Jump to content

Cannot install anti-virus programs of any sort on my PC


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello :welcome: @melvin98

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

There are several separate issues going on on this machine. This will take several passes / rounds. Have much patience. There is not a single-magical-single step solution. When you get caught up, do what follows.

 

(   1   )

 

Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article
Please use this Guide

(   2   )

This next tool ought to take something in the range of 15 - 25 minutes tops, depending on hardware speed.
get & run the Malwarebytes MBAR anti-rootkit tool to do 1 run with it.
Disregard the title subject of the topic.Run the MBAR tool as listed here 

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes

  • when done, I need the MBAR logs.
  • Upon completion of the scan or after the reboot, two files named mbar-log.txt and system-log.txt will be created.
  • Both files can be found in the extracted MBAR folder on your Desktop.
  • Please attach both files in your next reply.

(   3   )

 

Download and save a file named Iexplore.exe from here https://www.bleepingcomputer.com/download/rkill/dl/11/

and once the browser has finished the download, can you RUN that from there.

That Iexplore is another name for the tool known as RKILL by Bleepingcomputer. 

We will be doing much, much more. Be sure you tell me if this is Windows 10 or 11.

Edited by Maurice Naggar
amended
Link to post
Share on other sites

Hello @melvin98:

As no two systems are exactly alike, many dozens is the best estimate anyone could make. At the termination of the MBST-Gather, all necessary files and folders are automatically and conveniently archived (compressed) into one .zip named mbst-grab-results.zip.

HTH

Link to post
Share on other sites

8 hours ago, melvin98 said:

And one more thing..what do you mean by support tool of 1PW?

Hello @melvin98 I am sorry, but the line mentioning 1PW & "support tool" were inadvertently copied. That was not intended.  We do need to get moving forward, though. What I listed were  2 basic starters. The MBAR is an anti-rootkit and is only going to generate 2 report files.  and the Iexplore is just one basic help tool. Please do all that I listed. There is a big bunch of work yet to do. None of the reports will have any personal informaton. So do steps 1, 2 , 3. Next after those:

I would like a report set for review. This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then Gather Logs

Have patience till the run has finished.
Attach the mbst-grab-results.zip from the Desktop to your reply..

Edited by Maurice Naggar
Link to post
Share on other sites

3 hours ago, Maurice Naggar said:

Hello @melvin98 I am sorry, but the line mentioning 1PW & "support tool" were inadvertently copied. That was not intended.  We do need to get moving forward, though. What I listed were  2 basic starters. The MBAR is an anti-rootkit and is only going to generate 2 report files.  and the Iexplore is just one basic help tool. Please do all that I listed. There is a big bunch of work yet to do. None of the reports will have any personal informaton. So do steps 1, 2 , 3. Next after those:

I would like a report set for review. This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then Gather Logs

Have patience till the run has finished.
Attach the mbst-grab-results.zip from the Desktop to your reply..

@Maurice Naggar Hey Maurice! I am attaching the Rkill log file (rkill.txt), the MBAR log file (system-log.txt) and the MBST Log ZIP file.

Rkill.txt system-log.txt mbst-grab-results.zip

Link to post
Share on other sites

Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article
Please use this Guide

Next, I need you to run AV block remover (AVbr)

Download and SAVE the file from this link

This tool will have a name AVbr.zip

To use the utility, you need:
1. Download the utility and unzip it to any place convenient for you.  ( Downloads folder, or, Desktop )
2. After unpacking (Extracting all content of the zip file)
3. Run the EXE file
4. If the utility does not start or gives an error, then Stop and let me know

During the operation of the utility, a folder ..\AV_block_remover will be created next to this file, containing, among other things:
file named "AV_block_remove_date-time.log" inside this folder. Please attach that log to your next post.

NEXT, Your machine has the FRSTENGLISH report tool on the Downloads folder. We will use that. Go to Downloads folder. RIGHT-click on FRSTENGLISH and select 

Run as Administrator

and tap ENTER. And reply YES to allow to proceed.  

  •  When the tool opens click Yes to the disclaimer.  And be very sure to TICK the box for Addition.txt
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run
  • Have patience since the run may take something like 10 or so minutes  (less depending on your hardware speed)
  • Close Notepad IF those show up on Notepad.
  • Just please Attach the 2 files FRST.txt +Addition.txt  with your next reply.
  • You may if you prefer, put those 2 into a ZIP file and attach that in your reply.
  • There will be LOTS and lots more to do. The malware is a multi-pronged set of Trojans.
  • Do not do any "web surfing or loose web browsing-about". No banking, no shopping. Stick with me here on this topic.
Edited by Maurice Naggar
Link to post
Share on other sites

9 minutes ago, Maurice Naggar said:

Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article
Please use this Guide

Next, I need you to run AV block remover (AVbr)

Download and SAVE the file from this link

This tool will have a name AVbr.zip

To use the utility, you need:
1. Download the utility and unzip it to any place convenient for you.  ( Downloads folder, or, Desktop )
2. After unpacking (Extracting all content of the zip file)
3. Run the EXE file
4. If the utility does not start or gives an error, then Stop and let me know

During the operation of the utility, a folder ..\AV_block_remover will be created next to this file, containing, among other things:
file named "AV_block_remove_date-time.log" inside this folder. Please attach that log to your next post.

