Jump to content

Windows Defender not working after MBam uninstall


Recommended Posts

I am sure I am doing something wrong, but I cannot find a solution.

Basic System Info:

- Windows 10 Pro 64bit

- My user is in the Admin group

 

Issue: After uninstalling a licensed version of Malwarebytes, Windows Defender (I think) does not work

- In Windows Security, under Virus & Threat Protection:

- A notice that reads "Threat service has stopped. Restart it now.

- Clicking the "Restart now" button results in: "Unexpected error. Sorry, we ran into a problem. Please try again."

 

Help, please...

aR

Link to post
Share on other sites

  • Root Admin

Hello  and  :welcome:    @aRGon

 

My screen name is AdvancedSetup and I will assist you with your system issues.
 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow all steps in the provided order and post back all requested logs
  • Please attach all log files to your post, unless otherwise requested
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans have been completed.
  • Temporarily disable Microsoft SmartScreen to download the software below if needed. Make sure to turn it back on once the scans are completed.
  • Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing.
  • Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Cracked, Hacked, or Pirated programs are not only illegal but also can make a computer a malware victim.
  • Having such programs installed is the easiest way to get infected. It is the leading cause of ransomware encryption. It is at times also a big source of current Trojan infections.
  • If there are any on the system you should uninstall them before we proceed.
  • Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours.
  • If your system is running Discord, please be sure to Exit it while this case is ongoing.

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting. This is a report only.

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

 

Link to post
Share on other sites

Hi AdvancedSetup o/

It is highly likely that your response is an automated one, but I reply as if it isn't...

First, I respect your request and have, and will continue to, do as you say (Your time is very valuable, mine less so, but is still important to me, so thank you for this awesome set of requests!).

- I have read, and agree to follow, all your posted requests

To the best of my knowledge:

- No antivirus is currently running (the reason I'm here)

- There is no cracked/hacked/pirated software installed on this system

- Discord has been disabled

 

Attached is the mbst-grab-results.zip file as requested.

 

Again, thank you for your time and help :-)

 

mbst-grab-results.zip

Link to post
Share on other sites

  • Root Admin

Thank you for the log @aRGon

Let me have you run another scanner to look closer at the Windows Defender issue

 

Please download the following tool

Farbar Service Scanner and run it on the computer with the issue
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

 

Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click "Scan"

It will create a log (FSS.txt) in the same directory the tool is run.
Please attach the log to your next reply.

 

Link to post
Share on other sites

  • Root Admin

You're quite welcome for the assistance.

I'm off work at the moment and about to eat soon. As you can see some of the services are in fact broken.

 

Windows Update:
============
dosvc Service is not running. Checking service configuration:
The start type of dosvc service is set to Demand. The default start type is Auto.
The ImagePath of dosvc service is OK (ImagePath=%SystemRoot%\System32\svchost.exe -k NetworkService -p).
The ServiceDll of dosvc service is OK.


Windows Autoupdate Disabled Policy:
============================
ATTENTION!=====> policy restriction on WindowsUpdate: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

 

I'll help you later tonight if possible, if not then in the morning, but probably later tonight. @aRGon

 

Cheers

Link to post
Share on other sites

  • Root Admin

Please run the following fix @aRGon

 

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\aR Gon\Downloads\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.

 

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

@AdvancedSetup Ran the fix, everything seems to be working, I think.

As requested, the fixlist.txt file is attached.

 

You are AWESOME! Thank you for helping so many people. Thank you for helping me!

 

Is there anything else I should do now? I am happily awaiting your reply (I may not be able to reply until this evening, I have several appointments today)

 

aR 🙏🏾

Fixlog.txt

Link to post
Share on other sites

  • Root Admin

You're quite welcome for the assistance, any time.

 

For the most part it says it worked @aRGon

Please run the following again to double-check

 

 

Please download the following tool

Farbar Service Scanner and run it on the computer with the issue
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

 

Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click "Scan"

It will create a log (FSS.txt) in the same directory the tool is run.
Please attach the log to your next reply.

 

Thanks

 

Link to post
Share on other sites

  • Root Admin

Doing well, thanks. Hope the same for you @aRGon

 

Now that the restriction policy was removed it shows one of the services is not running.

Please save the attached file as before .

 

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\aR Gon\Downloads\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

The system will be rebooted after the fix has run.

fixlist.txt

 

When done, please run the FSS scanner and post back a new log

 

 

Link to post
Share on other sites

Hey Advanced o/

 

Okay, ran the 2nd fixlist.txt via the Farbar program. After a reboot I also ran the FSS scanner again, as instructed. In addition, both log files are attached.

 

NOTE: I will not be able to reply until Monday 29th of May, 2023. I hope this is not a problem.

 

In other words, please enjoy the weekend and I hope you don't have to work, or if you do work that it is what you enjoy :-)

 

aR

Fixlog.txt FSS.txt

Link to post
Share on other sites

  • Root Admin

I will be out until later tonight myself. The wife wants to go out 😁

 

The fix worked but it looks like something else is causing the service not to work so we'll have to dig into it more on Monday.

Please run the following when you can so we can make sure there is not some other infection we're fighting

 

 

Please run the following ESET Online Scanner and perform a Full Scan

 

Click the following link to save the installer for ESET Online Scanner

https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get started. 
  • When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use
  • On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue
  • When prompted for scan type, Click on the Full Scan button
  • Enable  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click the Start scan button.
  • Have patience.  The entire process may take a few hours or more.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log and give it a name and location you remember.
  • If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to turn off the offer for “periodic scanning”.
  • Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

Please attach the ESET scan log you saved at the end to your next reply

 

Link to post
Share on other sites

I hope you had a great 3 day weekend.

 

I ran the ESET scan and attached is the log. Spoiler, if found Zero, well, it reported that it found zero.

 

I do have a question about a service I found running that has a strange (to me) name, but am not sure if it's proper to ask you about it. May I inquire about this here?

 

In either case, thanks for the FANTASTIC help and getting my computer's security back on-line! 😀🎃

 

aR

Eset Scan Log.txt

Link to post
Share on other sites

  • Root Admin

Go ahead and run the FSS scanner again and it should be telling us the same thing.

 

Windows Update:
============
dosvc Service is not running. Checking service configuration:
The start type of dosvc service is set to Demand. The default start type is Auto.
The ImagePath of dosvc service is OK (ImagePath=%SystemRoot%\System32\svchost.exe -k NetworkService -p).
The ServiceDll of dosvc service is OK.

 

I believe that there is probably a permissions issue with the DoSvc service that we need to fix.

 

 

Link to post
Share on other sites

  • Root Admin

This is how it looks on my system

C:\>sc qc dosvc
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: dosvc
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetworkService -p
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Delivery Optimization
        DEPENDENCIES       : rpcss
        SERVICE_START_NAME : NT Authority\NetworkService

C:\>sc queryex dosvc

SERVICE_NAME: dosvc
        TYPE               : 30  WIN32
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 0
        FLAGS              :

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.