Grenpara Posted June 19, 2023 ID:1573387 Share Posted June 19, 2023 Hello, I think I have malware as Chrome Lags bad and I have Malwareguard installed in it. I did full remove of Chrome and Deleted its folders and did Fresh Install a few weeks ago and it still lags bad. I see in Taskmanager under chrome I see CMD and Conhost are open almost always. Malwarebytes wont open and the repair program freezes and then crashes. I had disabled my paid protection due to conflict with Bitdefender. So I installed Malwarebytes Free but it wont open or wont run thou shows in taskmanager. My Frst64 Data is attached . Help Would be greatly appreciated. Thanks Fred Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 19, 2023 ID:1573390 Share Posted June 19, 2023 Hello @greenplace I will guide you along on looking for remaining malware. Lets keep these principles as we go along. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going. 1 Link to post Share on other sites More sharing options...
Grenpara Posted June 19, 2023 Author ID:1573393 Share Posted June 19, 2023 Hello Maurice, Thanks for the fast reply. I did one thing before you responded which was uninstall Bitdefender. MAlwarebytes worked now and here is its scan. That was the only way I could get Malwarebytes to work. Thanks Fred Malwarebytes.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 19, 2023 ID:1573395 Share Posted June 19, 2023 F Y I NOTE. Windows Event logs show that Chrome is aborting.Error: (06/19/2023 04:39:45 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY) Description: The program chrome.exe version 114.0.5735.134 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Do not do anymore on your own. I am in process of getting a custom-script that I will ask you to run. Just wait for that. Have patience. Do not do any more on your own. Allow me to be your guide. 1 Link to post Share on other sites More sharing options...
Grenpara Posted June 19, 2023 Author ID:1573397 Share Posted June 19, 2023 Hello, Thanks for the fast reply. I wont do anything else without you saying so. When you say Security and MAintenance control panel do you mean in windows? I ask as I dont recall seeing that section. Thanks Fred Link to post Share on other sites More sharing options...
Grenpara Posted June 19, 2023 Author ID:1573400 Share Posted June 19, 2023 Hey, Ok I found that section and I can explain part of it. Chrome Will freeze on me sometimes and I will have to end process. That is just one reason why I think I have Malware. Sometime freeze is for a few seconds and sometimes it can be minutes, or a total Chrome Freeze. When I had tried to download FRST64 Chrome did a total Freeze so I had to end process. I ended up using edge to download it after I forced chrome to close. Thanks Fred Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 19, 2023 ID:1573404 Share Posted June 19, 2023 My relaying of the event log is just information. At this time, dont go hunting. Kindly focus on these things here. Take these actions so that Windows 11 is set to show all hidden files and folders. Open File Explorer from the taskbar. Select View > Show > Hidden items. Select View → Show → File name extensions Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } This will not affect any real-time protection of the Malwarebytes for Windows 😃. Close Malwarebytes. > NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will reset the Winsock file. It will get selected readouts on some Windows services. It will attempt to clear temporary cache files on web browsers. Depending on the speed of your computer this fix may take 50-55 minutes or more. This next job will end all open applications and then do its work. Please read all of this. The tool FRST64.exe tool is already on this machine at D:\Downloads\Virus Help 19 Jun 2023 ( keep that in mind ) Please download the attached fixlist.txt file and save it to folder D:\Downloads\Virus Help 19 Jun 2023 Fixlist.txt<-- - - - - NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Use File Explorer to go to the D:\Downloads\Virus Help 19 Jun 2023 folder RIGHT-Click on FRST64 and select RUN as Administrator and reply YES to allow it to go forward to start. That is important so that this run has Elevated Administrator rights !! NEXT press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. We will do more, later. Please have much patience. I am a volunteer. I am not on all the time. 1 Link to post Share on other sites More sharing options...
Grenpara Posted June 19, 2023 Author ID:1573408 Share Posted June 19, 2023 Hello, Ok I have ran as you instructed and attached is the file. Thanks Fred Fixlog.txt Link to post Share on other sites More sharing options...
