Jump to content

I install a virus and now, I cannot have access to window security


Go to solution Solved by Maurice Naggar,

Recommended Posts

I recently downloaded an app and installed it, thinking it was okay. However, it changed my admin user settings. I then realized that it was a virus. I tried to open the Windows Security app, but it showed me a blank white page. So, I downloaded Avast and installed it. Avast detected two viruses, so I decided to clean them up and restart my PC. After restarting, I checked my Windows Security, but it still showed a blank white screen. When I tried to access the virus and protection settings, it said, "Your IT administrator has limited access to some areas of this app, and the item you tried to access is not available. Contact IT helpdesk for more information." I tried to regain access to Windows Defender by deleting it in the Registry Editor, and also I noticed that my Edit Group Policy was missing. I retrieved it, but so far, the Windows Security tab still shows a blank white screen. Is there any help for this?

Link to post
Share on other sites

22 minutes ago, Ravin23 said:

..... I tried to regain access to Windows Defender by deleting it in the Registry Editor, and also I noticed that my Edit Group Policy was missing. I retrieved it, but so far, the Windows Security tab still shows a blank white screen. ...

Hi my name is Maurie. I will help and guide you. I first want to shout "NO Never use Regedit to attempt to do anything like that !!!

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted items from a system. This tool does not install. It is run on-demand.

This link is for the 64-bit version of MSERT.exe . Be sure you save the file first
https://definitionupdates.microsoft.com/download/DefinitionUpdates/safetyscanner/amd64/MSERT.exe

Upon completion of the save, Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well

Launch MSERT.exe
Accept the agreement terms of Microsoft
Select CUSTOM scan
Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.

Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run.
Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those.
We only rely on the end result that is on the log-report-file.


This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log

the log will be at

Windows\debug\msert.log
Please attach that log with your reply

It is normal for the Microsoft Safety Scanner to show 'detections' during the scan process on the screen itself.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Link to post
Share on other sites

It may be possible that Avast has a hand in issue you last describe. If Avast is open at this moment, then Close it. I suggest you do a start of Avast. Have it do a new Scan. Let me know if it reports any threat.

For mutual information, these were the main threats removed by the Safety Scanner

Threat Detected: Ransom:BAT/DisableDefender.A!dha and Removed!
  Action: Remove, Result: 0x00000000
    file://C:\WINDOWS\Windows.exe->(VFS:2890.bat)
        SigSeq: 0x000055E76CE8D10A
    file://C:\Users\ROG_DP\AppData\Local\Updates\Windows
        SigSeq: 0x000055E76CE8D10A
    containerfile://C:\WINDOWS\Windows.exe
Threat Detected: Trojan:Win64/NSudo!MSR and Removed!
  Action: Remove, Result: 0x00000000
    regkey://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\WINDOWS\SysWOW64\NSudo.exe
    shareddll://HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\WINDOWS\SysWOW64\NSudo.exe
    file://C:\WINDOWS\sysWOW64\NSudo.exe
        SigSeq: 0x0000166731F6F606
    file://C:\WINDOWS\NSudo.exe
        SigSeq: 0x0000166731F6F606

We will deal with remaining issues, later on. I suspect these trojans likely messed up some important Windows security services.

Edited by Maurice Naggar
Link to post
Share on other sites

Here's a revised version of your text with corrected grammar:

During the full scan using Avast, I did not allow it to remove the three threats that I mentioned in my previous post. However, I did let it remove threats when I first encountered virus activity, as stated in my initial post. After reading your response, I installed Microsoft Safety Cleaner and ran a scan.

Regarding Window Security, I'm still experiencing a problem where the screen is blank and I can't access virus and protection settings. When I try to access it, I receive the message "Your IT administrator has limited access to some areas of this app, and the item you tried to access is not available. Contact IT helpdesk for more information."

I have attached a list of the threats that Avast detected after the full scan below.


image.png.7ce06d2ece9770489b5951a7a455f1e0.png

Link to post
Share on other sites

Have Avast delete / remove that dll file. It simply does not belong there at all.
The MS Safety Scanner tool is "not installed" as a regular program would be. That is a stand-alone self-executable. NOt installed as a program in the menu. Keep in mind that since you installed Avast, Avast is now the resident antivirus.

I am going to list 4 tasks for you to do. We will have much more later. Patience is a good thing to practice. There is not a single-shot-cure all.
( 1 )

  • IF this is a Windows 10:

Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article
Please use this Guide

         IF on the other hand, this is a Windows 11:
Take these actions so that Windows 11 is set to show all hidden files and folders.
Open File Explorer from the taskbar.

Select View > Show > Hidden items.

Select View → Show → File name extensions

( 2 )

This next tool ought to take something in the range of 15 - 25 minutes tops, depending on hardware speed.
get & run the Malwarebytes MBAR anti-rootkit tool to do 1 run with it.
Disregard the title subject of the topic.Run the MBAR tool as listed here 

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes

  • when done, I need the MBAR logs.
  • Upon completion of the scan or after the reboot, two files named mbar-log.txt and system-log.txt will be created.
  • Both files can be found in the extracted MBAR folder on your Desktop.
  • Please attach both files in your next reply.

( 3 )

I also would appreciate this report:

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

  • Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
    Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file.  

( 4 )

I would like a report set for review. This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then Gather Logs

Have patience till the run has finished.
Attach the mbst-grab-results.zip from the Desktop to your reply..

 

Edited by Maurice Naggar
Link to post
Share on other sites

Hi. Some of the behavior about the screen for Microsoft Windows Security is likely due to this machine having installed the Avast ! antivirus.

