Jump to content

MSASCuiL.exe missing windows 10


MoazKH
Go to solution Solved by Maurice Naggar,

Recommended Posts

hi,

I saw msascuil.exe in my startup and when i went to right click it... "open file location" was greyed out.

I got suspicious and googled it turns out it could be malware.

the normal file location of that program 'C:\Program Files\Windows Defender' doesn't show me any file called msascuil.exe -- I also checked the x86 folder.

When I start a MB scan it disappears from start up, When the scan is over it reappears again !!!

I don't know if that's relevant but I got a ransomware and I did a fresh install of windows.

These are my scans with the Farbar Recovery Scan Tool.

Addition.txt FRST.txt

Link to post
Share on other sites

Hello :welcome: 

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Removing malware can be unpredictable
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

I would like a report set for review.   This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

  • Please attach  mbst-grab-results.zip    to your reply
Link to post
Share on other sites

  • Solution

Thanks for the report. There is likely more than 1 thing going on here. There had been, or is, a bogus "WindowsDefender". This will be cleaned up by this following custom fix. This custom run will also do several checks to check over this system.

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article
Please use this Guide
 
Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app.

We will use FRST64.exe  on the Downloads folder to run a custom script.    

This custom script is for  MoazKH  machine  only / for this Windows 10 Pro machine only.

  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt    <<< - - - -

Then, Start the Windows Explorer and then, go  to the Downloads    folder.


RIGHT click on FRST64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  •    If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.
  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.  👈

Afterwards, do a visual check Windows Start >> Settings >> Windows Security. Take a look around there.

Edited by Maurice Naggar
  • Thanks 1
Link to post
Share on other sites

Please attach the FIXLOG.txt which will be found on the folder "Downloads"
That way I can review that run. Thanks.

Next step.

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on .  And do a Update run & do a Custom scan on the C drive.

  • From the Windows Start menu, select Settings, then select Update and Security.
  • Next, look at the left-side menu & select Windows Security
  • Next, In Windows Security section: Click on the grey button Open Windows Security
  • Now, click on the shield Virus and threat protection
  • Look to see that Microsoft Defender is shown & available for use.
  • On the next display, look at all the options.  Look down the list and see "Check for Updates" .
  • You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.
  • Please also note that the Scan options (all) can be displayed by clicking on Scan options.
  • I would like you to select CUSTOM scan from scan options
  • Then select the C drive
  • Then have it scan the whole C drive.
Link to post
Share on other sites

Alright. Looks much much better. Thank you for the Fixlog report.
System File Checker / Windows Resource Protection found corrupt files and successfully repaired them.

plus the bogus "windowsdefender" is gone away.

Please make this one adjustment.
Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the trial Malwarebytes   😃.

Close Malwarebytes.

>

I'd suggest you run this report so I can review.  It is to check on some key apps to see if they are current & up-to-date.

Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

and save the tool on the desktop.

                                               If Windows's  SmartScreen block that with a message-window, then
                                                   Click on the MORE INFO spot and over-ride that and allow it to proceed.

                                               This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

  • Thanks 1
Link to post
Share on other sites

One more thing. When you have lots of quiet time. Microsoft Windows Update is offering you the optional Feature update for the fall 2022 new build of Windows 10. The build 19045 a.k.a. version 22H2 for Windows 10. You should accept it and let it proceed to install. A Restart/reboot will be requested at near the end of the process. So you would want to be sure that no on-going edits or work of your opened apps is going on beforehand. That is to say, Exit your application windows that you opened before doing this.

I would highly suggest to insure that this pc is all up-to-date with security updates & cumulative updates on Windows. select the Windows Start  button, and then go to Settings  > Update & Security  > Windows Update . and click Check for Updates.
Have much patience.

Look for that "Feature update to Windows 10" and click on the line Download and install

Feature-update-22H2.thumb.jpg.b3c33c96b1e4f50e848a6800476b314d.jpg

  • Thanks 1
Link to post
Share on other sites

Yes, pc is good to go. There are 2 applications that need to be Updated so that they are on the latest Release Version (s).
Discord v.1.0.9005  Warning! Download Update

Microsoft Edge v.92.0.902.67  Warning! Download Update
 

I believe your system is good-to-go. 

This here is for tools cleanup.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log may open in Notepad titled kprm-(date).txt.  I do not need it. Just close Notepad if it shows up.

Delete mb-support-1.8.7.918.exe
Delete mbst-grab-results.zip on the Desktop

I wish you well 😎

  • Thanks 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.