Cant access any antivirus websites.

[fr33d0m603]

I cant access any antivirus websites. I downloaded malwarebytes through a usb stick and ran the program. I found 18 malwares, quartined them, and then deleted them. Still with no luck cannot access the websites. Currently I am running a scan with Farbar recovery tool. Any additional help will be great, thank you.

[Maurice Naggar]

Hello  

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

• Removing malware can be unpredictable
• Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
• Only run the tools I guide you to.
• Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
• The removal of malware isn't instantaneous, please be patient.
• Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
• Please stick with me until I give you the "all clear".
• If your system is running Discord, please be sure to Exit out of it while this case is on-going.

If possibly you have a browser issue, can you try using a different web browser?
But in any event, always SAVE the downloads I guide you to. Then after download is complete, you go to the file using File Explorer.
and only then, launch it from there.

Let's do one special run  with Malwarebytes Adwcleaner. 

 

It will not take much time, Read over all lines before starting so that you have a good understanding of the whole method. Take your time and go careful. I ant to make sure you select all of what I list below - before- pressing the "scan" button.

 

First download & save it

guide & download link

 

Then go to where the EXE file is saved. Start Adwcleaner.  Do not rush. There are a few first choices to set as I have listed below.

 

Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt.

 

When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window

by clicking their button to the far-right for ON status

Delete IFEO keys
Delete tracing keys
Delete Prefetch files
Reset Proxy
Reset IE Policies
Reset Chrome policies
Reset Winsock
Reset HOSTS file

 

 

 

ONLY after you have set the selections above ....only after that .....

Now On the left side of the AdwCleaner window, click on “Dashboard” and then click “Scan” to perform a computer scan.

 

 

This can take several minutes.

When the AdwCleaner scan is completed it will display all of the items it has found. Click on the “Quarantine” button To remove what it found.

 

AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean.

Click on the “Continue” button to finish the removal process.

 

 

Guide article

 

Attach the clean log from Adwcleaner when all completed. For example AdwCleaner[C00],txt

There is much more to do even after this.

[Maurice Naggar]

2 hours ago, fr33d0m603 said:

I cant access any antivirus websites. I downloaded malwarebytes through a usb stick and ran the program. I found 18 malwares, quartined them, and then deleted them. Still with no luck cannot access the websites. 

Just notes that you can answer later. First, I need you to run the Adwcleaner listed above in exactly that sequence. Second, if you did run the Farbar FRST then I need you to attach the 2 files FRST.txt + Addition.txt.

I am very curious as to which "antivirus websites" you were trying to reach, as well as why. My pressing question is, Can you or can you not start a run of Microsoft Defender antivirus ( which is built-in with Windows 10 and 11 ). Further, does Windows Update work ?

[fr33d0m603]

I am not able to open any anti virus websites. My IT department called and told me my information was leaked into the dark web so I wanted to run a antivirus scan, unfortunately I could not. So I had to download Malwarebytes onto a usb stick and load it into my pc. I ran the scan and quarantined and deleted the malware. No windows update does not work, I tried shutting down and restarting my pc as well and it will not. The only way was to do a hard shutdown. Here are the 2 files I received from Farbar and thank you for the help.

FRST.txt Addition.txt

[Maurice Naggar]

I encourage you to DO the special Adwcleaner run like I listed above https://forums.malwarebytes.com/topic/297809-cant-access-any-antivirus-websites/?do=findComment&comment=1567054

That is a very desirable run.

[fr33d0m603]

Yes I forgot to mention I just did that.

[Maurice Naggar]

The Windows Hosts file should have been rebuilt ( by the special run of Adwcleaner run). Do this run here, and later on, I will have a special custom fix because there are at least 4 Windows services that were corrupted by the infection. That is the fix will be a bit later. 

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted items from a system. This tool does not install. It is run on-demand.

This link is for the 64-bit version of MSERT.exe . Be sure you save the file first
https://definitionupdates.microsoft.com/download/DefinitionUpdates/safetyscanner/amd64/MSERT.exe

Upon completion of the save, Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well

Launch MSERT.exe
Accept the agreement terms of Microsoft
Select CUSTOM scan
Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.

Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run.
Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those.
We only rely on the end result that is on the log-report-file.

This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log

the log will be at

Windows\debug\msert.log
Please attach that log with your reply

It is normal for the Microsoft Safety Scanner to show 'detections' during the scan process on the screen itself.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

[Maurice Naggar]

@fr33d0m603 This is only for AFTER the Microsoft Safety Scanner run is complete. This is only for fr33d0m603

This is the first part of a custom-fix-attempt aimed to have selected Windows 10 services back to a normal standard setting.

Please run the following custom script. Read all of this before you start. Please Close all open work.

Farbar program :  is FRST64.exe is already on this machine

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt <-- - - - -

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRST64 and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. Depending on the speed of your computer this fix may take 50-55 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. 

The following directories are emptied:

• Windows Temp
• Users Temp folders
• Edge, IE, FF, Chrome, and Opera + Brave caches, HTML5 storages, Cookies and History
• Recently opened files cache
• Discord cache
• Java cache
• Steam HTML cache
• Explorer thumbnail and icon cache
• Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. There will be much more to do after this.

Edited May 12, 2023 by Maurice Naggar

[fr33d0m603]

Hey Maurice. I’m still running the Microsoft safety scanner. It’s been running for 5 hours

[Maurice Naggar]

No worries. Not a problem. Have much patience and allow MS Safety Scanner all the time it takes. It may well be many hours more before it finishes.

[fr33d0m603]

msert.log

[fr33d0m603]

Fixlog.txt

[Maurice Naggar]

It should be noted that this machine now should have full ability to go to any security site ( in addition to normal sites).

The MS Safety scanner found 4 elements (files) tagged as Trojan:Python/MCCrash.B!MTB and Removed!
Do you know anything about some "app" named "KODI" ?

The ( first ) custom script run is good. The Windows System File Checker made some corrections. Windows Resource Protection found corrupt files and successfully repaired them.
This run also removed 3 "folder exclusions" that barred MS Windows Defender antivirus from protecting them, Those were on these paths
"C:\Users\Freedom"
"C:\Program Files"
"C:\Windows\system32\config\systemprofile"
Those are now removed. They were likely placed by some malware, likely a trojan. Those exclusions meant that a huge number of applications were exempt from being monitored by MS antivirus.

We will do a second custom script to do some remaining checks, and then I need from you 2 sets of reports, after this upcoming fix.
Keep in mind these are not "the cure-all". We have more tasks and checks to do later.
 

Please run the following custom script. Read all of this before you start. Please Close all open work.

Farbar program :  is FRST64.exe is already on this machine

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt<-- - - - -

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRST64 and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix run will attempt to do scans with MS Defender antivirus. Depending on the speed of your computer this fix may take 50-55 minutes or more.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

(  2  )

I also would appreciate this report:

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

• Internet Services
  Windows Firewall
  System Restore
  Security Center/Action Center
  Windows Update
  Windows Defender
  Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file.  

(  3 )

I would like a report set for review. This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then Gather Logs

Have patience till the run has finished.
Attach the mbst-grab-results.zip from the Desktop to your reply..

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks