Jump to content

Need Help with Possible Malware


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello,

I think I have malware as Chrome Lags bad and I have Malwareguard installed in it.
I did full remove of Chrome and Deleted its folders and did Fresh Install a few weeks ago and it still lags bad.
I see in Taskmanager under chrome I see CMD and Conhost are open almost always.

Malwarebytes wont open and the repair program freezes and then crashes.

I had disabled my paid protection due to conflict with Bitdefender.
So I installed Malwarebytes Free but it wont open or wont run thou shows in taskmanager.

My Frst64 Data is attached .

 

Help Would be greatly appreciated.

 

Thanks

Fred

Addition.txt FRST.txt

Link to post
Share on other sites

Hello :welcome: @greenplace

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.
  • Thanks 1
Link to post
Share on other sites

F Y I  NOTE. Windows Event logs show that Chrome is aborting.Error: (06/19/2023 04:39:45 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program chrome.exe version 114.0.5735.134 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Do not do anymore on your own. I am in process of getting a custom-script that I will ask you to run. Just wait for that. Have patience. Do not do any more on your own. Allow me to be your guide.

  • Thanks 1
Link to post
Share on other sites

Hey,

Ok I found that section and I can explain part of it.

Chrome Will freeze on me sometimes and I will have to end process.
That is just one reason why I think I have Malware.
Sometime freeze is for a few seconds and sometimes it can be minutes, or a total Chrome Freeze.
When I had tried to download FRST64 Chrome did a total Freeze so I had to end process.

I ended up using edge to download it after I forced chrome to close.

 

Thanks

Fred

Link to post
Share on other sites

My relaying of the event log is just information. At this time, dont go hunting. Kindly focus on these things here.

Take these actions so that Windows 11 is set to show all hidden files and folders.
Open File Explorer from the taskbar.

Select View > Show > Hidden items.

Select ViewShowFile name extensions

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

>

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will reset the Winsock file. It will get selected readouts on some Windows services. It will attempt to clear temporary cache files on web browsers. Depending on the speed of your computer this fix may take 50-55 minutes or more.

This next job will end all open applications and then do its work. Please read all of this.

The tool FRST64.exe tool  is already on this machine at D:\Downloads\Virus Help 19 Jun 2023    ( keep that in mind )

Please download the attached fixlist.txt file and save it to  folder D:\Downloads\Virus Help 19 Jun 2023

Fixlist.txt<-- - - - -

 

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Use File Explorer to go to the D:\Downloads\Virus Help 19 Jun 2023 folder

RIGHT-Click on   FRST64 and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. We will do more, later.

Please have much patience. I am a volunteer. I am not on all the time.

  • Thanks 1
Link to post
Share on other sites

Sorry to intrude. @Grenpara

Quote

OS: Windows 11

The last Microsoft monthly update had issues with Malwarebytes and Chrome.

Please see this and follow the advice. https://support.malwarebytes.com/hc/en-us/articles/17571529651475-Malwarebytes-conflict-with-Google-Chrome

 

Edited by Porthos
  • Thanks 1
Link to post
Share on other sites

Hey Porthos,

 

Thanks I did not know that.
At First I thought is was the Memory saver of chrome but I disabled that after reinstall.

I will check the link.

EDIT:  Just Read the story and that could not be main cause.
I have not had Malwarebytes installed on this PC until today when I searched for malware.
My issue was happening with Chrome only with bitdefender installed.
I had to uninstall it to put  Malwarebytes back on to scan.

Thanks thou.
 

Thanks
Fred

Edited by Grenpara
adding info
  • Thanks 1
Link to post
Share on other sites

Thank you for the Fixlog report. The run is good. Both the Windows SFC & DISM reported no issues. The run accomplished its mission.
And just so you know, both Malwarebytes and MS Defender antivirus are protecting this Windows 11.
We know that Chrome is abending from the MS Windows system logs. What we need to know is whether this Windows 11 has the Windows 11 22H2 KB5027231 cumulative update ( which is known to cause friction with Chrome and other security related apps).
That is the goal of the next run outline below. THis makes no changes of any sort. It is inquiry only. It will run super duper quick.
It does not involve any restart / reboot.

The tool FRST64.exe tool  is already on this machine at D:\Downloads\Virus Help 19 Jun 2023    ( keep that in mind )

Please download the attached fixlist.txt file and save it to  folder D:\Downloads\Virus Help 19 Jun 2023

Fixlist.txt<-- - - - -

 

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

Use File Explorer to go to the D:\Downloads\Virus Help 19 Jun 2023 folder

RIGHT-Click on   FRST64 and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Link to post
Share on other sites

There were 3 Microsoft updates on 13 June 2023. One of which is KB5027231
Description      HotFixID      InstalledOn               
-----------      --------      -----------                  
Update           KB5026549     2023-06-13 12:00:00 AM    
Security Update  KB5027231     2023-06-13 12:00:00 AM    
Update           KB5027119     2023-06-13 12:00:00 AM    
    

A workaround ( to Chrome crash issue) cited on Microsoft Answers forums is to rename chrome.exe to chrome1.exe and create a new shortcut.

