drp Posted October 5, 2022 ID:1536553 Share Posted October 5, 2022 hi, @AdvancedSetup, @Maurice Naggar similar issue here, https://forums.malwarebytes.com/topic/274621-windows-security-center-service-missing-after-malware-attack/ i just got virus on my new laptop.i think anti virus removed most of it but on windows security and defender is unable to start. windows security service is missing from services.msc. i think problem started after i tried to install a game from oceanofgames i tried things from previous blog. i attached log files here. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
1PW Posted October 5, 2022 ID:1536563 Share Posted October 5, 2022 Hello @drp and : Thank you for the helpful FRST logs. While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have previously run a Malwarebytes Threat Scan, please launch/update MBAM and run an unmodified/default Threat Scan. Then, much like you posted the FRST logs, attach the Threat Scan report text file in your next reply to this topic. Thank you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 5, 2022 ID:1536627 Share Posted October 5, 2022 Hello @drp Please also run this report. Download Farbar's Service Scanner utility and Save to your Desktop. Right-Click on fss.exe and select Run As Administrator. Answer Yes to ok when prompted. If your firewall then puts out a prompt, again, allow it to run. Once FSS is on-screen, be sure the following items are check-marked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Other services Click on "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please attach that file. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 5, 2022 ID:1536629 Share Posted October 5, 2022 I do see that there is a 3rd-party antivirus installed on this system. You know that that means that the built-in Windows 11 Windows Security is thus turned off ? Quick Heal AntiVirus Pro is installed. Link to post Share on other sites More sharing options...
drp Posted October 6, 2022 Author ID:1536685 Share Posted October 6, 2022 yes , i know that , i tried opening windows security after turning off all third party antivirus . but it still gives black screen as in screenshot. even if third party anti virus is installed it should be opening and show dashboard. and it is also removed from services.msc list. when i first installed third party antivirus i was able to open windows security app. but after i tried to install pirated game , it is not opening. when i checked windows defender folder in programdata ,data from the subfolders were deleted. FSS.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 6, 2022 ID:1536709 Share Posted October 6, 2022 I would urge you highly to stay far away from hack / cracked software of any sort. Whether a so called free program or free game, or whatever. Hidden risks in pirated softwarehttps://news.microsoft.com/apac/2019/01/08/hidden-risks-in-pirated-software/ Why You Shouldn't Use Pirated Softwarehttps://www.computer.org/publications/tech-news/trends/why-you-shouldnt-use-pirated-software Torrenting & filesharing. Try to not do that, as a general security matter. All it takes is one malicious file to lead to tragedy & loss.https://informationsecuritybuzz.com/articles/torrenting-know-risks-take/ DON'T FALL FOR THE MONEY-SAVING LURE OF CRACKED SOFTWAREhttps://scambusters.org/crackedsoftware.html Make very very sure you have uninstalled the pirated game AND have deleted the downloaded file(s) for that too. Make very sure this machine now has NO pirated stuff, or hacked or cracked applications, games, etc. The "pirated" stuff came bundled with malware, which has removed at least 2 important Windows security services. We have much work to do ahead. 2 Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 6, 2022 ID:1536710 Share Posted October 6, 2022 Adding this too. This is a special scan tool by ESET. This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours. At screen "Detections occured and resolved" click on blue button "View detected results" On next screen, at lower left, click on blue "Save scan log" View where file is to be saved. Provide a meaningful name for the "File name:" On last screen, set to Off (left) the option for Periodic scanning Click "save and continue" Please attach the report file so I can review Link to post Share on other sites More sharing options...
drp Posted October 6, 2022 Author ID:1536723 Share Posted October 6, 2022 now i faced conciquences . i bought new laptop just a month ago and this happed. i don't think i will ever visit those sites. i will post log file as soon as possible. thank you so much for your guide. Link to post Share on other sites More sharing options...
drp Posted October 6, 2022 Author ID:1536740 Share Posted October 6, 2022 here is the result. eset_result.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 6, 2022 ID:1536762 Share Posted October 6, 2022 The ESET Online scan is very beneficial. It found & removed 1 bitcoin miner rogue DLL, plus, 2 "crack" items of illegal . dodgy app. Take these actions so that Windows 11 is set to show all hidden files and folders. Open File Explorer from the taskbar. Select View > Show > Hidden items. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run. Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those. 👈 We only rely on the end result that is on the log-report-file. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at Windows\debug\msert.log Please attach that log with your reply. We will do more later. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 6, 2022 ID:1536786 Share Posted October 6, 2022 After finishing the MSERT Safety Scanner run, these are next steps. This job will run exclusively and also at the end, it will do a Windows Restart ( reboot). Please be sure to Close any open work files, documents, any apps you started yourself before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app. We will use FRST64.exe on the Desktop folder to run a custom script. This script is intended to restore 2 missing Windows services plus, to re-Enable Microsoft Defender antivirus. This custom script is for Drp Windows 11 only / for this machine only. Please save the (attached file named) FIXLIST.txt to the Desktop folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Desktop folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Be sure to let me know, How is the system at that point. Link to post Share on other sites More sharing options...
