Jump to content

Windows Defender, Security Center and possible other files deleted


Recommended Posts

Hello,

I've left my computer alone with my sibling to let him install and play some games. Few hours later, I come back to see that my Windows Security and Security Center is fully deleted.

 

I have downloaded "Farbar Service Scanner" and I am attaching the log it sent me after scanning my pc. Please help me, if it's possible

FSS.txt

Link to post
Share on other sites

@Rdjzozet

Let's get the info to get the process started.

Please do the following so that we may take a closer look at your system for any possible infections.

Do these 2 steps FIRST so that files and folders are set to SHOW, plus also, Turn OFF Windows Fast Start.
Show-Hidden-Folders-Files-Extensions
https://forums.malwarebytes.com/topic/299345-show-hidden-folders-files-extensions/

Disable-Fast-Startup
https://forums.malwarebytes.com/topic/299350-disable-fast-startup/

Then please restart the computer and do the following.

WARNING: Do Not click the Repair option under Advanced unless requested by a Malwarebytes support agent or authorized helper

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool. The tool also downloads and runs a file called FRSTEnglish. Please allow it to run.
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Desktop or on the hidden Public desktop (usually C:\Users\Public\Desktop), please upload that file on your next reply

    Then be patient for the next expert to take your case.

Thank you

Link to post
Share on other sites

Hello. :welcome: My name is Maurice. I will guide you.

  • Provide the Support tool report, as cited above by Porthos.
  • Be sure to get from your sibling the Names of all games and downloads they installed.
  • Removing pesky malware can be an involved set of tasks over separate runs. Have much patience. Follow my directions. 
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going
  • I will await getting the mbst-grab-results.zip from you. This will help me evaluate the situation on this machine.
Link to post
Share on other sites

This machine has at least  two serious infections. And more than the three "missing" services, there appear to be like eight other services missing. This will take quite a bit of work to attempt to cure. IF you have a Offline full system image backup from before your sibling caused the damage, Let me know if that is something that you have.

This next step will not gain back the missing Windows services, but it should hopefully find malicious threats.

Malwarebytes can detect and remove most malware with no further actions required for free.

Please download, install, update Malwarebytes
from this link

and do a Threat Scan with Malwarebytes see guide link
and post back the log as shown below.
Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See see how-to link

AFTER that has finished,

Please do the following actions, so that Microsoft Defender antivirus runs side-by-side along with Malwarebytes.
Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }
IF that line-selection is greyed-out  unavailable, do not fret. Just skip over that.

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

>

Link to post
Share on other sites

You MUST tick each and every line that Malwarebytes has flagged, AND, make sure they are all Quarantined.  There are so many malicious threats.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

 

MB4_scan_tick_ALL.jpg.d5c4071c62ed66534301fbb217b93bc0.jpg

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine2.jpg.6c45445994d4125c0b617ac7c5551e03.jpg

 


Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

AND stick with me. There is a LOT of corrective work yet to do.  More to follow.

Edited by Maurice Naggar
Link to post
Share on other sites

Close Malwarebytes. Then, relaunch it. Wait for the initial scan phase to finish.  BUT then  This time make VERY very sure you TICK each and every line so that ALL are Quarantined. See image in my last reply.  We must insure ALL flagged items are Quarantined.  Each of these runs have reported No Action By User.

Link to post
Share on other sites

FOR after you have finished the scan with Malwarebytes. There is still more cleanup. This is the Next thing to do.

Do a Windows Restart.

Next, 

Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.

NOTE-1:  This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will attempt to run some scans with Microsoft Defender antivirus. It will attempt to clear Cache files of web browsers.  It will attempt to clear temporary file areas. It rebuilds the Winsock. Depending on the speed of your computer this fix may take 50-55 minutes or more.

Please Close all open work before you actually do begin this run.

FRSTENGLISH.exe program location:   Downloads folder  C:\Users\KOMPUTER\Downloads. The tool is already on system. That is what we will use.

Please download the attached fixlist.txt file and save it to Downloads

Fixlist.txt<- < - - - -

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

Right-click with your mouse on  FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.

next, press the Fix button just once and wait.

You will see a green-color scroll display while FRST is running.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.

Link to post
Share on other sites

1 hour ago, Maurice Naggar said:

Close Malwarebytes. Then, relaunch it. Wait for the initial scan phase to finish.  BUT then  This time make VERY very sure you TICK each and every line so that ALL are Quarantined. See image in my last reply.  We must insure ALL flagged items are Quarantined.  Each of these runs have reported No Action By User.

Here is after I ticked every single one and quarantined

scan.txt

Link to post
Share on other sites

The custom-run is good. The Windows System File Checker has made some corrections.

Windows Resource Protection found corrupt files and successfully repaired them.
This last run has completed what was originally intended. 