Right click current chrome icon (shortcut)  [ you have a shortcut on your Desktop ]  and choose open file location or browse to Program Files\Google\Chrome\Application folder or Program Files \

Once you have that squared away, you should do a Windows Restart. Let system settle back in. Then test Chrome browser.

Link to post
Share on other sites

Hey,

Sorry but I dont understand.

I should rename the chrome shortcuts to chrome1.exe?

Then make new shortcut to google chrome called  Chrome.exe?
Also if shortcuts point to same program how could making new one change anything?

EDIT:  Malwarebytes was not on system during the freezing.
I had installed MBAM as I thought somehow I had malware.

 

Thanks

Fred

Edited by Grenpara
Link to post
Share on other sites

Hey,

Sorry for 2nd reply but did not want to edit last post again.

Was there malware on system or other major issue?

Also which do you suggest to use. My licensed malwarebytes or Bitdefender?

And should I re-enable "Always register Malwarebytes in the Windows Security Center" as you had me shut it off?

 

Thanks

Fred

Link to post
Share on other sites

No, there has been no "malware infection" found so far. And try not to go changing a lot of things at this point. The suspected thing that I think is triggering the Chrome problem I believe is the MS KB5027231

All that I was suggesting is to locate where the Chrome executable chrome.exe is. Then Rename chrome.exe to chrome1.exe

The gist was to locate the link or the icon, and to modify the "target" field to contain "chrome1.exe".

Put aside ( at least for now) the re-install of BitDefender or the idea of re-changing the MB setting for Windows Security Center.

We want to test out if Chrome will run normally if its executable is renamed Chrome1.exe

Link to post
Share on other sites

Hello,

Ok I renamed the chrome.exe to chrome1.exe and it started fine.
It did give me the usual popup saying I needed permission and I went ahead with the rename.

I did misread your post and installed bitdefender I read it as "then re-install of bit defender" and thought it was a typo.

But right now I am going to start using edge browser as a chrome replacement.
The reason is Edge has application guard and it runs fine.

The only problem is Chrome and all other programs and browsers run fine.

I guess since I screwed up there is no point continuing.
 

I know before i started current thread/request I had run sfc /scannow, multiple DISM, MRT, and many others.
They all had reported clean system except 1 program reported something.
It was Malwarebytes ADWcleaner and it reports a suspected pup.

Anyways thanks for your help and time I really appreciate it.
 

Thanks again for the help and have a great summer.
Fred

Link to post
Share on other sites

  • Solution

Hi, Fred. Thanks for your notes.
For your benefit ( as well as for current readers & potential future readers), there is no malware here.
The Farbar FRST did not show indicators of malware infection. And as you said, you yourself had run scans on your own, inclduing apparently ESET Onlinescanner. The Malwarebytes scan report you posted showed no malware infection.

Your pc now has the latest Malwarebytes version 4.5.31.270, which has no conflict with Chrome.
As to Chrome crashes:
It is known that MS KB5027231 on some sub-set of Windows 11 systems, had led to Chrome crashes / aborts, even on some Windows 11 systems that did not have Malwarebytes.

What I had you do in renaming Chrome.exe to Chrome1.exe is a temporary work-around. And by the way, I am glad to see that Chrome1 does run / does work.
Since you say that you will use Edge as the main browser, I would suggest to insure that Edge is set as the default browser.

  1. On your computer, click the Windows Start menu 

  2. Click Settings Settings and then Apps and then Default Apps.

  3. Under "Set defaults for applications," enter Chrome into the search box and then click Google Chrome.

  4. At the top, next to "Make Google Chrome your default browser," click Set default.

    • To make sure the change applied to the correct file types, review the list below the "Set default" button.

  5. To exit, close the settings window.

( I would like for us to review a report about the versions of a selected set of installed applications)

Temporarily disable Microsoft SmartScreen to download the next software below 

I would recommend getting a readout report as to update status of some key apps.
Download SecurityCheck by glax24 from here

and save the tool on the desktop.

                   If Windows's  SmartScreen block that with a message-window, then
                         Click on the MORE INFO spot and over-ride that and allow it to proceed.

                             This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

When all done, you may go back to turn ON the EDGE Smartscreen protection.

  • Thanks 1
Link to post
Share on other sites

You are very welcome. I am glad to have worked with you.

We can proceed with cleanup of tools we used.

To remove the FRST64 tool & its work files, do this. Go to your D:\Downloads\Virus Help 19 Jun 2023 folder. Do a RIGHT-click on FRST64.exe & select

RENAME

& then change it to

UNINSTALL.exe

.
Then run that ( double click on it) to begin the cleanup process.
Any other download file I had you download, you may delete.
Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

I am marking this case for closure.
I wish you all the best. Stay safe.
Sincerely.

Maurice

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

  • Thanks 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.