Jump to content

Is my pc still infected?


Recommended Posts

Hi there, I've updated Malwarebytes and Windows Defender to the latest security intelligence and they don't find any malware, but you know recently my pc was not functioning properly like it was infected. Can you say if there is something strange happening? I see only ping of death attacks in the modem security registry and I'm using a VPN with ICMP block.

Edited by Immanuel
Link to post
Share on other sites

Hello @Immanuel and :welcome::

19045.3324 is the current release for 22H2.

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.  WARNING: Do Not click the Repair System under Advanced unless requested to by a Malwarebytes support agent or authorized helper.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have posted.

 

Edited by 1PW
Link to post
Share on other sites

  • Root Admin

The logs indicate the following error. This could potentially be from Kaspersky locking down the security too much. It's difficult to tell for sure without further review and testing.

Error: (08/21/2023 01:20:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The
Diagnostic Service Host service failed to start due to the following error:
A privilege required for the service to function properly does not exist in the service account configuration.
You can use the Services (services.msc) and Local Security Settings (secpol.msc) Microsoft Management Console (MMC) snap-ins to view service and account configurations.

 

 

The logs do not currently indicate any signs of infection @Immanuel

 

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

From an elevated admin command prompt you can type the following and press the Enter key, or copy and paste to the command prompt window and press the enter key.

Then post back the results

sc qc WdiServiceHost

 

Then this one

sc queryex WdiServiceHost

 

Thanks

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Yes, that is normal.

Looks like you're account is not allowed to start it. I checked on my own system and I cannot start it either.

 

C:\>sc start WdiServiceHost
[SC] StartService: OpenService FAILED 5:

Access is denied.

 

image.png

 

 

The system normally runs it on it's own.

 

The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context.  If this service is stopped, any diagnostics that depend on it will no longer function.

 

 

Go ahead and run the following from the Admin command prompt.

 

SFC.EXE   /SCANNOW 

 

Let me know the results

 

Edited by AdvancedSetup
Corrected typo
Link to post
Share on other sites

  • Root Admin

The computer shows no signs of infection. Just the one item seems to have had a least one error in the Event Logs.

Please restart the computer about 3 times with about a 10 minute power off between each boot. Then if it's really an issue it should register the issue each time.

I'll check back on you again some time tomorrow

 

Link to post
Share on other sites

*User Rights Assignment

Now I've added Local Service and NT Service\WdiServiceHost to Administrators in Profile system performance in gpedit following this guide: Event ID 7000 The Diagnostic Service Host service failed to start ! | Syed Jahanzaib - Personal Blog to Share Knowledge ! (wordpress.com)

I'll do what you suggested, thanks

Link to post
Share on other sites

  • Root Admin
7 hours ago, Immanuel said:

*User Rights Assignment

Now I've added Local Service and NT Service\WdiServiceHost to Administrators in Profile system performance in gpedit following this guide: Event ID 7000 The Diagnostic Service Host service failed to start ! | Syed Jahanzaib - Personal Blog to Share Knowledge ! (wordpress.com)

I'll do what you suggested, thanks

No, no. Please do not do that. Please remove that. That greatly decreases the security of your system.

 

Link to post
Share on other sites

  • Root Admin
2 hours ago, Immanuel said:

Do I have to activate the Default Administrator Account? I see it's disabled in the UAC in gpedit.msc

No, again. ALL of the default settings are correct, normal, and safe. Modifying permissions on a brand new install of Windows would indicate that "something" went wrong with the installation.

If you have a System Restore Point please use that and restore the computer back to before you made any changes.

Ignore the error for now.

How is the computer running otherwise?

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.