ecclesiastes Posted May 27, 2023 ID:1569464 Share Posted May 27, 2023 I have installed the Malwarebytes, but when I run the app it says that "RuntimeBroker.exe/Explorer.exe. The item referred to by this shortcut cannot be accessed. You may not have the appropriate permissions." Please help me Link to post Share on other sites More sharing options...
Porthos Posted May 27, 2023 ID:1569470 Share Posted May 27, 2023 @ecclesiastes Please do the following so that we may take a closer look at your installation for troubleshooting: NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply Thanks Link to post Share on other sites More sharing options...
ecclesiastes Posted May 27, 2023 Author ID:1569472 Share Posted May 27, 2023 mbst-grab-results.zip Thankss Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 27, 2023 ID:1569513 Share Posted May 27, 2023 (edited) Hello @ecclesiastes I will guide you along on looking for remaining malware. Lets keep these principles as we go along. Please have lots of patience all along. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going. I am listing below your next actions to take. Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article Please use this Guide ( 2 ) Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } This will not affect any real-time protection of the Malwarebytes for Windows 😃. Close Malwarebytes. ( 3 ) Next action step: Disable ( turn OFF ) Fast Startuphttps://www.windowscentral.com/how-disable-windows-10-fast-startup Then restart the computer ( 4 ) This is a good point to emphasize not playing online games or games in general, while the case is on-going. I would also emphasize to reduce the auto-started applications that start with Windows down to the absolute minimum. Which would basically be just security applications. Apply these principles now from the following How-toHow to perform a clean boot in Windows ( 5 ) As a next step, I suggest the following: This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool. This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on CUSTOM scan and select C drive to be scanned Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours. At screen "Detections occurred and resolved" click on blue button "View detected results" On next screen, at lower left, click on blue "Save scan log" View where file is to be saved. Provide a meaningful name for the "File name:" On last screen, set to Off (left) the option for Periodic scanning Click "save and continue" Please attach the report file so I can review ( 6 ) Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save itguide & download link Then be sure to close all web browsers after the download & before launching the tool. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner Guide article Attach the clean log from Adwcleaner when all completed. Edited May 27, 2023 by Maurice Naggar Link to post Share on other sites More sharing options...
ecclesiastes Posted May 28, 2023 Author ID:1569529 Share Posted May 28, 2023 Hi @Maurice Naggar, Malwarebytes is not running with the message that I already mentioned in my first post. Can I skip to the third part? Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 28, 2023 ID:1569568 Share Posted May 28, 2023 @ecclesiastes YES ! I encourage you to skip that step and GO FORWARD. Please forgive my all caps. Proceed forward. Link to post Share on other sites More sharing options...
ecclesiastes Posted May 29, 2023 Author ID:1569596 Share Posted May 29, 2023 ESET scan 29 May.txtAdwCleaner[C00].txt Here are the logs Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 29, 2023 ID:1569664 Share Posted May 29, 2023 (edited) Next, a custom script to do checks & selected cleanups. There is a multi-point infection that disables many security antivirus tools. We will use FRSTENGLISH.exe on the Downloads folder to run a custom script. The system will be rebooted after the script has run. This custom script is for ecclesiastes only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. Hoping it will not exceed 60 minutes in execute time. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Stick around with me. There is much more to do later. Edited May 31, 2023 by Maurice Naggar Link to post Share on other sites More sharing options...
ecclesiastes Posted May 30, 2023 Author ID:1569741 Share Posted May 30, 2023 my FRSTenglish is outdated with a message " This app can't run on your PC". Where can I download the latest version? Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2023 ID:1569758 Share Posted May 30, 2023 FRSTENGLISH.zip Sorry that you encountered issues. Delete the current FRSTENGLISH that is now on the machine. Save this ZIP file to the Downloads folder. Extract the content to Downloads. Check to see all is there. Then do the custom fix procedure as I listed before. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 31, 2023 ID:1570045 Share Posted May 31, 2023 Hello @ecclesiastes I hope you are well. How is the situation ? Have you seen my last reply and the file I sent ? Link to post Share on other sites More sharing options...
ecclesiastes Posted June 1, 2023 Author ID:1570175 Share Posted June 1, 2023 Been a hectic day lately, know I'm gonna proceed with the next step (: Link to post Share on other sites More sharing options...