Keep in mind the tool FRSTENGLISH.exe is already on your system.

Please run this special purpose custom script. Read all of this before you start. Please Close all open work.

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt < - - -

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRSTENGLISH and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . 

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

NOTE & Comments: I am curious a bit as to whether this machine is owned by you & is strictly for home use ?
OR whether it is somehow use for business or connects to business network for work purposes, like a company job?
The Windows O S is Windows 11 Home Single Language Version 22H2 22621.1555
note the "Home Single Language". The reason I ask this is because I noticed lots of scheduled tasks that are "EnterpriseMgmt" 

Link to post
Share on other sites

Thanks for the log-report. A very worthwhile run. 

Temporarily disable Microsoft SmartScreen to download the next software below

I also would appreciate this report:

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

  • Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
    Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file.  

( 2 ) 

I would recommend getting a readout report as to update status of some key apps.
Download SecurityCheck by glax24 from here

and save the tool on the desktop.

                   If Windows's  SmartScreen block that with a message-window, then
                         Click on the MORE INFO spot and over-ride that and allow it to proceed.

                             This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

When all done, you may go back to turn ON the EDGE Smartscreen protection.

Link to post
Share on other sites

Dear Maurie 

I have attached the logs below. Thank you for your guidance. I turned off the SmartScreen in the Microsoft Edge settings, downloaded the files, and ran them. After that, I decided to take a look at Windows Security once again. The Windows Security tab has reappeared and the Virus & Protection settings show a restart button but I'm not gonna touch anything at the moment.

Thank you for your time

SecurityCheck.txt FSS.txt

Link to post
Share on other sites

These are highlighted as needing your attention & follow-up per the SecurityCheck.
Microsoft 365 Apps for enterprise - en-us v.16.0.15601.20626  Warning! Download Update
How Install Office updates?

NVIDIA GeForce Experience 3.23.0.74 v.3.23.0.74  Warning! Download Update


Ghostscript GPL 8.64 (Msi Setup) v.8.64  Warning! Download Update
Uninstall old version and install new one.

WinRAR 5.30 (64-bit) v.5.30.0  Warning! Download Update

Discord v.1.0.9002  Warning! Download Update

Microsoft Teams v.1.5.00.21668  Warning! Download Update

Zoom v.5.13.3 (11494)  Warning! Download Update

Telegram Desktop v.4.7.1  Warning! Download Update

ProtonVPN v.2.0.1  Warning! Download Update

uTorrent Web v.1.3.0  Warning! Ad-supported P2P-client.
 
Java 8 Update 51 (64-bit) v.8.0.510  Warning! Download Update
Uninstall old version and install new one (jre-8u371-windows-x64.exe).

VLC media player v.3.0.3  Warning! Download Update


------------- [ UnwantedApps ] -----------
Bonjour v.3.1.0.1  Warning!  Uninstallation recommended. Your pc  does not need this.

IObit Unlocker v.1.3.0.11  Warning!  Uninstallation recommended. Possible you became a victim of fraud or social engineering.

Wondershare Helper Compact 2.6.0 v.2.6.0  Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
 

After you are all done, please do a Windows Restart.

Link to post
Share on other sites

[   1    ]
Keep going and do this.

Then get & first SAVE & then run the AVASTCLEAR tool
Get, Save & Run the Avast clear tool.
https://support.avast.com/en-us/article/Uninstall-Antivirus-Utility/
Save the tool first; then run it.

[   2   ]
Then do a Windows RESTART  from the Start menu.

[   3   ]

I had you save the FSS.exe tool very recently.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

  • Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
    Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file.  

Cleaning up after Avast takes extra work. And we may well have to do other steps to fully get back the functioning Microsoft Defender antivirus.

Link to post
Share on other sites

@Ravn23  only for Ravin23

Look on the Downloads folder. If you find there a "Fixlist.txt" then please Delete it.

Keep in mind the tool FRSTENGLISH.exe is already on your system.

Please run this special purpose custom script. Read all of this before you start. Please Close all open work.

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt < - - -

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

IF the FRSTENGLISH ( Farbar FRST) issues a error message when you start this tak-run, then Please Stop and let me know the "error exception message", then wait for me to make a new reply.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRSTENGLISH and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . 

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

After a successful completion & Windows Restarts ok, then go to view the Windows Security Center. Keep me advised.   😃

Edited by Maurice Naggar
Link to post
Share on other sites

Dear Maurice

 

 

After the reboot, I was able to open the Virus & Threat Protection settings. However, when I tried to enable real-time protection or check for updates, it failed to do so and showed me an error. After a moment, the Virus & Threat Protection setting disappeared again and showed the restart button once more. The fixlog is attached below.

Window security.png

Security 2.png

security error.png

core isolation.png

Fixlog.txt

Link to post
Share on other sites

Good morning. 

Please do a new run with the FSS.exe tool .

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

  • Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
    Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file.  

Link to post
Share on other sites

  • Solution

Hi. Thanks.

Please study this article so that you do a Windows 11-repair in place.
Repair Install Windows 11 with an In-place Upgrade
https://www.elevenforum.com/t/repair-install-windows-11-with-an-in-place-upgrade.418/
Ignore bullet point #1 where it says "Disable or uninstall any 3rd party AV or security program". ( I had had you run the Avast cleanup/removal tool much earlier)

This system has the Windows Microsoft Defender. leave as-is. I need you to do the upgrade-repair-in place.
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.