Porthos Posted June 20, 2023 ID:1573411 Share Posted June 20, 2023 (edited) Sorry to intrude. @Grenpara Quote OS: Windows 11 The last Microsoft monthly update had issues with Malwarebytes and Chrome. Please see this and follow the advice. https://support.malwarebytes.com/hc/en-us/articles/17571529651475-Malwarebytes-conflict-with-Google-Chrome Edited June 20, 2023 by Porthos 1 Link to post Share on other sites More sharing options...
Grenpara Posted June 20, 2023 Author ID:1573414 Share Posted June 20, 2023 (edited) Hey Porthos, Thanks I did not know that. At First I thought is was the Memory saver of chrome but I disabled that after reinstall. I will check the link. EDIT: Just Read the story and that could not be main cause. I have not had Malwarebytes installed on this PC until today when I searched for malware. My issue was happening with Chrome only with bitdefender installed. I had to uninstall it to put Malwarebytes back on to scan. Thanks thou. Thanks Fred Edited June 20, 2023 by Grenpara adding info 1 Link to post Share on other sites More sharing options...
Porthos Posted June 20, 2023 ID:1573415 Share Posted June 20, 2023 18 minutes ago, Grenpara said: I have not had Malwarebytes installed on this PC until today when I searched for malware. My issue was happening with Chrome only with bitdefender installed. Thanks, Continue now with Maruice. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 20, 2023 ID:1573419 Share Posted June 20, 2023 Thank you for the Fixlog report. The run is good. Both the Windows SFC & DISM reported no issues. The run accomplished its mission. And just so you know, both Malwarebytes and MS Defender antivirus are protecting this Windows 11. We know that Chrome is abending from the MS Windows system logs. What we need to know is whether this Windows 11 has the Windows 11 22H2 KB5027231 cumulative update ( which is known to cause friction with Chrome and other security related apps). That is the goal of the next run outline below. THis makes no changes of any sort. It is inquiry only. It will run super duper quick. It does not involve any restart / reboot. The tool FRST64.exe tool is already on this machine at D:\Downloads\Virus Help 19 Jun 2023 ( keep that in mind ) Please download the attached fixlist.txt file and save it to folder D:\Downloads\Virus Help 19 Jun 2023 Fixlist.txt<-- - - - - NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work. Use File Explorer to go to the D:\Downloads\Virus Help 19 Jun 2023 folder RIGHT-Click on FRST64 and select RUN as Administrator and reply YES to allow it to go forward to start. That is important so that this run has Elevated Administrator rights !! NEXT press the Fix button just once and wait. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Link to post Share on other sites More sharing options...
Grenpara Posted June 20, 2023 Author ID:1573421 Share Posted June 20, 2023 Hello Maurice, Thanks for the help, I appreciate it. attached is the new file. Thanks Fred Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 20, 2023 ID:1573424 Share Posted June 20, 2023 There were 3 Microsoft updates on 13 June 2023. One of which is KB5027231 Description HotFixID InstalledOn ----------- -------- ----------- Update KB5026549 2023-06-13 12:00:00 AM Security Update KB5027231 2023-06-13 12:00:00 AM Update KB5027119 2023-06-13 12:00:00 AM A workaround ( to Chrome crash issue) cited on Microsoft Answers forums is to rename chrome.exe to chrome1.exe and create a new shortcut. Right click current chrome icon (shortcut) [ you have a shortcut on your Desktop ] and choose open file location or browse to Program Files\Google\Chrome\Application folder or Program Files \ Once you have that squared away, you should do a Windows Restart. Let system settle back in. Then test Chrome browser. Link to post Share on other sites More sharing options...
Grenpara Posted June 20, 2023 Author ID:1573430 Share Posted June 20, 2023 (edited) Hey, Sorry but I dont understand. I should rename the chrome shortcuts to chrome1.exe? Then make new shortcut to google chrome called Chrome.exe? Also if shortcuts point to same program how could making new one change anything? EDIT: Malwarebytes was not on system during the freezing. I had installed MBAM as I thought somehow I had malware. Thanks Fred Edited June 20, 2023 by Grenpara Link to post Share on other sites More sharing options...