There is much more to do. Once more, stick with me until I give the all clear. Here I am going to ask for two things.

Go to Downloads folder. RIGHT-click on FRSTENGLISH.exe and select 

Run as Administrator

and tap ENTER. And reply YES to allow to proceed.  

  •  When the tool opens click Yes to the disclaimer.  And be very sure to TICK the box for Addition.txt
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run
  • Have patience since the run may take something like 10 or so minutes  (less depending on your hardware speed)
  • Close Notepad IF those show up on Notepad.
  • Just please Attach the 2 files FRST.txt +Addition.txt  with your next reply.

(  2  ) 

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted items from a system. This tool does not install. It is run on-demand.

This link is for the 64-bit version of MSERT.exe . Be sure you save the file first

Upon completion of the save, Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well

Launch MSERT.exe
Accept the agreement terms of Microsoft
Select CUSTOM scan
Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.

Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run.
Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those.
We only rely on the end result that is on the log-report-file.


This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log

the log will be at

Windows\debug\msert.log
Please attach that log with your reply

It is normal for the Microsoft Safety Scanner to show 'detections' during the scan process on the screen itself.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Link to post
Share on other sites

Thank you. It is a good sign that Microsoft Safety Scanner found no threats. What I suggest you do next, is, one new different scan. And then after that, to do a Microsoft Windows Update run.

One other scan here.

TrendMicro HouseCall scan
from this Link

First, Download & Save to your Downloads folder the appropriate HouseCallLauncher
Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it.

The program will check with TrendMicro & do a update run.

Next it will show the Disclosure window.

Click Next to proceed.

The end user license agreement is presented.   Click the Accept radio button & click Next to proceed.

I suggest a CUSTOM scan on C drive.

IF you wish a Full scan or a Custom scan, first click on the Settings

then you can select which drives you want to include in the scan.

The default is a Quick scan.

Click Scan now when ready.

The scan progress will then be displayed.   Monitor the progress or just leave it alone until it finishes this phase.

When the scan phase has completed, if any items are tagged, you will see a list, showing  the file & its location, the classification of the threat, the type, risk, and Action option.

If you see an item that you know is safe, you can click the Action  , and select Ignore.

When all done & ready, click the Fix now button.
The "Summary" at the end at "Review Results" is what matters.

TWO


 
I would highly suggest to insure that this pc is all up-to-date with security updates & cumulative updates on Windows. select the Windows Start  button, and then go to Settings  > Update & Security  > Windows Update . and click Check for Updates.
Have much patience.

Note, do not take any update that has "PREVIEW' in its description or title.
DO take those that may mention "Feature Update" or "enablement package". Those optional updates you will need to affirmatively select.

Link to post
Share on other sites

Hello. A note about the KB5034441 update attempt getting exception code 0x80070643

Microsoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the CVE-2024-20666 BitLocker vulnerability.


While the security issue was resolved during this month's Patch Tuesday, deploying KB5034441 on systems with a Windows Recovery Environment (WinRE) partition that's too small will fail and mistakenly show generic '0x80070643 - ERROR_INSTALL_FAILURE' error messages instead of the correct CBS_E_INSUFFICIENT_DISK_SPACE error.[/cpde]
See article at Bleenpingcomputer https://bleepingcomputer.com/news/microsoft/microsoft-working-on-a-fix-for-windows-10-0x80070643-errors/

So for that one KB, you will need to watch for a upcoming future fix from Microsoft.

Link to post
Share on other sites

No, this Windows is not "good to go". I counted seven missing Windows services from your last FRST report. And I also would like to recheck the integrity of the system.

Do a Windows Restart.

Next, 

Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.

NOTE-1:  This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  Have plenty of patience as thi fix is running.

Please Close all open work before you actually do begin this run.

FRSTENGLISH.exe program location:   Downloads folder  C:\Users\KOMPUTER\Downloads. The tool is already on system. That is what we will use.

Please download the attached fixlist.txt file and save it to Downloads

Fixlist.txt<- < - - - -

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

Right-click with your mouse on  FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.

next, press the Fix button just once and wait.

You will see a green-color scroll display while FRST is running.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.

Stick with me. We need to do more checks.

 

Link to post
Share on other sites

Hello. I did the scan and my pc restarted, but for some reason I am now stuck on the login screen. Problem is, I never set up a password, and the button "log in" does not work, it just loads for a while and turns me back to the login screen. How do I fix this??

Link to post
Share on other sites

You are saying that your user-account never had a Password or a PIN ??

Here is what to do. Press the POWER off button and insure that the pc is really powered down.

Wait for like three minutes, and then push the Power ON  and just let the system load.

If that does not clear the issue, I would repeat that process up to four times. Keep me advised.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.