Jump to content

Malwarebyte messed up with my windows defender


Go to solution Solved by Maurice Naggar,

Recommended Posts

Recently I tried to installed malawarebyte software but seemed awesome and worked great but I somehow wanted to clean my pc so I uninstalled the software but It seems that my windows defender is gone showing error "Threat service has stopped. Restart now". I tried out many forums but it doesnt work at all. I tried to follow up the below forum but didnt really work

I am scared as hell right now. Your help is extremely appreciated. 
Please lemme know if something have to be run for the fix.  <3

 

 

Link to post
Share on other sites

Hello   :welcome: @RohitHasCaught

I will guide you.

Q1: How had you gone about uninstalling Malwarebytes ?  That I would like to know.

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

Gotta have history and all logs from Malwarebytes for Windows. 

 [   2   ]

  • I would like a report set for review.   This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply 
Link to post
Share on other sites

To be honest @Maurice Naggar, I am not that great at English but according to what i understood from your first question i believe is that you wanted to know my procedure of uninstalling Malwarebytes which is i simply went to Control Panel\Programs\Programs and Features and uninstalled it like every other application.
And as of for the logs, I have attached it. 
 

mbst-grab-results.zip

Link to post
Share on other sites

This will take a few passes. There is not a quick one step 'solution'. Thus patience is required. 

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

  • Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
    Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file. 

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

NOTE: Microsoft Defender antivirus was working on 12th April.  and had found a trojan in a downloaded file. I need you to be sure that that ISO is NO longer present

C:\Users\ROHIT\Downloads\kali-linux-2021.4a-installer-amd64-iso\kali-linux-2021.4a-installer-amd64.iso

I also would like you to insure that no other download file from same source is no longer stored on this system.  Thank you !

That iso file was classified as a sever torjan dropper by Microsoft

Link to post
Share on other sites

@RohitHasCaught 

Do a on-demand run with Microsoft Defender  and do a Quick scan.  If prompted, do turn ON the Microsoft Defender (security) antivirus.

From the Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.
Do a QUICK scan.
Let me know the end result of what the Microsoft Defender reports.

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

I automatically get all your replies. No need to use the @ 

This custom script is for  ROHITHASCAUGHT  only / for this machine only.

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do  checks & some  cleanups. This is really just housekkeping.

We will use FRSTEnglish  on the Downloads  folder to run a custom script.    The system will be rebooted after the script has run.

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed 60 minutes in execute time.

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. .  It will rebuild the Winsock.  It will remove a few 'policy' restrictions present about MS Defender

NOTE-2: This should run a quick scan with MS Defender antivirus and remove outstanding action items, if any. 

NOTE-3: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. 

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome,  and Opera  & BRAVE caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

  •  
  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt         <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


RIGHT click on FRSTENGLISH    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Link to post
Share on other sites

Thanks. Do NOT do any other adjustments or runs without my direction. We will need to do another special run. There is a excluded process on the settings of Defender that needs to be removed AND we also need to see that the Defender engine is the latest one.  Wait for my next reply, please. No need to acknowlege. But I do need for you to delete the file named FIXLIST.txt that is currently in Downloads folder. Be sure to do that.

Link to post
Share on other sites

You had apparently run 1 FRST Fix on your own before you posted this help-topic. That was the first run. My last fix script was the second run on this system. What follows below will be the third. Please never run any script FIX without the direct assitance & guidance of a malware removal expert.

This custom script is for  ROHITHASCAUGHT  only / for this machine only.

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do  checks & some  cleanups. This is really just housekkeping.

We will use FRSTEnglish  on the Downloads  folder to run a custom script.    The system will be rebooted after the script has run.

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed 60 minutes in execute time.

NOTE-1:  It will remove 1 excluded process from settings of MS Defender

NOTE-2: This should run a quick scan with MS Defender antivirus and remove outstanding action items, if any.

  •  
  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.
  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt        <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


RIGHT click on FRSTENGLISH    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Fixlist.txt

Link to post
Share on other sites

14 minutes ago, Maurice Naggar said:

You had apparently run 1 FRST Fix on your own before you posted this help-topic. That was the first run. My last fix script was the second run on this system. What follows below will be the third. Please never run any script FIX without the direct assitance & guidance of a malware removal expert.

 

The first run was your first script only the tool showed "not responding" and got closed
the second run was the one that was successful
the fixlog for the third run is attached


 

Fixlog.txt

Link to post
Share on other sites

There needs to be another run. There is still a undesirable exclusion. We also need to turn off controlled folder access. The MS Defender engine version is not showing a current version.

This custom script is for  ROHITHASCAUGHT  only / for this machine only.

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do  checks & some  cleanups. This is really just housekkeping.

We will use FRSTEnglish  on the Downloads  folder to run a custom script.    The system will be rebooted after the script has run.

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed 60 minutes in execute time.

NOTE-1:  It will remove 1 excluded process from settings of MS Defender

NOTE-2: This should run a quick scan with MS Defender antivirus and remove outstanding action items, if any.

  •  
  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.
  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt       <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


RIGHT click on FRSTENGLISH    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg


The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Link to post
Share on other sites

Not much luck. Controlled folder access is still on & we need it Off.
AND there is a process exclusion that we need to remove
ExclusionProcess    : {intellijide}

Look at, study, and use this guide at Tenforums
https://www.tenforums.com/tutorials/5924-add-remove-microsoft-defender-antivirus-exclusions-windows-10-a.html

We want to follow the OPTION ONE

To do 2 things:
Turn OFF Controlled Folder Access

when you get to the screen in Windows Security for Controlled Folder Access
click on Manage Controlled folder access
then remove all related "controlled folders" settings

Back to the section that has Defender exclusions
Remove the process exclusion of intellijide from the Microsoft Defender

Link to post
Share on other sites

I would highly suggest to insure that this pc is all up-to-date with security updates & cumulative upates on Windows. select the Windows Start  button, and then go to Settings  > Update & Security  > Windows Update . and click Check for Updates.
Have much patience. We are especially needing for a good update to Microsoft Defender.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.