Jump to content

Problem with the update


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello. My name is Maurice. I will guide you. Let me know your preferred nickname.
Let's do one special run  with Malwarebytes Adwcleaner. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.
 
It will not take much time, Read over all lines before starting so that you have a good understanding of the whole method. Take your time and go careful. I ant to make sure you select all of what I list below - before- pressing the "scan" button.
 
First download & save it
 
Then be sure to close all web browsers after the download & before launching the tool.
 
Then go to where the EXE file is saved. Start Adwcleaner.
 
Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt.
 
When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window
by clicking their button to the far-right for ON status
Delete IFEO keys
Delete tracing keys
Delete Prefetch files
Reset Proxy
Reset IE Policies
Reset Chrome policies
Reset Winsock
Reset HOSTS file
 
ADW-s-1.png.c32838f45f840beb2b835ad51f0a1b7c.png
 
 
Now On the left side of the AdwCleaner window, click on “Dashboard” and then click “Scan” to perform a computer scan.
 
 
 
This can take several minutes.
When the AdwCleaner scan is completed it will display all of the items it has found. Click on the “Quarantine” button To remove what it found.
 
AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean.
Click on the “Continue” button to finish the removal process.
 
 
 
Attach the clean log from Adwcleaner when all completed.
Link to post
Share on other sites

This is about a Trial free install of Malwarebytes. I am curious to how many times you ran the setup. More than 2 times ? 3 times ?

Please keep these principles as we go along.

  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
Link to post
Share on other sites

Thank you for running the special Adwcleaner run.

Please run the following custom script. Read all of this before you start. Please Close all open work.

Once the script-run has been completed, please attach the file FIXLOG.TXT to your next reply

 

Farbar program location:   C:\Users\scarm\Downloads\FRSTEnglish.exe

 

Please download the attached fixlist.txt file and save it to C:\Users\scarm\Downloads

Fixlist.txt

 

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run  FRSTENGLISH and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will also run scans with MD Defender antivirus. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with net reply.

Link to post
Share on other sites

Thank you for the Fixlog report. The run is good. But there is good news, as well as bad.
The good news is that Windows' System File Checker found some corrupted system files, and corrected them.
The bad news is that there appear to be one highly likely trojan, plus a few "exclusions" that had been on the settings of Microsoft Defender antivirus, such that it excluded some malicious malware from detection.
One of those is a Sppextcomobjhook.dll -- a file that is installed on a system when the user runs software crack tools (AutoKMS or similar) and other license evasion bundles intended to crack licensed programs or games.

We have one special cleanup to do as of this point. ( Later we have more work. We will need to do a clean-new setup special run for Malwarebytes.)

I would urge you highly to stay far away from hack / cracked software of any sort. Whether a so called free program or free game, or whatever.
Hidden risks in pirated software
https://news.microsoft.com/apac/2019/01/08/hidden-risks-in-pirated-software/

Why You Shouldn't Use Pirated Software
https://www.computer.org/publications/tech-news/trends/why-you-shouldnt-use-pirated-software

Please run the following custom script. Read all of this before you start. Please Close all open work.

Once the script-run has been completed, please attach the file FIXLOG.TXT to your next reply

 

Farbar program location:   C:\Users\scarm\Downloads\FRSTEnglish.exe

 

Please download the attached fixlist.txt file and save it to C:\Users\scarm\Downloads

Fixlist.txt

 

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

NOTE:  This fix will do selected/specific cleanups.  It will also run scans with MS Defender antivirus.

Run  FRSTENGLISH and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version. 

The system will be rebooted after the fix has run. Attach FIXLOG.txt with net reply.

A request please 

I would like to get a copy of what we placed in Quarantine, from the runs I had you do. Please. 

  • Using Windows File Explorer, Navigate to C:\FRST folder on your system. Expand the folder so you see all contents.
  • Right click on Quarantine > Send to > Compressed (zipped) folder
  • Upload the archive in your next reply
  • If archive is too big you can upload here > https://wetransfer.com/

There is more to do after this. We are not finished.

Thank you!

Link to post
Share on other sites

Alright 🙂 

I would ask you to use the Malwarebytes Support tool 
to have the tool uninstall & re-install the Malwarebytes for Windows.
Use this support article as a guide  https://support.malwarebytes.com/hc/en-us/articles/360039023473-Uninstall-and-reinstall-

Locate where you saved mb-support-1.8.7.918.exe & launch it. Follow the support guide I cited above.


Have infinite patience after the Reboot ( restart ) and just wait till the prompt window comes on
Reply YES when prompted to re-install Malwarebytes

>

After setup is completed:

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

>

Next, click the small x on the Settings line to go to the main Malwarebytes Window.   Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

 

MB4_scan_tick_ALL.jpg.d5c4071c62ed66534301fbb217b93bc0.jpg

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine2.jpg.6c45445994d4125c0b617ac7c5551e03.jpg

 


Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

😉

Edited by Maurice Naggar
Link to post
Share on other sites

I followed your istructions and the guide, but I had some problem:

On the guide, after clicking on Clean, at the point 8 it says:" In the Malwarebytes Cleanup pop-up window, click Yes. A pop-up window indicating the loading of the cleanup appears. Before the next step, make sure all your work is saved in the background." I never seen nothing of this, but it show me directly this pop-up

2020-04-07_10-18-16.png.

I clicked "Yes" and I have reinstalled Malwarebyes and rebooted the pc.

 

After the reboot, while I was changing the settings, the same error appeared (sorry for the italian, but it's my native language):

1.png.19d1f5e0bd243e3991b932797515aff6.png.

I clicked OK and I find that the line "Always register Malwarebytes in the Windows Security Center" is disabled, because I have not the premium version.2.png.5dc293c194fb799751c187e10bb69de3.png

Then I have closed the settings and I have click on Scan, and while it's scanning, same error:

3.png.94d998b79a6363d12d2d52d3bc175af1.png

 

When it's done, it found nothing. I send you the scan run report.

I hope I explained myself, as my English is not very good.

Scan run report.txt

Link to post
Share on other sites

As a next step, I suggest the following:

This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool.

This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run.

Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on FULL scan  
  • Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"
  • and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.
There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours.

  • At screen "Detections occurred and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites

Hello. Thank you for the ESET scan report. It found and removed 4 potential threats. That is beneficial.
Just please remember that there is not a quick fix for any leftover issue that is now still around.
Continued patience is advised.

The original issue was due to a "network error" condition.
Let us go ahead and do a new, different scan.

This with Kaspersky KVRT tool.

Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop.

Next, Select the Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\scarm\DESKTOP\KVRT.exe will now show in the run box.

user posted image

add
-dontencrypt

Note the space between KVRT.exe and -dontencrypt

C:\Users\scarm\DESKTOP\KVRT.exe -dontencrypt 

should now show in the Run box.

user posted image

That addendum to the run command is very important.


To start the scan select OK in the "Run" box.



The Windows Protected your PC window "may" open, IF SO then select "More Info"

user posted image

A new Window will open, select "Run anyway"

user posted image

A EULA window will open, tick both confirmation boxes then select "Accept"

user posted image

In the new window select "Change Parameters"

user posted image

 
  • In the new window ensure the following boxes are ticked:
    • System memory
    • Startup objects
    • Boot sectors
    • System drive
  • Then select "OK" and „Start scan“.

The Kaspersky tool is very thorough so will take a considerable time to complete, please allow it to finish. Also while Kaspersky runs do not use your PC for anything else..

  • completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue".
  • Usually, your system needs a reboot to finish the removal process.
  • Logfiles can be found on your systemdrive (usually C: ), similar like this:

Reports are saved here C:\KVRT_data\Reports and look similar to this report_20230115_223000.klr

  • Right click direct onto those reports, select > open with > Notepad.
  • Save the files and attach them with your next reply
Link to post
Share on other sites

Kaspersky KVRT found 4 threats & dealt with them.

Dr.Web CureIt is a free stand-alone tool to check for viruses, trojans, and other malware.

At the initial link you will need to consent to their terms and provide a email address ( to which they send you a download link.)

Link for Dr.Web CureIt . 

You will need to provide a email address & tick the box to agree to their terms. you may abbreviate your name on box for first name, last name. Do provide a valid email address because the download link will be emailed to it.

Once you get a Email from Dr.Web and see the download link, click it to begin. Then on next prompt agree to terms & Download.

drweb1.png.0085a5448973b303da323fb7d2e900b4.png
The download is nearly 265  MB in size. The EXE file will have a series of random letters-number.

IF Edge or Windows Smartscreen prompts you at the download, select KEEP and be sure to SAVE

 

After the download is completed, then close the browser and all other web browsers too.

Use the Windows File Explorer to go to the Downloads folder.

doubleclick on  the download file file to start the tool.     ( drweb will randomize the name of the file when you download it )


⦁    You will see a screen similar to this:

 

drweb2.png.2d58001af661cd95da8669f8ed5f4bc5.png
 
Click the checkboxes to participate & consent, and then click on Continue button.


⦁    Next

 

drweb3.png.e1d9f25bfd74c215ef03705d1a7991ee.png
 
Click on Select objects for scanning
⦁    Next

drweb4.png.c4945d2d713c2bd965377a75ba6f9d67.png
 
Put a checkmark by clicking on all the boxes    EXCEPT for

"Temporary files"

"System restore points"


Do not select Temporary files or System Restore points.


Then click on Start scanning button

⦁    The scan in progress will be shown like this

drweb5.png.4f7449b49a4666b101c4d5078d815f9a.png

 


⦁    IF something is detected, you will see a screen similar to this

 

image.png.75d975285e7cd0b1ea4d39b61fca8f9a.png


 
For each item "detected", click on the Action column down arrow, like this
 

image.png.5c1e515f37a43ca9a954c0ee5f4b0f4c.png

Your options will be Cure or Ignore

IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
Typically, you will keep the Cure default.

Then click on the Neutralize button.

 

⦁    When the actions are completed, you will see this

image.png.248b34e853c772318a415fb88ef452b4.png


 
⦁    Click on the green Open Report line. It will pop-up the report in NOTEPAD.
Save the report to your desktop. The report will be called Cureit.log
⦁    Close Dr.Web Cureit. 
⦁    Reboot your computer to allow files that were in use to be moved/deleted during reboot. 
⦁    After reboot, attach the log Cureit.log you saved previously in your next reply. 

 

Have patience in all this

Link to post
Share on other sites

I would ask you to use the Malwarebytes Support tool 
to have the tool uninstall & re-install the Malwarebytes for Windows.
Use this support article as a guide  https://support.malwarebytes.com/hc/en-us/articles/360039023473-Uninstall-and-reinstall-Malwarebytes-using-the-Malwarebytes-Support-Tool

Have infinite patience after the Reboot ( restart ) and just wait till the prompt window comes on
Reply YES when prompted to re-install Malwarebytes

Edited by Maurice Naggar
Link to post
Share on other sites

Let us simply get a fresh report, using the Malwarebytes support tool. Launch the support tool mb-support-1.8.7.918.exe
Once you start it click Advanced >>> then Gather Logs

Have patience till the run has finished.
Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop to your reply..

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.