Jump to content

Recommended Posts

hi, @AdvancedSetup, @Maurice Naggar similar issue here,

https://forums.malwarebytes.com/topic/274621-windows-security-center-service-missing-after-malware-attack/   

i just got virus on my new laptop.i think anti virus removed most of it but on windows security and defender is unable to start. windows security service is missing from services.msc. 

i think problem started after i tried to install a game from oceanofgames

i tried things from previous blog.

i attached log files here.

FRST.txt Addition.txt

Link to post
Share on other sites

Hello @drp and :welcome::

Thank you for the helpful FRST logs.

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have previously run a Malwarebytes Threat Scan, please launch/update MBAM and run an unmodified/default Threat Scan.

Then, much like you posted the FRST logs, attach the Threat Scan report text file in your next reply to this topic.

Thank you.

Link to post
Share on other sites

Hello @drp Please also run this report. 

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

  • Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
    Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file.  

Link to post
Share on other sites

yes , i know that , i tried opening windows security after turning off all third party antivirus . but it still gives black screen as in screenshot.

even if third party anti virus is installed it should be opening and show dashboard. and it is also removed from services.msc list. 

when i first installed third party antivirus i was able to open windows security app. but after i tried to install pirated game , it is not opening. when i checked windows defender folder in programdata ,data from the subfolders were deleted.

 

Screenshot 2022-10-06 145921.png

FSS.txt

Link to post
Share on other sites

I would urge you highly to stay far away from hack / cracked software of any sort. Whether a so called free program or free game, or whatever.
Hidden risks in pirated software
https://news.microsoft.com/apac/2019/01/08/hidden-risks-in-pirated-software/

Why You Shouldn't Use Pirated Software
https://www.computer.org/publications/tech-news/trends/why-you-shouldnt-use-pirated-software

Torrenting & filesharing. Try to not do that, as a general security matter. All it takes is one malicious file to lead to tragedy & loss.
https://informationsecuritybuzz.com/articles/torrenting-know-risks-take/

DON'T FALL FOR THE MONEY-SAVING LURE OF CRACKED SOFTWARE
https://scambusters.org/crackedsoftware.html 

Make very very sure you have uninstalled the pirated game AND have deleted the downloaded file(s) for that too.
Make very sure this machine now has NO pirated stuff, or hacked or cracked applications, games, etc.
The "pirated" stuff came bundled with malware, which has removed at least 2 important Windows security services.
We have much work to do ahead.

  • Like 2
Link to post
Share on other sites

Adding this too. This is a special scan tool by ESET. 

This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. 

Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.  That is, once it is under way, you should leave it running.  It will run for several hours.

  • At screen "Detections occured and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites

The ESET Online scan is very beneficial. It found & removed 1 bitcoin miner rogue DLL, plus, 2 "crack" items of illegal . dodgy app.

  • Take these actions so that Windows 11 is set to show all hidden files and folders.
  • Open File Explorer from the taskbar.
  • Select View > Show > Hidden items.

 

  • The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  FULL scan  

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.    👈
  • We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply. We will do more later.

Link to post
Share on other sites

After finishing the MSERT Safety Scanner run, these are next steps. 

This job will run exclusively and also at the end, it will do a Windows Restart ( reboot).

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app.

We will use FRST64.exe  on the Desktop folder to run a custom script.    This script is intended to restore 2 missing Windows services plus, to re-Enable Microsoft Defender antivirus.

This custom script is for  Drp Windows 11  only / for this machine only.

  • Please save the (attached file named) FIXLIST.txt   to the   Desktop   folder

Fixlist.txt        <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Desktop  folder.


RIGHT click on FRST64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  •    If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.
  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Be sure to let me know, How is the system at that point.

Link to post
Share on other sites

  • Root Admin

Thank you for the logs @drp

While you await a reply from @Maurice Naggar please run the following scanner as well and post back the log for Maurice

 

Please download the following tool

Farbar Service Scanner and run it on the computer with the issue
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

 

Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click "Scan"

It will create a log (FSS.txt) in the same directory the tool is run.
Please attach the log to your next reply.

 

Link to post
Share on other sites

There is a compound situation on this machine. That is , Quick Heal AntiVirus Pro is installed. Is that a paid license ?  or is it a Trial ? Can you Uninstall Quick Heal and Restart the Windows system.  Then later we can do some other checks and procedures.

Also do this: 

Let's pause and make time and just get a set of fresh reports to see what is running, what is active. Your machine has the FRST64 report tool on the Desktop folder. We will use that. Go to Downloads folder. RIGHT-click on FRST64 and select 

Run as Administrator

and tap ENTER. And reply YES to allow to proceed.  

  •  When the tool opens click Yes to the disclaimer.  And be very sure to TICK the box for Addition.txt
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run
  • Have patience since the run may take something like 10 or so minutes  (less depending on your hardware speed)
  • Close Notepad IF those show up on Notepad.
  • Just please Attach the 2 files FRST.txt +Addition.txt  with your next reply. or, you may put the 2 in a ZIP file & then attach that.
Link to post
Share on other sites

Thank you. It seems to me that a few other Windows services are AWOL. 

This job will run exclusively and also at the end, it will do a Windows Restart ( reboot).

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app.

We will use FRST64.exe  on the Desktop folder to run a custom script.    

This custom script is for  Drp Windows 11  only / for this machine only.

  • Please save the (attached file named) FIXLIST.txt   to the   Desktop   folder

Fixlist.txt       <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Desktop  folder.


RIGHT click on FRST64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  •    If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.
  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Be sure to let me know, How is the system at that point.

P.S. Do not do anything else on your own, except for going to Windows Defender antivirus & doing a Update run & doing a scan. NOTE: I will be in and out of here ( off & on) throughout rest of this day. You are still on my radar & in my care. I will return to you as time permits.

Link to post
Share on other sites

--> now when i click on windows security app, it is not opening, like not even blank screen , i click on app but nothing happens.

but when i looked windows security through setting, previous error is gone but whichever option i click it ask me to find app on windows store.

--> at update, it is the same error.

--> i tried running defender manually from services and i noticed one thing. for defender network inspection service path is set to C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe"  but that platform folder is still empty. 

Screenshot 2022-10-07 233055.png

Screenshot 2022-10-07 233417.png

Fixlog.txt

Link to post
Share on other sites

Allow me time to fully review the Fixlog and to formulate the next moves. Meantime, please stay out of the Services.msc

I would like a report set for review.   This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

  • Please attach  mbst-grab-results.zip    to your reply

P.S. Do not do anything else on your own. NOTE: I will be in and out of here ( off & on) throughout rest of this day. You are still on my radar & in my care. I will return to you as time permits.

 

Link to post
Share on other sites

Hello. I hope your weekend is going well. Thank you for your patience. It will take a few additional passes to square away the issues that are at hand with MS Defender - Windows Security. 

This job will run exclusively and also at the end, it will do a Windows Restart ( reboot).

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app.

We will use FRST64.exe  on the Desktop folder to run a custom script.    

This custom script is for  Drp Windows 11  only / for this machine only.

  • Please save the (attached file named) FIXLIST.txt   to the   Desktop   folder

Fixlist.txt      <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Desktop  folder.


RIGHT click on FRST64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  •    If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.
  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

PLEASE have patience when this starts. You will see a green progress bar start. Lots of patience.
Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Link to post
Share on other sites

There is more to do. Your patience is appreciated & recognized. 

This job will run exclusively and also at the end, it will do a Windows Restart ( reboot).

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app.

We will use FRST64.exe  on the Desktop folder to run a custom script.    

This custom script is for  Drp Windows 11  only / for this machine only.

  • Please save the (attached file named) FIXLIST.txt   to the   Desktop   folder

Fixlist.txt   <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Desktop  folder.


RIGHT click on FRST64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  •    If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.
  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

PLEASE have patience when this starts. You will see a green progress bar start. Lots of patience.
Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.