Jump to content

Sean has been infected, unable to connect MB service.


Recommended Posts

As many others have posted, I am unable to start MB, nor can I delete it. Mbam.exe will not run either. As asked for in similar threads, I have uploaded mb-check-results to aid in diagnosing my problem.

Interestingly, I have been unable to create a forum account here on the infected pc or even post on it at MB after I managed to create a forum account using my android tablet. Yet I see in my account profile that mb check result uploaded to your server.MB1.jpg.ad4050a13673b8ee3beb4f250aa013f5.jpgmb-check-results.zip

Hope you can help me out.

 

 

 

 

 

 

 

 

 

 

Link to post
Share on other sites

2 minutes ago, Sean70 said:

Yet I see in my account profile that mb check result uploaded to your server.

Please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file here on your next reply

Thanks

Link to post
Share on other sites

12 minutes ago, Sean70 said:

Hope the upload works. Thanks.

Now, Please turn off the following settings in the VPN if on.

image.png.ab7e5d62ac8a6f539557bcdbae7bff85.pngimage.png.38e8240d349ffa74e93aa5a437634f7a.png

Next

Please turn off off fast startup in Windows. Then restart.

https://www.tenforums.com/tutorials/4189-turn-off-fast-startup-windows-10-a.html

After that restart,

Please try the following. Open an Elevated Admin command prompt and copy / paste the following and press the Enter key. You should get a success message.

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v "DisabledComponents" /t REG_DWORD /d 32 /f

Then restart the computer and see if you get the same error.

This will set the IP preference to use IPV4 instead of IPV6 as recommended by Microsoft without actually disabling IPV6

 

Link to post
Share on other sites

Right. Before I saw your reply, I restarted Windows in safe mode without networking and MB started by itself without manually selecting it. I did a scan and it found one nasty and quarantined it. So I restarted normally and MB is back to working.

Then I looked for your reply and I have so far changed the MB Privacy VPN to tyour recommended settings. I have not done the reg edit yet. and am unsure if I need to as MB is back working including and update after I restarted.

Link to post
Share on other sites

Also, It now seems that I can reply to my own thread on the PC without getting that stupid spam message. All very strange. The program I tried to install which caused all the grief was utorrent. I'd heard they had some malware (bitminining ?) in the past but that that was now fixed. Will stay well away from then now.

 

Should I run the reg edit line in CMD now? 

Btw, thanks you very much for your assistance. Much appreciated.

Link to post
Share on other sites

4 minutes ago, Sean70 said:

The program I tried to install which caused all the grief was utorrent.

Using torrents can be dangerous.

9 minutes ago, Sean70 said:

I did a scan and it found one nasty and quarantined it.

Could you post the log from that scan please.

Link to post
Share on other sites

Sorry, will try again. Nah, it won't work. Here's a copy paste.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 27/03/2022
Scan Time: 16:56
Log File: b0ca1a3c-ad92-11ec-a455-a8a159100b44.json

-Software Information-
Version: 4.5.4.168
Components Version: 1.0.1599
Update Package Version: 1.0.52920
Licence: Premium

-System Information-
OS: Windows 10 (Build 19043.1586)
CPU: x64
File System: NTFS
User: DESKTOP-4UIIKLQ\philw

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 279908
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 1 min, 25 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.BundleInstaller, C:\USERS\*****\DOWNLOADS\UTORRENT.EXE, Quarantined, 508, 875791, 1.0.52920, , ame, , 022D5AE6C56EAE61AAC0E44BB680BC5E, 50D5C5E87031F564B0CCF85520FD29E8189F06F616054BBBD31340B8D643A4A2

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


 

Link to post
Share on other sites

15 minutes ago, Sean70 said:

Just the download of the utorrent  pup optional bundleinstaller.

Good. I suggest now to go to Windows and you should see the feature update for 21h2 and install it.

When done, Create and attach a new set of logs from the support tool.

Its almost 2:30 am here and I will check back Sunday.

Edited by Porthos
Link to post
Share on other sites

17 minutes ago, Sean70 said:

OK, installed update 21h2 and checked in settings that it was indeed installed. Ran the support tool this morning, log file attached.

Things seem good..

I would highly suggest again about downloading Utorrent. It is a bad Idea. Even with a VPN you can still get copyright notifications against you.

Quote

Quarantine Information
========================================
2022-03-27T03:44:00Z | C:\Users\philw\Downloads\uTorrent.exe [file | PUP.Optional.BundleInstaller]
2022-03-27T05:59:21Z | C:\Users\philw\Downloads\uTorrent.exe [file | PUP.Optional.BundleInstaller]

File sharing involves using technology that allows internet users to share files that are housed on their individual computers. Peer-to-peer (P2P) applications, such as those used to share music files, are some of the most common forms of file-sharing technology. However, P2P applications introduce security risks that may put your information or your computer in jeopardy.  Risks of File-Sharing Technology

If you really have to do it and are willing to take the risks. qbitorrent is a better choice and contains any adware.

Last thing I highly suggest is to change the following setting so you can have the extra protection of  Windows Defender alongside Malwarebytes.

image.png.87adb699fbc38f077b38a5c16659c20b.png

 

Quote

The reason many of us members are pushing Keeping Defender on is the following.

Malwarebytes does not target script files during a scan... That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will block files like these if malicious on execution-only.

 

And,

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders, and data folders as well as any installed browsers, caches, and temp locations.  This also means that if a threat were active from a non-standard location because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however, if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

An AV will catch the file just by downloading it or just opening a folder with a detected file in it.

For example, you get an email with an infected attachment, Malwarebytes will not even blink until you run it yet Defender will detect it if it is in their database without even actually clicking on it. Remember the list of files Malwarebytes does not target.

Then I will leave you with this.

As good as Malwarebytes is, it is just a layer of protection.

Using a browser that has Ublock Origin and the Malwarebytes Browser guard enabled is also a layer of protection.

Not opening attachments from an email unless you were expecting it from a specific user during a specific time period.

Do not use Torrents. Do not install every free software you find. Do not click links in an unknown email. Go directly to the site listed in the email.

Having a monthly image of your computer on an external drive that is only connected during the backup is actually better than any protective software ever made. Macrium Reflect free is the program I use and place on every computer I service.

 

 

Edited by Porthos
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.