Jump to content

failed Malwarebytes install solved + Trickbot Gootkit


Go to solution Solved by Maurice Naggar,

Recommended Posts

This computer likely had a Trickbot infection that has excluded several threat folders by making exclusions in Microsoft Windows Defender.

Those have to be cleaned up  ( removed).   There will still be more to do later.

First, we have to do a new Fix run.  First you need to Delete the old file I had you saved named Fixlist.txt

Delete the old one.  I have a new one below.

Sla het (bijgevoegde bestand met de naam) FIXLIST.txt op in de map Downloads van de gebruiker

Fixlist.txt

 

Start de Windows Verkenner en vervolgens naar de map Downloads.


Klik met de rechtermuisknop op FRSTENGLISH.exe en selecteer UITVOEREN als beheerder en laat het doorgaan. Antwoord JA wanneer u wordt gevraagd om toestemming te geven voor uitvoering.
   om het hulpprogramma uit te voeren. Als de tool u waarschuwt dat de versie verouderd is, download en voer dan de bijgewerkte versie uit.
ALS Windows u vraagt om dit uit te voeren, selecteert u JA om door te gaan.

ALS u een blokkeringsbericht van Windows krijgt over deze tool......
                klik lijn Meer info informatie op dat scherm
                en klik op de knop Toch uitvoeren op het volgende scherm.

in het FRST-venster:
Klik één keer op de knop Herstellen en wacht.

 

 

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

Voeg de FIXLOG.txt bij uw volgende antwoord later, bij uw volgende gelegenheid

Link to post
Share on other sites

  • Solution
Posted (edited)

I did get the file.  You did OK.  Now, we have to do one more run just like the last one.  Please take your time  and do NOT rush.  Go Careful.   :D

we have to do a new Fix run.  First you need to Delete the old file I had you saved named Fixlist.txt

Delete the old one named FIXLIST.txt.    I have a new one below.

.

Sla het (bijgevoegde bestand met de naam) FIXLIST.txt op in de map Downloads van de gebruiker

Fixlist.txt

 

Start de Windows Verkenner en vervolgens naar de map Downloads.


Klik met de rechtermuisknop op FRSTENGLISH.exe en selecteer UITVOEREN als beheerder en laat het doorgaan. Antwoord JA wanneer u wordt gevraagd om toestemming te geven voor uitvoering.
   om het hulpprogramma uit te voeren. Als de tool u waarschuwt dat de versie verouderd is, download en voer dan de bijgewerkte versie uit.
ALS Windows u vraagt om dit uit te voeren, selecteert u JA om door te gaan.

ALS u een blokkeringsbericht van Windows krijgt over deze tool......
                klik lijn Meer info informatie op dat scherm
                en klik op de knop Toch uitvoeren op het volgende scherm.

in het FRSTENGLISH:
Klik één keer op de knop Herstellen en wacht.

 

 

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

Voeg de FIXLOG.txt bij uw volgende antwoord later, bij uw volgende gelegenheid

We still need to do more.

Edited by Maurice Naggar
Link to post
Share on other sites

I would urge one more scan before we do anything else.

Thanks.  Good run / excellent actually.  Except there is more to do.   Even after this step below here.

You can start this task here  & then after it is started, you should go get a good nights rest.   Just let the computer run this over-night.   Then go get your sleep.

 

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

 

Let me know the result of this.    This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply.   On the next round, I will guide you on doing a new setup of Malwarebytes for Windows.   :cool:

Link to post
Share on other sites

Have a good night's rest.   After the last task has finished, be sure you uplod the report file msert.log.

Now we should be ready to do a new setup of Malwarebytes for Windows.  Take your time  and do not rush.

Be sure you save the next download to your system.

Now we can proceed to do a new install of Malwarebytes for Windows version 4.x   ( the current release version).
I'd suggest you save the download to the Desktop for ease of access.   Otherwise, save the file to Downloads folder.

1. Download the Malwarebytes  offline (full)   installer from : https://downloads.malwarebytes.com/file/mb4_offline
2. Now, go to the folder location where saved.     Right-click on the exe and select Run as Administrator and allow it to go forward.
3. After the Malwarebytes for Windows is done with the setup.

 

Now, after a success of the new setup, then you should do a scan with Malwarebytes for Windows.

In Malwarebytes for Windows program, we want to do a special scan.
 Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window.  Then click the Security tab.  Scroll down and lets be sure the line in SCAN OPTIONs for 

"Scan for rootkits" is ON 👈   Click it to get it ON if it does not show a blue-color . Next, click the small x on the Settings line to go to the main Malwarebytes Window.   Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top lin

e to get ALL lines  ticked   ( all selected).         <<<<     💢

MB4_scan_tick_ALL.jpg.d04ef98c885b4f44f51bfe735922fba7.jpg

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine.jpg.8639e1dfc2301bc6d60a8cfb3c339241.jpg

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

Link to post
Share on other sites

Thank you for the reports.   Microsoft Safety Scanner  result:  No infection found.   That is very excellent.    ^_^

The Malwarebytes scan reports no threats.  That is also very good.     ^_^

Now a different report, to check on Windows Defender and also on Windows Update service.  ( the latter is known to be a target of the infection that had been on this machine.)  This is a checkup report only.

 

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

  • Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
    Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file.    😁

Link to post
Share on other sites

Thank you.   Just as would be suspected, the infection had also deleted the service entry for Microsoft Windows update service.  We need to put it back.

[   A   ]

RIGHT click the link with your mouse-pointer and select SAVE ...as.... & guide the folder for saving to a folder ( do not double click / do not 'run' the file / nor open

Windows 10 Windows Update service

Once it is saved, then we are needing to merge the files onto the system, as follows

 

With you mouse, do a RIGHT-click on the file wuauserv.reg and select Merge

Let it do that & insure it finishes ok.

.

[  B   ]

 

Keeping the Windows operating system safe requires keeping up with all security updates from Microsoft Windows Update. On a regular basis. That's done by having the Windows Update service on. And monitoring on a regular basis.
The Microsoft August 2021 security updates cover 44 CVEs.  Of these CVEs, 7 are rated Critical and 37 are rated Important in severity. 
This machine needs to get & apply the     2021-08 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5005033)
Go to this link at the Microsoft Update Catalog.  It's the first item listed.  Download & save the file
https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005033 windows 10 20h2 for x64

It is the first one listed at that link.

Download the file.  SAVE it to your system.

Then to actually apply that update.

While in File Explorer, go to that .MSU  file

Do a Right click with your mouse on the .msu  and then select OPEN.

That should start the update process for that KB.  Insure that it fully completes that run.

Link to post
Share on other sites

  • AdvancedSetup changed the title to failed Malwarebytes install solved + Trickbot Gootkit
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.