Grenpara Posted June 20, 2023 Author ID:1573434 Share Posted June 20, 2023 Hey, Sorry for 2nd reply but did not want to edit last post again. Was there malware on system or other major issue? Also which do you suggest to use. My licensed malwarebytes or Bitdefender? And should I re-enable "Always register Malwarebytes in the Windows Security Center" as you had me shut it off? Thanks Fred Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 20, 2023 ID:1573437 Share Posted June 20, 2023 No, there has been no "malware infection" found so far. And try not to go changing a lot of things at this point. The suspected thing that I think is triggering the Chrome problem I believe is the MS KB5027231 All that I was suggesting is to locate where the Chrome executable chrome.exe is. Then Rename chrome.exe to chrome1.exe The gist was to locate the link or the icon, and to modify the "target" field to contain "chrome1.exe". Put aside ( at least for now) the re-install of BitDefender or the idea of re-changing the MB setting for Windows Security Center. We want to test out if Chrome will run normally if its executable is renamed Chrome1.exe Link to post Share on other sites More sharing options...
Grenpara Posted June 20, 2023 Author ID:1573441 Share Posted June 20, 2023 Hello, Ok I renamed the chrome.exe to chrome1.exe and it started fine. It did give me the usual popup saying I needed permission and I went ahead with the rename. I did misread your post and installed bitdefender I read it as "then re-install of bit defender" and thought it was a typo. But right now I am going to start using edge browser as a chrome replacement. The reason is Edge has application guard and it runs fine. The only problem is Chrome and all other programs and browsers run fine. I guess since I screwed up there is no point continuing. I know before i started current thread/request I had run sfc /scannow, multiple DISM, MRT, and many others. They all had reported clean system except 1 program reported something. It was Malwarebytes ADWcleaner and it reports a suspected pup. Anyways thanks for your help and time I really appreciate it. Thanks again for the help and have a great summer. Fred Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted June 20, 2023 Solution ID:1573502 Share Posted June 20, 2023 Hi, Fred. Thanks for your notes. For your benefit ( as well as for current readers & potential future readers), there is no malware here. The Farbar FRST did not show indicators of malware infection. And as you said, you yourself had run scans on your own, inclduing apparently ESET Onlinescanner. The Malwarebytes scan report you posted showed no malware infection. Your pc now has the latest Malwarebytes version 4.5.31.270, which has no conflict with Chrome. As to Chrome crashes: It is known that MS KB5027231 on some sub-set of Windows 11 systems, had led to Chrome crashes / aborts, even on some Windows 11 systems that did not have Malwarebytes. What I had you do in renaming Chrome.exe to Chrome1.exe is a temporary work-around. And by the way, I am glad to see that Chrome1 does run / does work. Since you say that you will use Edge as the main browser, I would suggest to insure that Edge is set as the default browser. On your computer, click the Windows Start menu Click Settings Apps Default Apps. Under "Set defaults for applications," enter Chrome into the search box click Google Chrome. At the top, next to "Make Google Chrome your default browser," click Set default. To make sure the change applied to the correct file types, review the list below the "Set default" button. To exit, close the settings window. ( I would like for us to review a report about the versions of a selected set of installed applications) Temporarily disable Microsoft SmartScreen to download the next software below I would recommend getting a readout report as to update status of some key apps. Download SecurityCheck by glax24 from here and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt When all done, you may go back to turn ON the EDGE Smartscreen protection. 1 Link to post Share on other sites More sharing options...
Grenpara Posted June 20, 2023 Author ID:1573538 Share Posted June 20, 2023 Hello Maurice, Thanks for all your help and time, I really do appreciate it. I will do as you suggest and reset edge as default browser. Thanks again for the help Have a great summer. Fred Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 21, 2023 ID:1573695 Share Posted June 21, 2023 You are very welcome. I am glad to have worked with you. We can proceed with cleanup of tools we used. To remove the FRST64 tool & its work files, do this. Go to your D:\Downloads\Virus Help 19 Jun 2023 folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Any other download file I had you download, you may delete. Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. I am marking this case for closure. I wish you all the best. Stay safe. Sincerely. Maurice Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 21, 2023 ID:1573696 Share Posted June 21, 2023 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you 1 Link to post Share on other sites More sharing options...
Recommended Posts