NEXT, Your machine has the FRSTENGLISH report tool on the Downloads folder. We will use that. Go to Downloads folder. RIGHT-click on FRSTENGLISH and select 

Run as Administrator

and tap ENTER. And reply YES to allow to proceed.  

  •  When the tool opens click Yes to the disclaimer.  And be very sure to TICK the box for Addition.txt
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run
  • Have patience since the run may take something like 10 or so minutes  (less depending on your hardware speed)
  • Close Notepad IF those show up on Notepad.
  • Just please Attach the 2 files FRST.txt +Addition.txt  with your next reply.
  • You may if you prefer, put those 2 into a ZIP file and attach that in your reply.
  • There will be LOTS and lots more to do. The malware is a multi-pronged set of Trojans.
  • Do not do any "web surfing or loose web browsing-about". No banking, no shopping. Stick with me here on this topic.

@Maurice NaggarHi Maurice

AV_block_remove_2023.08.16-23.24.log Addition.txt FRST.txt

Link to post
Share on other sites

Thank you for the reports. By the way, you and I are the only participants on this case. No need to press the "Quote" thing when you need to begin a reply. Just begin typing on the white-box at the very bottom. Please run the following custom script. Read all of this before you start. 

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will attempt to run a Quick scan with Microsoft Defender antivirus. It will attempt to clear Cache files of web browsers. It will attempt to remove the remainders of SEVERAL trojans. It will attempt to clear temporary file areas. Depending on the speed of your computer this fix may take 50-55 minutes or more. IF the run has a problem or issue, Stop and let me now first.

Please Close all open work before you actually do begin this run.

Farbar  FRSTENGLISH program location:   Downloads folder. The tool is already on system. That is what we will use.

Please download the attached fixlist.txt file and save it to Downloads

Fixlist.txt <- < - - - -

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

Right-click with your mouse on  FRSTENGLISH and select "Run as Administraor" and reply Yes and allow it to proceed when prompted. That is important.

next, press the Fix button just once and wait.

You will see a green-color scroll display while FRST is running.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.

This is NOT a single-step cure ! There is much more checking to do. Have much patience. Stay out of any games. No web "surfing". NO social media stuff. Stick with me on this case. Let me know if you kinda got hold of a "dodgy irrIstible Game that got the machine in trouble"

Link to post
Share on other sites

Round # 2. More to do. Please Close all open work before you actually do begin this run.

Farbar  FRSTENGLISH program location:   Downloads folder. The tool is already on system. That is what we will use.

Please download the attached fixlist.txt file and save it to Downloads

Fixlist.txt <- < - - - -

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

Right-click with your mouse on  FRSTENGLISH and select "Run as Administraor" and reply Yes and allow it to proceed when prompted. That is important.

next, press the Fix button just once and wait.

You will see a green-color scroll display while FRST is running.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

Link to post
Share on other sites

Thank you. There is still much more to do. What follows below is a special scan tool from Microsoft. 

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted items from a system. This tool does not install. It is run on-demand.

This link is for the 64-bit version of MSERT.exe . Be sure you save the file first
https://definitionupdates.microsoft.com/download/DefinitionUpdates/safetyscanner/amd64/MSERT.exe

Upon completion of the save, Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well

Launch MSERT.exe
Accept the agreement terms of Microsoft
Select CUSTOM scan
Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.

Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run.
Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those.
We only rely on the end result that is on the log-report-file.


This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log

the log will be at

Windows\debug\msert.log
Please attach that log with your reply

It is normal for the Microsoft Safety Scanner to show 'detections' during the scan process on the screen itself.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Link to post
Share on other sites

Threat Detected: Trojan:Win32/Leonem and Removed!
  Action: Remove
    file://C:\Users\Acer\AppData\Local\Microsoft\Windows\InetHelper\cleaner.exe

As a next step, I suggest the following:
This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool. ESET Onlinescanner checks for viruses, other malware, adwares, & potentially unwanted applications.
This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on CUSTOM scan  and select C drive to be scanned
  • Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"
  • and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.
There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours.

  • At screen "Detections occurred and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites

  • Solution

The ESET Onlinescanner found & removed 4 actual threats. We want to stay away from any so-called "torrent" apps.
2 of the other trojans were Win64/Packed.Themida.NH trojan + JS/Nflxso.A trojan.

One other scan here.

TrendMicro HouseCall scan
from this Link

First, Download & Save to your Downloads folder the appropriate HouseCallLauncher
Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it.

The program will check with TrendMicro & do a update run.

Next it will show the Disclosure window.

Click Next to proceed.

The end user license agreement is presented.   Click the Accept radio button & click Next to proceed.

I suggest a CUSTOM scan on C drive.

IF you wish a Full scan or a Custom scan, first click on the Settings

then you can select which drives you want to include in the scan.

The default is a Quick scan.

Click Scan now when ready.

The scan progress will then be displayed.   Monitor the progress or just leave it alone until it finishes this phase.

When the scan phase has completed, if any items are tagged, you will see a list, showing  the file & its location, the classification of the threat, the type, risk, and Action option.

If you see an item that you know is safe, you can click the Action  , and select Ignore.

When all done & ready, click the Fix now button.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.