ecclesiastes Posted June 1, 2023 Author ID:1570179 Share Posted June 1, 2023 Fixlog.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted June 1, 2023 Solution ID:1570202 Share Posted June 1, 2023 A request please I would like to get a copy of what we placed in Quarantine, from the runs I had you do. Please. Using Windows File Explorer, Navigate to C:\FRST folder on your system. Expand the folder so you see all contents. Right click on Quarantine > Send to > Compressed (zipped) folder Upload the archive in your next reply If archive is too big you can upload here > https://wetransfer.com/ Also, Let me know how the situation is at this point as to any new "block" notices, or some other active security issue. Also, please do one new Scan with Malwarebytes. Thank you! If possibly you have a browser issue, can you try using a different web browser? But in any event, always SAVE the downloads I guide you to. Then after download is complete, you go to the file using File Explorer. and only then, launch it from there. Let's do one special run with Malwarebytes Adwcleaner. It will not take much time, Read over all lines before starting so that you have a good understanding of the whole method. Take your time and go careful. I ant to make sure you select all of what I list below - before- pressing the "scan" button. First download & save it guide & download link Then go to where the EXE file is saved. Start Adwcleaner. Do not rush. There are a few first choices to set as I have listed below. Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt. When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window by clicking their button to the far-right for ON status Delete IFEO keys Delete tracing keys Delete Prefetch files Reset Proxy Reset IE Policies Reset Chrome policies Reset Winsock Reset HOSTS file ONLY after you have set the selections above ....only after that ..... Now On the left side of the AdwCleaner window, click on “Dashboard” and then click “Scan” to perform a computer scan. This can take several minutes. When the AdwCleaner scan is completed it will display all of the items it has found. Click on the “Quarantine” button To remove what it found. AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean. Click on the “Continue” button to finish the removal process. Guide article Attach the clean log from Adwcleaner when all completed. For example AdwCleaner[C00],txt There is much more to do even after this. The infection had essentially neutered the Microsoft Defender antivirus. Link to post Share on other sites More sharing options...
ecclesiastes Posted June 1, 2023 Author ID:1570243 Share Posted June 1, 2023 Quarantine.zipAdwCleaner[C01].txt as of now, there is no block notification or anything suspicious, and no email login from other devices. It seems that all is back to normal. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 1, 2023 ID:1570249 Share Posted June 1, 2023 Thank you. I appreciate the good news. Sophos Scan & Clean Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please close all other open applications and Do Not use your PC whilst the scan is in progress... This scan is very thorough so it may take several hours to complete, please be patient... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Attach the results in your next reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found under this sub-folder: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Please attach that log on your next reply Thank you Link to post Share on other sites More sharing options...
ecclesiastes Posted June 1, 2023 Author ID:1570298 Share Posted June 1, 2023 SophosScanAndClean_20230602_0326.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 2, 2023 ID:1570411 Share Posted June 2, 2023 Good morning. Thank you. The Sophos scan found no threats.( 2 ) A request please I would like to get a copy of a specific-saved folder, from the runs I had you do. Please. Using Windows File Explorer, Navigate to C:\FRST\hives folder on your system. Expand the folder so you see all contents. Right click on Hives > Send to > Compressed (zipped) folder Upload the archive in your next reply If archive is too big you can upload here > https://wetransfer.com/ ( 3 ) One other scan here. TrendMicro HouseCall scanfrom this Link First, Download & Save to your Downloads folder the appropriate HouseCallLauncher Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it. The program will check with TrendMicro & do a update run. Next it will show the Disclosure window. Click Next to proceed. The end user license agreement is presented. Click the Accept radio button & click Next to proceed. I suggest a CUSTOM scan on C drive. IF you wish a Full scan or a Custom scan, first click on the Settings then you can select which drives you want to include in the scan. The default is a Quick scan. Click Scan now when ready. The scan progress will then be displayed. Monitor the progress or just leave it alone until it finishes this phase. When the scan phase has completed, if any items are tagged, you will see a list, showing the file & its location, the classification of the threat, the type, risk, and Action option. If you see an item that you know is safe, you can click the Action , and select Ignore. When all done & ready, click the Fix now button.( 4 ) Temporarily disable Microsoft SmartScreen to download the next software below I would recommend getting a readout report as to update status of some key apps. Download SecurityCheck by glax24 from here and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt When all done, you may go back to turn ON the EDGE Smartscreen protection. Link to post Share on other sites More sharing options...
ecclesiastes Posted June 3, 2023 Author ID:1570550 Share Posted June 3, 2023 Hives.zip I have disabled my microsoft smartscreen, but I can't download the securitycheck. Is there any possible way to do it? 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 3, 2023 ID:1570569 Share Posted June 3, 2023 Thanks for the ZIP. I would suggest to try using a browser other than Edge in order to attempt a download of SecurityCheck tool. Link to post Share on other sites More sharing options...
ecclesiastes Posted June 3, 2023 Author ID:1570570 Share Posted June 3, 2023 I've tried using Chrome but it's deleted immediately Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 3, 2023 ID:1570571 Share Posted June 3, 2023 Let's skip that tool run. It is not a must-do. Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download At this point, are there any outstanding issue or not ? Ready to proceed to wrap-up of the case ? Link to post Share on other sites More sharing options...
ecclesiastes Posted June 3, 2023 Author ID:1570596 Share Posted June 3, 2023 Yes, I think there is no issue left. Many thanks for your kind help! Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 3, 2023 ID:1570604 Share Posted June 3, 2023 You are very welcome. I am glad to have worked with you. We can proceed with cleanup of tools we used. To remove the FRSTENGLISH tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete mb-support-1.8.7.918.exe Delete mbst-grab-results.zip on the Desktop. Delete Esetonlinescanner.exe Delete SecurityCheck.exe Adwcleaner you may keep and use as needed. Any other download file I had you download, you may delete. Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. I am marking this case for closure. I wish you all the best. Stay safe. Sincerely. Maurice Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 3, 2023 ID:1570605 Share Posted June 3, 2023 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts