Jump to content

Malwarebytes uninstalled itself?


Go to solution Solved by Maurice Naggar,

Recommended Posts

31 minutes ago, Maurice Naggar said:

Bravo. That is excellent. 👍😀

I would recommend getting a report on the update status of some key apps.

                               This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

here

SecurityCheck.txt

Link to post
Share on other sites

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on.

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Be sure that Microsoft Defender real-time protection is ON.

Link to post
Share on other sites

20 minutes ago, Maurice Naggar said:

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on.

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Be sure that Microsoft Defender real-time protection is ON.

I don't have "Windows defender" showing on these settings. All I have are these and the virus and threat protections are up to date accordingly.

image.png.11705bf1b94f7b9cf00cad29ca787ab9.png

Link to post
Share on other sites

3 hours ago, Maurice Naggar said:

Looking at your screen-grab-above >>> See the blue "Check for Updates" and click that & allow it to run & finish.
Then on that same screen, look and click on "Quick Scan".

image.png.548bfcc163ca1b98f5ff4761bc343b83.png

So I did a quick a quick scan, nothing found. Did a full scan and one threat was found and deleted. However here it says 8 threats found for some reason.

Link to post
Share on other sites

Recalling the screen-grab-image of the "Current Threats" section you had from next-to-last reply:
Go to that section.
Drill down into "Allowed threats". There make sure that there are no files or threats listed. If there are, please take a screen-shot image.
Then, go back and drill down into "Protection history".
There, do you see any threat that was not removed ?

Link to post
Share on other sites

1 hour ago, Maurice Naggar said:

Recalling the screen-grab-image of the "Current Threats" section you had from next-to-last reply:
Go to that section.
Drill down into "Allowed threats". There make sure that there are no files or threats listed. If there are, please take a screen-shot image.
Then, go back and drill down into "Protection history".
There, do you see any threat that was not removed ?

Nothing wrong here

image.png.f8ef35fe7d2efc61e03618269ab2b71e.png

image.png.ee80c96be087609e56e1c3d2aa4cd76f.png

Link to post
Share on other sites

Thank you. Know that it is not necessary or needed to click on "QUOTE" when you begin a reply. I get auto-notified of all your replies. This thread is one-to-one.
Returning to "protection history" look at "This app has been blocked" & See if possible to drill down further, if we can see details.
[ 2 ]

Let's get a set of fresh reports. Your machine has the FRSTENGLISH report tool on the Downloads folder. We will use that. Go to Downloads folder. RIGHT-click on FRSTENGLISH and select 

Run as Administrator

and tap ENTER. And reply YES to allow to proceed.  

  •  When the tool opens click Yes to the disclaimer.  And be very sure to TICK the box for Addition.txt
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run
  • Have patience since the run may take something like 10 or so minutes  (less depending on your hardware speed)
  • Close Notepad IF those show up on Notepad.
  • Just please Attach the 2 files FRST.txt +Addition.txt  with your next reply.
Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

Thank you for the fresh FRST reports. I will review and get back to you later on.
As fasr as the 2nd image just above ....The this app has been blcoked. Microsoft Defender sensed a Conduit-related adware item.
Look on your Desktop , under Tools and Games, where did "feelers_setup" come from?
Go to where that detected item is in Defender and click on the "ACTIONS" button
I would suggest to select it to be removed / or quarantined  {that is IF the item is still around }.

For the Record, as far as the original start of the case: Confirm that Malwarebytes is still ON and protecting the system.

Edited by Maurice Naggar
Link to post
Share on other sites

So, that file is from a couple of game demos and flash games  from the early-mid 2000s I extracted from some game CDs which were purchaseable at the time. They're really nostalgic to me.

Idk what the feelers game was since it's so many games I don't know what most of them are, but it's been deleted already. Just checked, there's nothing there where that feelers_setup is supposed to be.

Yes, Malwarebytes is still up and running.

Link to post
Share on other sites

I would like to point out a many "executable" "games" of Digerati that have been flagged by Microsoft Defender antivirus. all located under the Desktop
under sub-folder C:\Users\Luke\Desktop\Tools and Games\cds
My suggestion is to visually and manually check on that folder, and, to delete all the files if they are still present.
Date: 2022-08-02 22:42:52
Description: 
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUAAdvertising:Win32/Conduit&threatid=311906&enterprise=0
Nome: PUAAdvertising:Win32/Conduit
Gravidade: Baixo
Categoria: Software Potencialmente Indesejado
Caminho: file:_C:\Users\Luke\Desktop\Tools and Games\cds\Digerati_Tiro_100games+\Instalaveis\Feelers\feelers_setup.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Usuário
Usuário: DESKTOP-TFJ96TF\Luke
Nome do Processo: Unknown
Versão da Inteligência de Segurança: AV: 1.371.1323.0, AS: 1.371.1323.0, NIS: 1.371.1323.0
Versão do Mecanismo: AM: 1.1.19400.3, NIS: 1.1.19400.3

Date: 2022-08-02 22:42:52
Description: 
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Nome: Trojan:Win32/Wacatac.B!ml
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Users\Luke\Desktop\Tools and Games\cds\Digerati_Guerra_59Games\Primeira Pessoa\Silent_in_the_dark.exe
Origem da Detecção: Computador local
Tipo da Detecção: FastPath
Fonte da Detecção: Usuário
Usuário: DESKTOP-TFJ96TF\Luke
Nome do Processo: Unknown
Versão da Inteligência de Segurança: AV: 1.371.1323.0, AS: 1.371.1323.0, NIS: 1.371.1323.0
Versão do Mecanismo: AM: 1.1.19400.3, NIS: 1.1.19400.3

Date: 2022-08-02 22:42:52
Description: 
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/Amonetize&threatid=311963&enterprise=0
Nome: PUADlManager:Win32/Amonetize
Gravidade: Baixo
Categoria: Software Potencialmente Indesejado
Caminho: file:_C:\Users\Luke\Desktop\Tools and Games\cds\Digerati_BombJack_450Games\Nave\platypus_miniclip.exe; file:_C:\Users\Luke\Desktop\Tools and Games\cds\Digerati_Click07_CounterStrike_404Jogos\Nave\platypus_miniclip.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Usuário
Usuário: DESKTOP-TFJ96TF\Luke
Nome do Processo: Unknown
Versão da Inteligência de Segurança: AV: 1.371.1323.0, AS: 1.371.1323.0, NIS: 1.371.1323.0
Versão do Mecanismo: AM: 1.1.19400.3, NIS: 1.1.19400.3

Date: 2022-08-02 22:42:52
Description: 
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUABundler:Win32/DivxBundler&threatid=311939&enterprise=0
Nome: PUABundler:Win32/DivxBundler
Gravidade: Baixo
Categoria: Software Potencialmente Indesejado
Caminho: file:_C:\Users\Luke\Desktop\Tools and Games\cds\Digerati_52GamesExclusivos_GameType3\Essenciais\DivX51Bundle.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Usuário
Usuário: DESKTOP-TFJ96TF\Luke
Nome do Processo: Unknown
Versão da Inteligência de Segurança: AV: 1.371.1323.0, AS: 1.371.1323.0, NIS: 1.371.1323.0
Versão do Mecanismo: AM: 1.1.19400.3, NIS: 1.1.19400.3

Link to post
Share on other sites

So I deleted the following files you specified to me. I noticed that as soon as I reached the directory with those files, Windows Defender would detect it and ask for me to pick an action to how to deal with that specific file. So I decided to go through every single folder and subfolder on the cds directory so Windows Defender could detect everything. One by one.

 

You'll notice 2 of them say "failed". That is because I use the 'Ctrl+Shift+Del' shortcut on the files myself to permanently get rid of them at first before windows defender attempted to delete it. So here are all of them, including the ones I sent before.

 

image.png.de7e9c9c3a825ea2f876f3cf0e1168cc.pngimage.png.441373fa41866174225d0680114a6da2.pngimage.png.62a6fa63afce6436cf2d8d16a811cbbe.pngimage.png.ff88a964547662453e68fda904cd1bb0.pngimage.png.704a81bcf509aa61999ab06d91e928f7.pngimage.png.b4b88a1c31b927a75501cb3065360b38.pngimage.png.373039e2c640f629ba1eacf739e0bdf8.png

 

Then all the blocked threats as well.

 

image.png.d1cf1b1337c619c2ef44dc5ef0f4a07c.png

 

image.png.324897468382a5e10d740ecadace7961.pngimage.png.fac4edf272c18cf28864bf6fe1e57c9c.png

Link to post
Share on other sites

Maurice, I appreciate your help, time and effort into helping me. I needed to sort this problem out and I'm glad you're helping me. But I need to know for approximately how much longer this is gonna take. It's been nearly 3 days of me being unable to use my machine for work.

Link to post
Share on other sites

  • Solution

[ A }
Getting back to items flagged by SecurityCheck tool report, these apps need attention & follow-thru to get latest Released Updates.
Notepad++ (64-bit x64) v.8.3.3   Warning! Download Update

7-Zip 21.07 (x64) v.21.07   Warning! Download Update
Uninstall old version and install new one.

GIMP 2.10.30 v.2.10.30   Warning! Download Update

Discord v.1.0.9004   Warning! Download Update

Zoom v.5.10.4 (5035)   Warning! Download Update

K-Lite Mega Codec Pack 16.9.8 v.16.9.8   Warning! Download Update

[ B ]
You may use the computer to do work. I will get back to you later, about the screen-grabs from MS Defender
 

Link to post
Share on other sites

When you have the time & opportunity.
As to Windows Security / Microsoft Defener antivirus, for those items shown "This app has been blocked"
Go to review each item. I would like you to click on the button "ACTIONS"
look at the available list of options. Take action to remove, or delete or Quarantine.
I highlighted that button on the sample image below.

windefend-action.png

Link to post
Share on other sites

You did not mention what type of file was flagged. You did not mention the name of the file or where located. So I am in the dark & thus cannot guess.
BUT the Microsoft Defender antivirus engine is wholly unique from Malwarebytes. Defender is also one of the harder to get from it a decent readable scan report.

Next, a custom script to do  checks. Be sure to delete the file named Fixlist.txt on the Downloads folder ( the old one from before). 

We will use FRSRENGLISH.exe  on the Downloads folder to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  Hypermugen  only / for this machine only.

  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.
  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt         <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads    folder.


RIGHT click on FRSTENGLISH.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.  

Link to post
Share on other sites

Okay so, this was the file that wasn't detected before:

image.png.8625910d2a8c903843cf20879b8b9508.png

 

So the thing is, this is my grandpa's old hardrive i backed up on my pc because there were lots of photos and videos from our family. It's really old, was from a Windows XP laptop.

 

Interestingly enough, I did find some malware with MalwareBytes when I first scanned it. All threats removed, etc. Then I also did a couple of Full Scans with Windows Defender and the Kaspersky one AND the Windows one you sent me.

 

Later on, I did another Malwarebytes scan specifically for that folder and a Custom scan with Windows Defender, said it was clean. Then I did another scan the next day and there it was. This file was now considered harmful; Even though I had no interaction with this directory whatsoever.

 

So this is what I mean. Some antiviruses detect some viruses, some don't, some detect on some days, not on others. It doesn't make sense anymore.

 

In regards to the scan tool. Yes, there are times I'm not using my system, but when I turn everything back on, I have to log in to multiple accounts and manually log off of this pc from before I last used it. They all have 2FA security and that takes a very long time. May I ask what you're trying to achieve by asking me to run this app again?

 

Link to post
Share on other sites

Screenshot shot shows a action date of 4 August this past Thursday. The file was an executable file. It was detected & removed.  Microsoft Defender as well as other security programs do update their definitions. They do update definitions over time. Thus the last detection by Defender.

This computer, does it always stay up running around the clock ?   24-hours around the clock? Do you ever do a Windows shutdown >> Restart ?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.