MoazKH Posted October 23, 2022 ID:1538974 Share Posted October 23, 2022 hi,I saw msascuil.exe in my startup and when i went to right click it... "open file location" was greyed out.I got suspicious and googled it turns out it could be malware.the normal file location of that program 'C:\Program Files\Windows Defender' doesn't show me any file called msascuil.exe -- I also checked the x86 folder. When I start a MB scan it disappears from start up, When the scan is over it reappears again !!! I don't know if that's relevant but I got a ransomware and I did a fresh install of windows. These are my scans with the Farbar Recovery Scan Tool. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 23, 2022 ID:1538976 Share Posted October 23, 2022 Hello I will guide you along on looking for remaining malware. Lets keep these principles as we go along. Removing malware can be unpredictable Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going. I would like a report set for review. This is a report only. Please download MALWAREBYTES MBST Support Tool Once you start it click Advanced >>> then Gather Logs Have patience till the run has finished. Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply Link to post Share on other sites More sharing options...
MoazKH Posted October 23, 2022 Author ID:1538977 Share Posted October 23, 2022 mbst-grab-results.zip Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted October 23, 2022 Solution ID:1538981 Share Posted October 23, 2022 (edited) Thanks for the report. There is likely more than 1 thing going on here. There had been, or is, a bogus "WindowsDefender". This will be cleaned up by this following custom fix. This custom run will also do several checks to check over this system. Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article Please use this Guide Please be sure to Close any open work files, documents, any apps you started yourself before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app. We will use FRST64.exe on the Downloads folder to run a custom script. This custom script is for MoazKH machine only / for this Windows 10 Pro machine only. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. 👈 Afterwards, do a visual check Windows Start >> Settings >> Windows Security. Take a look around there. Edited October 23, 2022 by Maurice Naggar 1 Link to post Share on other sites More sharing options...
MoazKH Posted October 23, 2022 Author ID:1538984 Share Posted October 23, 2022 Done. now what? Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 23, 2022 ID:1538991 Share Posted October 23, 2022 Please attach the FIXLOG.txt which will be found on the folder "Downloads" That way I can review that run. Thanks. Next step. Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on . And do a Update run & do a Custom scan on the C drive. From the Windows Start menu, select Settings, then select Update and Security. Next, look at the left-side menu & select Windows Security Next, In Windows Security section: Click on the grey button Open Windows Security Now, click on the shield Virus and threat protection Look to see that Microsoft Defender is shown & available for use. On the next display, look at all the options. Look down the list and see "Check for Updates" . You should click on that to have the system check for updates for Windows Defender. Watch & wait for that to complete. Please also note that the Scan options (all) can be displayed by clicking on Scan options. I would like you to select CUSTOM scan from scan options Then select the C drive Then have it scan the whole C drive. Link to post Share on other sites More sharing options...
MoazKH Posted October 23, 2022 Author ID:1538992 Share Posted October 23, 2022 I can't find where is this. 11 minutes ago, Maurice Naggar said: Please also note that the Scan options (all) can be displayed by clicking on Scan options. Fixlog.txt Link to post Share on other sites More sharing options...
MoazKH Posted October 23, 2022 Author ID:1538995 Share Posted October 23, 2022 19 minutes ago, MoazKH said: I can't find where is this. Fixlog.txt 461.97 kB · 0 downloads ok I found everything now. updated windows defender and did the scan and it's all good. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 23, 2022 ID:1539007 Share Posted October 23, 2022 Alright. Looks much much better. Thank you for the Fixlog report.System File Checker / Windows Resource Protection found corrupt files and successfully repaired them. plus the bogus "windowsdefender" is gone away. Please make this one adjustment. Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } This will not affect any real-time protection of the trial Malwarebytes 😃. Close Malwarebytes. > I'd suggest you run this report so I can review. It is to check on some key apps to see if they are current & up-to-date. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 24, 2022 ID:1539010 Share Posted October 24, 2022 One more thing. When you have lots of quiet time. Microsoft Windows Update is offering you the optional Feature update for the fall 2022 new build of Windows 10. The build 19045 a.k.a. version 22H2 for Windows 10. You should accept it and let it proceed to install. A Restart/reboot will be requested at near the end of the process. So you would want to be sure that no on-going edits or work of your opened apps is going on beforehand. That is to say, Exit your application windows that you opened before doing this. I would highly suggest to insure that this pc is all up-to-date with security updates & cumulative updates on Windows. select the Windows Start button, and then go to Settings > Update & Security > Windows Update . and click Check for Updates. Have much patience. Look for that "Feature update to Windows 10" and click on the line Download and install 1 Link to post Share on other sites More sharing options...
MoazKH Posted October 24, 2022 Author ID:1539034 Share Posted October 24, 2022 SecurityCheck.txt Link to post Share on other sites More sharing options...
MoazKH Posted October 24, 2022 Author ID:1539051 Share Posted October 24, 2022 20 hours ago, Maurice Naggar said: 14 hours ago, Maurice Naggar said: Look for that "Feature update to Windows 10" and click on the line Download and install All done. Am I good now? can I use my PC normally? Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 24, 2022 ID:1539056 Share Posted October 24, 2022 Yes, pc is good to go. There are 2 applications that need to be Updated so that they are on the latest Release Version (s). Discord v.1.0.9005 Warning! Download Update Microsoft Edge v.92.0.902.67 Warning! Download Update I believe your system is good-to-go. This here is for tools cleanup. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt. I do not need it. Just close Notepad if it shows up. Delete mb-support-1.8.7.918.exe Delete mbst-grab-results.zip on the Desktop I wish you well 😎 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 24, 2022 ID:1539121 Share Posted October 24, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts