illusionist Posted July 15, 2022 ID:1525052 Share Posted July 15, 2022 Microsoft edge autostarts with no window, then locks. Cannot end task. Windows store is broken, WUpdate failed repeatedly on an update, tried SFC, Dism wouldnt work. I tried resetting it with a .bat, didnt help. So I used the Upgrade Assistant to get 21h2. MB doesnt detect anything, but strange activity few days ago, it had to reinstall itself (?) ... Had a stange personal certificate in previous Chrome webbrowser, removed it and reinstalled the browser. KVRT doesnt show anything (except that 8 microsoft edge processes are locked, TDSSKILLER doesnt show anything. Eset found a autorun PrintNotify, I removed it. this is current FRST logs, aswell as MB support tool logs Thanks for your help Addition.txt FRST.txt mbst-grab-results.zip Link to post Share on other sites More sharing options...
illusionist Posted July 15, 2022 Author ID:1525055 Share Posted July 15, 2022 Also, forgot to mention but whenever I reinstall windows, policies are introduced, restrictions are made, either my network is completely PWNED or something is following along with the peripherals, install media etc.. wrong packages for my version of windows, dirty drivers?.. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 15, 2022 ID:1525072 Share Posted July 15, 2022 Hello I will guide you along on looking for remaining malware. Lets keep these principles as we go along. Removing malware can be unpredictable Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going. This next tool ought to take something in the range of 15 - 25 minutes tops, depending on hardware speed. get & run the Malwarebytes MBAR anti-rootkit tool to do 1 run with it. Disregard the title subject of the topic.Run the MBAR tool as listed here https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes when done, I need the MBAR logs. Upon completion of the scan or after the reboot, two files named mbar-log.txt and system-log.txt will be created. Both files can be found in the extracted MBAR folder on your Desktop. Please attach both files in your next reply. Link to post Share on other sites More sharing options...
illusionist Posted July 15, 2022 Author ID:1525085 Share Posted July 15, 2022 Thank you for assisting me. I will follow your instructions, but I have one question, windows defender blocked (some) access with controlled folders, but the scan is still ongoing. Should I re-do the scan and allow the app through controlled folders? Link to post Share on other sites More sharing options...
illusionist Posted July 15, 2022 Author ID:1525088 Share Posted July 15, 2022 system-log.txtmbar-log-2022-07-15 (17-13-12).txt Said scan was clean. Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted July 15, 2022 Solution ID:1525095 Share Posted July 15, 2022 Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article Please use thuis guide https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html Next, a custom script to do checks & selected cleanups. There is a setting that has disabled Microsoft Windows Update which has to be removed. We will use FRST64.exe on the Downloads folder to run a custom script. The system will be rebooted after the script has run. This custom script is for Illusionist only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. Hoping it will not exceed 60 minutes in execute time. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. This here is not a one-shot-cure-all. There will be more to do later. Link to post Share on other sites More sharing options...
illusionist Posted July 15, 2022 Author ID:1525100 Share Posted July 15, 2022 After the restart, prior to my bios message I was greeted by a boot selection screen which briefly appeared for a second, is this normal? I have not seen that before. Fixlog.txt Link to post Share on other sites More sharing options...
illusionist Posted July 15, 2022 Author ID:1525102 Share Posted July 15, 2022 Im very sorry if I already messed up but does "USB-flash-thumb or USB-storage drives attached" include my WiFi Adapter that plugs in via usb? Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 15, 2022 ID:1525125 Share Posted July 15, 2022 Just some quick notes. No, I did not intend or mean anything about WIFI-adapters ( when mention was made about unplugging peripheral hardware). On system bootup, the system displays for a few short seconds ( 7 seconds) the Windows Boot Manager window....you do not need to do anything normally. It is only there as a precaution in case we need to be able to have a way to select Safe mode start-up ( or another special start from the Advanced Boot option). Just let it time-out. Or you can just tap Enter-key to have it go right into normal Windows. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 15, 2022 ID:1525126 Share Posted July 15, 2022 Do a custom scan with Microsoft Defender Antivirus : Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan. From the Windows Start menu, select Settings, then select Update and Security. Next, look at the left-side menu & select Windows Security Next, In Windows Security section: Click on the grey button Open Windows Security Now, click on the shield Virus and threat protection Look to see that Microsoft Defender is shown & available for use. On the next display, look at all the options. Look down the list and see "Check for Updates" . You should click on that to have the system check for updates for Windows Defender. Watch & wait for that to complete. Please also note that the Scan options (all) can be displayed by clicking on Scan options. Click that & select CUSTOM scan & then pick the C drive & have it go forward. Once it has started the scan phase, you can go take a long break. Let me know the results. Link to post Share on other sites More sharing options...
