-8735-4F79-9FF9-6779E9823664}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe => No File
FirewallRules: [{0663CA67-3985-49BA-9CA9-3590C621FA0E}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe => No File
FirewallRules: [{7621B9B1-8BC3-41D0-B169-E1A9B9561C7C}] => (Block) C:\program files (x86)\microtek\scanwizard 5\lanserver.exe () [File not signed]
FirewallRules: [{29F09063-4643-4FD7-9AA3-4B2358449E9C}] => (Block) C:\program files (x86)\microtek\scanwizard 5\lanserver.exe () [File not signed]
FirewallRules: [{048888D7-468F-4412-B355-9FB38DA4BF30}] => (Block) C:\program files (x86)\microtek\scanwizard 5\msgrpr.exe () [File not signed]
FirewallRules: [{2BED2CB2-FF8F-4D1D-91BD-081EF8A6086E}] => (Block) C:\program files (x86)\microtek\scanwizard 5\msgrpr.exe () [File not signed]
FirewallRules: [{05F20107-109B-47C1-98E6-014EEE7E6CD9}] => (Block) C:\Program Files\VueScan\vuescan.exe (Hamrick Software -> Hamrick Software)
FirewallRules: [{9F2250F1-CE46-4157-AB39-9E4D9552030F}] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe => No File
FirewallRules: [{5F8D2DA4-DB3A-4B7B-93C4-E71E28615AE5}] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe => No File
FirewallRules: [{90E75054-95C9-4437-B535-E39E8C3A6745}] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe => No File
FirewallRules: [{E546F1F4-9855-404F-A80B-101963CFEB1E}] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe => No File
FirewallRules: [{8098F590-6783-4FF9-8002-BB9C0AE99C25}] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe => No File
FirewallRules: [{FD0BDE15-72AA-4231-A667-36583DB4D057}] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe => No File
FirewallRules: [{C7850683-4EEE-4EFA-A2E3-006BF2579E28}] => (Block) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe => No File
FirewallRules: [{03B0F7B2-D128-450A-9ED2-102E647DBE6D}] => (Block) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe => No File
FirewallRules: [{FFEAD65A-2AC4-451A-A0A1-2EDA24301F06}] => (Block) I:6\myriad\mirc.exe => No File
FirewallRules: [{30011418-C1D0-47A7-8B8C-D5271CF995A3}] => (Block) I:6\myriad\mirc.exe => No File
FirewallRules: [{5BEB3FAF-4A48-4F21-9717-9F7C8470E035}] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe => No File
FirewallRules: [{681C2CFE-9D40-42E3-B6FC-08C0B5B7474B}] => (Block) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe => No File
FirewallRules: [{C1268C02-FB79-48B5-94D9-7F07FC566D76}] => (Block) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe => No File
FirewallRules: [{13A7B637-DE9E-468B-AABD-9DBA0FFC7F37}] => (Block) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe => No File
FirewallRules: [TCP Query User{3CBB0E42-C535-4C22-83A3-A2554EC93D00}C:\gv-600b\imageprocsvr.exe] => (Block) C:\gv-600b\imageprocsvr.exe (TODO: <Company name>) [File not signed]
FirewallRules: [UDP Query User{B64917C2-DBE6-4D02-92E7-73240F3AAD1A}C:\gv-600b\imageprocsvr.exe] => (Block) C:\gv-600b\imageprocsvr.exe (TODO: <Company name>) [File not signed]
FirewallRules: [{C915DBB2-F39A-4ED0-854A-D2EB13EEBE23}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe => No File
FirewallRules: [{A8486D65-1986-4DB2-9B86-5EC7EF264054}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe => No File
FirewallRules: [{05A01C7B-0031-4CEE-A288-82DED423A3C6}] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe => No File
FirewallRules: [{A3697E8D-5E95-4B44-A7D0-B1105A2626B2}] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2319D9EB-B88F-4734-82A3-458C31A0CD9B}C:\myriad_5.1_pro\mirc.exe] => (Block) C:\myriad_5.1_pro\mirc.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [UDP Query User{C5DAA916-1726-47C4-ADB1-792D13334483}C:\myriad_5.1_pro\mirc.exe] => (Block) C:\myriad_5.1_pro\mirc.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [TCP Query User{A76BAE55-DFE5-4ED8-859E-FC9411E0CAB8}C:\program files (x86)\eagleget\eagleget.exe] => (Block) C:\program files (x86)\eagleget\eagleget.exe => No File
FirewallRules: [UDP Query User{AFC92861-B79A-4B96-916E-1EC59499ACA9}C:\program files (x86)\eagleget\eagleget.exe] => (Block) C:\program files (x86)\eagleget\eagleget.exe => No File

 

Some possibly minor issue, but we can run a generic clean up script to double-check this.

 

Application errors:
==================
Error: (12/01/2020 11:11:33 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (12/01/2020 10:58:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e48

Start Time: 01d6c7f83c1968b5

Termination Time: 15

Application Path: C:\Windows\Explorer.EXE

Report Id: f9c7f978-33ed-11eb-abbf-005056c00008

Error: (12/01/2020 10:33:06 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

 

 

 

Wow, noticed you have After Dark on the system. Is that still working well on Windows 7 ?

 

You have an entry that is typically installed from some Technical Support site that has used Remote Control software to work on your computer. If you did not install it or have someone install it to help you access your system you should ensure it's fully removed.

HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD9196219096] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x53ff8575" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD9196219096 /f <==== ATTENTION

 

The Search & Destroy 2 immunizer from 2014 is pretty much useless on a system today. It is highly unlikely any bad actor website from 2014 is still around and operational today.

You're running a DivX Update schedule but the original DivX corporation has been sold at least 3 times or more and though the technology works I seriously doubt there are any updates coming out again. This would appear to be a wasted resource in use.

 

This is an attempt to keep an unauthorized Windows comuter activated, but it's unlikely to actually work. That and one can actually still install a licensed version of Windows 10 if they have an original COA on their Windows 7, 8 system.
Task: {CC960637-694C-45C8-9B1D-8E8294CDE531} - System32\Tasks\IR5 => "C:\Windows\system32\cmd.exe" /c cscript.exe /b C:\Windows\System32\slmgr.vbs /rearm && net stop sppsvc && net start sppsvc

 

Windows Live has been deprecated now for many years. You still have it installed, or at least part of the Winsock entries. Unless there is a valid reason to keep it I would recommend that you uninstall the Microsoft Live items. Then a Winsock reset to verify they've been removed from the chain.

Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

 

You're also running HitmanPro37 from about 4 years ago. I would recommend that you uninstall that too and if you really want to use that program get a new fresh update of the program.

 

Not sure if the current installation of Windows was converted by VMware, but the version being run as a service and using resources is from 2011 and again, highly unlikely you need the service.

R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [423536 2011-08-19] (VMware, Inc. -> VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423536 2011-08-19] (VMware, Inc. -> VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423536 2011-08-19] (VMware, Inc. -> VMware, Inc.)

 

You have an old, unused it look like driver and service for Carbonite

S4 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [X]

 

You also have a very old driver for Emsisoft that should also be removed and if wanted use a current version.

R1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd -> Emsisoft Ltd)

 

The same for RogueKiller

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-11-18] (Adlice -> )

 

You have a potential issue here. Very odd to have a zero byte file size. It could be that FRST is unable to read it but one should check from Safe Mode or boot from USB to double-check

U3 a7510on5; C:\Windows\System32\Drivers\a7510on5.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

 

PLEASE Review and answer above questions or comments. Then run the following fix script on COMPUTER 1

 

 

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.