Jasas Posted October 18, 2022 ID:1538452 Share Posted October 18, 2022 So i had a problem with the cause (downloaded some pirated file) with the results similarly as this thread in 2020 ; After i downloaded the pirated files (has not yet been installed), i got several notifications about threat from Windows Defender service which i proceed to remove. But after that, I found out that my Windows Defender screen went blank. Then i restarted my laptop and got a warning from Windows Script that "The system cannot find the files specified" from Run.vbs. I surf the internet for solution and i found the thread above and followed the intructions (without the third party antivirus steps beacuse i dont have any) . Until the final step where i need to enter 2 command below WMIC SERVICE WHERE Name="windefend" set startmode="auto" And then : net start windefend But it says "System error 2 has occured" and "The system cannot find the files specified". Windows Defenders still cant be start and still blank. So is there any solution for this without resetting my computer? I have provided some information below that may help. SecurityCheck.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 19, 2022 Root Admin ID:1538456 Share Posted October 19, 2022 Hello and @Jasas My screen name is AdvancedSetup and I will assist you with your system issues. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow all steps in the provided order and post back all requested logs Please attach all log files to your post, unless otherwise requested Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans have been completed. Temporarily disable Microsoft SmartScreen to download the software below if needed. Make sure to turn it back on once the scans are completed. Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing. Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Cracked, Hacked, or Pirated programs are not only illegal but also can make a computer a malware victim. Having such programs installed is the easiest way to get infected. It is the leading cause of ransomware encryption. It is at times also a big source of current Trojan infections. If there are any on the system you should uninstall them before we proceed. Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours. If your system is running Discord, please be sure to Exit it while this case is ongoing. To begin, please do the following so that we may take a closer look at your installation for troubleshooting. This is a report only. NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply Please, also run the following tool Farbar Service Scanner and run it on the computer with the issuehttp://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Click "Scan" It will create a log (FSS.txt) in the same directory the tool is run. Please attach the log to your next reply. Thank you Link to post Share on other sites More sharing options...
Jasas Posted October 19, 2022 Author ID:1538460 Share Posted October 19, 2022 Hi, @AdvancedSetup Here the zip and the log as needed. Thank you for replying and i hope this help FSS.txt mbst-grab-results.zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 19, 2022 Root Admin ID:1538462 Share Posted October 19, 2022 How familiar are you with the command prompt, zip files, Safe Mode, and Recovery Environment? Link to post Share on other sites More sharing options...
Jasas Posted October 19, 2022 Author ID:1538463 Share Posted October 19, 2022 I kinda familiar with using command prompt and zip files but i never use Safe Mode and Recovery Environment Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 19, 2022 Root Admin ID:1538464 Share Posted October 19, 2022 Please start an elevated admin command prompt. Then copy and past the following into the command prompt windows and press the Enter key echo > 0 & dir /a /s "C:\ProgramData\Microsoft\Windows Defender\Platform" >> 0 & echo >> 0 & notepad 0 | ECHO >NUL & DEL 0 Post back that log and I'll check it out when I get back from dinner Link to post Share on other sites More sharing options...
Jasas Posted October 19, 2022 Author ID:1538465 Share Posted October 19, 2022 Alright, dont worry, i will be waiting. Here is the log. Thank you again for checking out 0 .txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 19, 2022 Root Admin ID:1538466 Share Posted October 19, 2022 Sent you a private message Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 19, 2022 Root Admin ID:1538479 Share Posted October 19, 2022 (edited) Please save the attached zip file to your computer. Then extract the files to a new folder named C:\FIX It must be extracted to C:\FIX or it will not work to run the fix. Once you have extracted the files, then restart the computer into Safe Mode Find the file named: c:\fix\repair_services.bat and run that batch file with Admin rights in Safe Mode It will also create a file named: C:\FIX\WinDefend_info.txt RestoreServices_Win10.zip Attach the file C:\FIX\WinDefend_info.txt to your next reply and let me know if there were any errors. Please pay attention to any errors and try to write down or capture them and let me know when you reply Then restart the computer back into Normal Mode and run the FSS scanner again and post back that new log too. Thanks @Jasas Edited October 19, 2022 by AdvancedSetup Updated information Link to post Share on other sites More sharing options...
Jasas Posted October 19, 2022 Author ID:1538486 Share Posted October 19, 2022 Here the files needed. I didn't find any errors. FSS.txt WinDefend_info.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 19, 2022 Root Admin ID:1538499 Share Posted October 19, 2022 Save the attached zip file to your computer. Then extract the zip file to the C:\FIX folder as before. Make sure the files are in C:\FIX or it will not work @Jasas Then restart the computer back into Safe Mode again. Then right-click over the file: C:\FIX\Fix_WinDefendPath.bat and select "Run as administrator" It will run a System File Check let me know what that says. Then it will also create a new file called: C:\FIX\security_center_status.txt Please attach that file on your next reply Then restart into Windows Normal mode and again run the FSS scanner and send me the new log. security_center_status.txt FSS.txt Fix_WinDefendPath.zip Link to post Share on other sites More sharing options...