illusionist Posted July 16, 2022 Author ID:1525226 Share Posted July 16, 2022 Thank you Maurice. I have done as instructed and scan shows 0 threat detected. Link to post Share on other sites More sharing options...
illusionist Posted July 16, 2022 Author ID:1525227 Share Posted July 16, 2022 No current threats. Last scan: 7/16/2022 6:16 (custom scan) 0 threats found Scan lasted 3 minutes 44 seconds 176163 files scanned Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 16, 2022 ID:1525229 Share Posted July 16, 2022 Very good / Excellent // This will be a check with ESET Onlinescanner for potential viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours. At screen "Detections occured and resolved" click on blue button "View detected results" On next screen, at lower left, click on blue "Save scan log" View where file is to be saved. Provide a meaningful name for the "File name:" On last screen, set to Off (left) the option for Periodic scanning Click "save and continue" Please attach the report file so I can review Link to post Share on other sites More sharing options...
illusionist Posted July 16, 2022 Author ID:1525232 Share Posted July 16, 2022 Eset scan was clean clean.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 16, 2022 ID:1525239 Share Posted July 16, 2022 That is very good to see. 😀 Do a new scan with Malwarebytes for Windows. Do a Check for Update using the Malwarebytes Settings >> General tab. See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows When it shows a new version available, Accept it and let it proceed forward. Be sure it succeeds. If prompted to do a Restart, just please follow all directions. Let me know how that goes. Next, the Malwarebytes sca Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. >>>>>> 👉 You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). <<<< 💢 Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark Then click on Quarantine button. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 😉 Link to post Share on other sites More sharing options...
illusionist Posted July 16, 2022 Author ID:1525241 Share Posted July 16, 2022 MB detected SecurityCheck as malware, I believe this is a false detection. But I quarantined it and let MB restart my computer. Log attachedfalsedetect.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 17, 2022 ID:1525323 Share Posted July 17, 2022 By the way, when you get a minute, On Malwarebytes settings, turn OFF "Use expert system algorithm" In Malwarebytes >>> Settings >>> Security tab Link to post Share on other sites More sharing options...
illusionist Posted July 18, 2022 Author ID:1525365 Share Posted July 18, 2022 That was already turned off prior to the scan. Link to post Share on other sites More sharing options...
illusionist Posted July 18, 2022 Author ID:1525374 Share Posted July 18, 2022 My computer has been working much better after the Farbar fix, but some issues still remains. Microsoft Store doesnt want to load, is there any fix to that? Also, group policy client starts and shutdowns at seemingly random times. Is group policy even implemented in Win 10 home? Once again thank you for your assistance :) Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 18, 2022 ID:1525410 Share Posted July 18, 2022 Home edition of Windows does not have "group policy" built-in. In any event, do a Microsoft Windows check-run to insure O.S. is all Current. (leave MS Store issue to the side-table). I would highly suggest to insure that this pc is all up-to-date with security updates & cumulative updates on Windows. select the Windows Start button, and then go to Settings > Update & Security > Windows Update . and click Check for Updates. Have much patience. Link to post Share on other sites More sharing options...
illusionist Posted July 18, 2022 Author ID:1525450 Share Posted July 18, 2022 I cannot find any new updates besides definition updates. I think I am up to date? Link to post Share on other sites More sharing options...
illusionist Posted July 19, 2022 Author ID:1525467 Share Posted July 19, 2022 What is the next course of action from now on? Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 19, 2022 ID:1525514 Share Posted July 19, 2022 The Microsoft Store App issue is simply a glitch, that can happen to any system. It is not a malware, nor a infection issue. I suggest you see the tips by Greg Carmack [ MS MVP ] at the Microsoft Answers https://bit.ly/3aPIDjX 1 Link to post Share on other sites More sharing options...
illusionist Posted July 20, 2022 Author ID:1525614 Share Posted July 20, 2022 Okay, thank you Maurice for everything. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 20, 2022 ID:1525674 Share Posted July 20, 2022 Let's get a set of fresh reports for final review. Your machine has the FRST64 report tool on the Downloads folder. We will use that. Go to Downloads folder. RIGHT-click on FRST64 and select Run as Administrator and tap ENTER. And reply YES to allow to proceed. When the tool opens click Yes to the disclaimer. And be very sure to TICK the box for Addition.txt Press the Scan button. It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run Have patience since the run may take something like 10 or so minutes (less depending on your hardware speed) Close Notepad IF those show up on Notepad. Just please Attach the 2 files FRST.txt +Addition.txt with your next reply. Link to post Share on other sites More sharing options...
Recommended Posts