drp Posted October 7, 2022 Author ID:1536815 Share Posted October 7, 2022 now windows security is opening and also available in services.msc . but security servies is not starting. then i think of updating defender through windows update, there it gives update error 0x80070643. then i uninstalled all third party antiviruses , but still it is giving same error. msert.log Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 7, 2022 Root Admin ID:1536817 Share Posted October 7, 2022 Thank you for the logs @drp While you await a reply from @Maurice Naggar please run the following scanner as well and post back the log for Maurice Please download the following tool Farbar Service Scanner and run it on the computer with the issuehttp://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Click "Scan" It will create a log (FSS.txt) in the same directory the tool is run. Please attach the log to your next reply. Link to post Share on other sites More sharing options...
drp Posted October 7, 2022 Author ID:1536820 Share Posted October 7, 2022 here is the new log of fss FSS.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 7, 2022 Root Admin ID:1536823 Share Posted October 7, 2022 Thank you. I believe Maurice may be away by now. He will return to assist you further tomorrow. @drp Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2022 ID:1536881 Share Posted October 7, 2022 There is a compound situation on this machine. That is , Quick Heal AntiVirus Pro is installed. Is that a paid license ? or is it a Trial ? Can you Uninstall Quick Heal and Restart the Windows system. Then later we can do some other checks and procedures. Also do this: Let's pause and make time and just get a set of fresh reports to see what is running, what is active. Your machine has the FRST64 report tool on the Desktop folder. We will use that. Go to Downloads folder. RIGHT-click on FRST64 and select Run as Administrator and tap ENTER. And reply YES to allow to proceed. When the tool opens click Yes to the disclaimer. And be very sure to TICK the box for Addition.txt Press the Scan button. It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run Have patience since the run may take something like 10 or so minutes (less depending on your hardware speed) Close Notepad IF those show up on Notepad. Just please Attach the 2 files FRST.txt +Addition.txt with your next reply. or, you may put the 2 in a ZIP file & then attach that. Link to post Share on other sites More sharing options...
drp Posted October 7, 2022 Author ID:1536885 Share Posted October 7, 2022 i unistalled it. here are new logs. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2022 ID:1536900 Share Posted October 7, 2022 Thank you. It seems to me that a few other Windows services are AWOL. This job will run exclusively and also at the end, it will do a Windows Restart ( reboot). Please be sure to Close any open work files, documents, any apps you started yourself before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app. We will use FRST64.exe on the Desktop folder to run a custom script. This custom script is for Drp Windows 11 only / for this machine only. Please save the (attached file named) FIXLIST.txt to the Desktop folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Desktop folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Be sure to let me know, How is the system at that point. P.S. Do not do anything else on your own, except for going to Windows Defender antivirus & doing a Update run & doing a scan. NOTE: I will be in and out of here ( off & on) throughout rest of this day. You are still on my radar & in my care. I will return to you as time permits. Link to post Share on other sites More sharing options...
drp Posted October 7, 2022 Author ID:1536916 Share Posted October 7, 2022 --> now when i click on windows security app, it is not opening, like not even blank screen , i click on app but nothing happens. but when i looked windows security through setting, previous error is gone but whichever option i click it ask me to find app on windows store. --> at update, it is the same error. --> i tried running defender manually from services and i noticed one thing. for defender network inspection service path is set to C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe" but that platform folder is still empty. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2022 ID:1536924 Share Posted October 7, 2022 Allow me time to fully review the Fixlog and to formulate the next moves. Meantime, please stay out of the Services.msc I would like a report set for review. This is a report only. Please download MALWAREBYTES MBST Support Tool Once you start it click Advanced >>> then Gather Logs Have patience till the run has finished. Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply P.S. Do not do anything else on your own. NOTE: I will be in and out of here ( off & on) throughout rest of this day. You are still on my radar & in my care. I will return to you as time permits. Link to post Share on other sites More sharing options...
drp Posted October 7, 2022 Author ID:1536931 Share Posted October 7, 2022 here is the file. mbst-grab-results.zip 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2022 ID:1536942 Share Posted October 7, 2022 Thank you. I will review and later on, will get back with you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 8, 2022 ID:1537028 Share Posted October 8, 2022 Hello. I hope your weekend is going well. Thank you for your patience. It will take a few additional passes to square away the issues that are at hand with MS Defender - Windows Security. This job will run exclusively and also at the end, it will do a Windows Restart ( reboot). Please be sure to Close any open work files, documents, any apps you started yourself before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app. We will use FRST64.exe on the Desktop folder to run a custom script. This custom script is for Drp Windows 11 only / for this machine only. Please save the (attached file named) FIXLIST.txt to the Desktop folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Desktop folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have patience when this starts. You will see a green progress bar start. Lots of patience. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Link to post Share on other sites More sharing options...
drp Posted October 8, 2022 Author ID:1537038 Share Posted October 8, 2022 still same issue -> find an app to open this defender link. update has still issue. one thing that after last fix even my wifi has access to internet is was showing no internet, but it is fixed now. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 8, 2022 ID:1537046 Share Posted October 8, 2022 There is more to do. Your patience is appreciated & recognized. This job will run exclusively and also at the end, it will do a Windows Restart ( reboot). Please be sure to Close any open work files, documents, any apps you started yourself before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app. We will use FRST64.exe on the Desktop folder to run a custom script. This custom script is for Drp Windows 11 only / for this machine only. Please save the (attached file named) FIXLIST.txt to the Desktop folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Desktop folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have patience when this starts. You will see a green progress bar start. Lots of patience. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Link to post Share on other sites More sharing options...
Recommended Posts