Jasas Posted October 19, 2022 Author ID:1538523 Share Posted October 19, 2022 Sorry for the long reply. Have attached the file to C:\FIX and run in the Safe mode. This is the result. security_center_status.txt FSS.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2022 ID:1538532 Share Posted October 19, 2022 (edited) Hello. Pardon the intrusion. While you are waiting for AdvancedSetup, this here is intended to assist on Microsoft Defender antivirus. This will be a very quick one-time run. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app. We will use FRSTENGLISH.exe on the Downloads folder to run a custom script. This custom script is for Jasas machine only / for this machine only. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. 👈 Afterwards, do a visual check Windows Start >> Settings >> Windows Security Edited October 19, 2022 by Maurice Naggar Link to post Share on other sites More sharing options...
Jasas Posted October 19, 2022 Author ID:1538534 Share Posted October 19, 2022 Hi @Maurice Naggar, thank you for your assistance. So i run as you instructed and security menu no longer blank. But i still got the warning from Window Script Host (as the picture below shown). Is this mean the Window Defender is working or just the visual? Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2022 ID:1538535 Share Posted October 19, 2022 1. We have to have the Fixlog.txt report file. Kindly attach in reply. 2. This machine needs yet more guided help. 3. Let's pause and make time and just get a set of fresh reports to see what is running, what is active. Your machine has the FRSTENGLISH report tool on the Downloads folder. We will use that. Go to Downloads folder. RIGHT-click on FRSTENGLISH and select Run as Administrator and tap ENTER. And reply YES to allow to proceed. When the tool opens click Yes to the disclaimer. And be very sure to TICK the box for Addition.txt Press the Scan button. It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run Have patience since the run may take something like 10 or so minutes (less depending on your hardware speed) Close Notepad IF those show up on Notepad. Just please Attach the 2 files FRST.txt +Addition.txt with your next reply. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 19, 2022 Root Admin ID:1538536 Share Posted October 19, 2022 Did you download and run the FIXLIST.TXT file that @Maurice Naggar provided above? You need to shave the file to the same location as the Farbar program. Then run it and click the FIX button. Thanks @Jasas Link to post Share on other sites More sharing options...
Jasas Posted October 19, 2022 Author ID:1538539 Share Posted October 19, 2022 @AdvancedSetup Yes, I did. And i got the Fixlog.txt. I will send the rest (FRST.txt and Addition.txt) after finish the scanning. Fixlog.txt Link to post Share on other sites More sharing options...
Jasas Posted October 19, 2022 Author ID:1538541 Share Posted October 19, 2022 Here is the rest. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2022 ID:1538543 Share Posted October 19, 2022 Thanks for all reports. Indeed we need to do more custom runs. Allow me some time to do a review. Later on, I will make a new post. There are a few more things to address. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 19, 2022 Root Admin ID:1538544 Share Posted October 19, 2022 Okay, give me a moment to check your logs and I'll provide you another script to run Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 19, 2022 Root Admin ID:1538548 Share Posted October 19, 2022 Please download the attached FIXLIST.TXT to the same location as Farbar Then run Farbar with Admin rights and click on the FIX button. Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply This may take 30 minutes or more to run fixlist.txt Thank you @Jasas 1 Link to post Share on other sites More sharing options...
Jasas Posted October 19, 2022 Author ID:1538560 Share Posted October 19, 2022 @AdvancedSetup Alright done. After restart, it went for disk repairing for a couple seconds. And Windows Scripts Host is no longer sending warning. Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 19, 2022 Root Admin ID:1538562 Share Posted October 19, 2022 Great, overall that was a pretty good run. @Jasas Let me have you run the following please. Microsoft Safety Scanner Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan. That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well STEP 1 Please set File Explorer to SHOW ALL folders, all files, including hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html STEP 2 I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on the Scan Options & select the FULL scan. Then start the scan. Have lots of patience. It may take several hours. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on the screen display. The only things that count are the End result at the end of the run. The scan will take several hours. Leave it alone. It will remove any other remaining threats as it goes along. Take a very long break, do your normal personal errands .....just do not use the computer during this scan. This is likely to run for many hours as previously mentioned ( depending on the number of files on your machine & the speed of the hardware.) The log is named MSERT.log and the log will be at C:\Windows\debug\msert.log Please attach that log with your next reply. It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection. That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not. Then it writes into the log on your computer what it found. 1 Link to post Share on other sites More sharing options...
Jasas Posted October 20, 2022 Author ID:1538594 Share Posted October 20, 2022 Okay, finally finish scanning. I didn't expect the scan would take 10 hours haha. msert.log Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 20, 2022 Root Admin ID:1538603 Share Posted October 20, 2022 Well, it's a good thing you ran it. It found and removed a worm driver from the system. @Jasas With that said, we should run another antivirus scan. This one will probably run faster but still take a LONG time so run it when you have time. As long as your Power Management doesn't put the computer to sleep, you can run it while you're sleeping. Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking. I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on the Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at the bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Note: If you do need to do a File Restore from ESET please follow the directions below [KB2915] Restore files quarantined by the ESET Online Scanner version 3 https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner Link to post Share on other sites More sharing options...
Recommended Posts