Codelas Posted March 31, 2021 ID:1448120 Share Posted March 31, 2021 I recently got a browser hijacker and it seems that it also completely wiped malwarebytes from my system, and I cannot install it. I did the things from the post "I'm infected - What do I do now?" and did the Farbar Recovery Scan Tool scans. I'm unsure as to how to proceed further. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted March 31, 2021 ID:1448154 Share Posted March 31, 2021 Hello Codelas and welcome to Malwarebytes, Continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here When complete:- Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Let me see those logs in your reply... Thank you, Kevin.. fixlist.txt Link to post Share on other sites More sharing options...
Codelas Posted April 1, 2021 Author ID:1448253 Share Posted April 1, 2021 Okay, so I have done everything up to the Malwarebytes Support Tool step, because it didn't work. My system didn't restart when I ran "Clean" and just asked me to install the latest version of Malwarebytes, which didn't work because of the same "Invalid Path" error. I also noticed that after running the FRST fix, none of my tabs in my browser were gone. May this be of importance? I attached the fixlog here. Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted April 1, 2021 ID:1448299 Share Posted April 1, 2021 Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Link to post Share on other sites More sharing options...
Codelas Posted April 1, 2021 Author ID:1448318 Share Posted April 1, 2021 Okay, I have done what you wanted me to do. Here are the logs. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted April 1, 2021 ID:1448335 Share Posted April 1, 2021 Hiya Codelas, Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Try Malwarebytes again.... Thanks, Kevin Link to post Share on other sites More sharing options...
Codelas Posted April 1, 2021 Author ID:1448348 Share Posted April 1, 2021 Hey, Kevin. Excuse me, but I don't see the "attached fixlist.txt" on your reply. Link to post Share on other sites More sharing options...
Solution kevinf80 Posted April 1, 2021 Solution ID:1448350 Share Posted April 1, 2021 Apologies, is attached this time... fixlist.txt Link to post Share on other sites More sharing options...
Codelas Posted April 1, 2021 Author ID:1448358 Share Posted April 1, 2021 Hello Kevin! I ran the fix and it seems to have worked. I got Malwarebytes installed again, did a scan and had some detections which are now quarantined. Your help has been immense, and I am very grateful for your help. I think that I have this issue sorted now. I have attached the fixlog, in case you need it for anything. Once again, thank you Kevin, I wouldn't be able to do any of this without you! - Kind regards, Codelas Fixlog.txt 1 Link to post Share on other sites More sharing options...
kevinf80 Posted April 1, 2021 ID:1448361 Share Posted April 1, 2021 Hiya Codelas, Good to hear you system is working ok for you now, continue to finish up: Right click on FRST here: C:\Users\maksi\Desktop\Farbar\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Condsider the following: Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
Codelas Posted April 1, 2021 Author ID:1448384 Share Posted April 1, 2021 I have now uninstalled FRST. When I tried to follow along with the "Remove all system restore points" guide, I ran into an issue. This is the error I get when I try to open the System restore properties. Any idea to why? Link to post Share on other sites More sharing options...
kevinf80 Posted April 1, 2021 ID:1448406 Share Posted April 1, 2021 Can you check "Volume Shadow Copy" service, It should be set at "manual" is that correct.. Link to post Share on other sites More sharing options...
Codelas Posted April 1, 2021 Author ID:1448430 Share Posted April 1, 2021 I'm not quite sure I'm following. How do I check the "Volume Shadow Copy" Service? Can you explain please? Link to post Share on other sites More sharing options...
kevinf80 Posted April 1, 2021 ID:1448441 Share Posted April 1, 2021 Hiya Codelas, Select the Windows Key and R Key together on your Keyboard, that will open the "Run" box. Type or copy/paste services.msc into the run box, then hit the enter key. The "Services" window will open. Scroll to "Volume Shadow Copy" service. Its startup type setting should be "Manual" is that correct.... Thank you, Kevin... Link to post Share on other sites More sharing options...
Codelas Posted April 1, 2021 Author ID:1448452 Share Posted April 1, 2021 Hey Kevin. Yes it seems I've found it, and it is indeed set to "Manual". Link to post Share on other sites More sharing options...
kevinf80 Posted April 2, 2021 ID:1448475 Share Posted April 2, 2021 (edited) Hiya Codelas, I`ve attached VSS.zip to theis reply, download and unzip this file to your Desktop (nowhere else) so you have VSS.reg double click to run that registry file, agree any merges or alerts. Reboot when complete, try system restore again... Thanks, Kevin.... VSS.zip Edited April 2, 2021 by kevinf80 Link to post Share on other sites More sharing options...
Codelas Posted April 2, 2021 Author ID:1448496 Share Posted April 2, 2021 I have run the registry file and rebooted. Going into system restore properties still gives me the same error. This is what I see in system restore properties: Link to post Share on other sites More sharing options...
kevinf80 Posted April 2, 2021 ID:1448507 Share Posted April 2, 2021 Can you go back into services, right click on "Volume Shadow Copy" select "Properties" Change startup typ to "Automatic" apply then ok that setting change. Reboot your system and check System restore again... Link to post Share on other sites More sharing options...
Codelas Posted April 2, 2021 Author ID:1448587 Share Posted April 2, 2021 I changed Volume Shadow Copy to "automatic" and rebooted the system, but I keep getting the same error when I go into the System restore properties. Link to post Share on other sites More sharing options...
kevinf80 Posted April 2, 2021 ID:1448618 Share Posted April 2, 2021 Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply. Link to post Share on other sites More sharing options...
Codelas Posted April 2, 2021 Author ID:1448678 Share Posted April 2, 2021 I have run the scan with FSS, and here is the log. FSS.txt Link to post Share on other sites More sharing options...
kevinf80 Posted April 2, 2021 ID:1448699 Share Posted April 2, 2021 Do you have any software installed for backing up or reimaging your system...? Open the services windows again, ensure the following services are set to "Automatic" and are currently running: Volume Shadow Copy Microsoft Software Shadow Copy Provider Service Task Scheduler When all are in Automatic reboot and check system restore again.. Link to post Share on other sites More sharing options...
Codelas Posted April 3, 2021 Author ID:1448861 Share Posted April 3, 2021 I don't think I have any software for backing up or reimaging my system, because I don't recall any. Both "Volume Shadow Copy" and "Task Scheduler" are running and set to automatic, but I couldn't seem to find "Microsoft Software Shadow Copy Provider Service" anywhere in that list. Link to post Share on other sites More sharing options...
kevinf80 Posted April 3, 2021 ID:1448874 Share Posted April 3, 2021 Hiya Codelas, Please find attached to this thread swprv.zip Download and unzip to your Desktop, so you now have swprv.reg Double click that file to run it, accept any alerts or merges.. Reboot your PC when complete, does Microsoft Software Shadow Copy Provider now show in the services list... Thank you, Kevin.. swprv.zip Link to post Share on other sites More sharing options...
Codelas Posted April 4, 2021 Author ID:1448924 Share Posted April 4, 2021 I did what you asked and "Microsoft Shadow Copy Provider" has now appeared. I started it up and set it to automatic, which seems to have done the trick, since now I can see my system restore properties now. I will continue with the guides you sent me now. Thank you very much for the help Kevin. 1 Link to post Share on other sites More sharing options...
Recommended Posts