Jump to content

Bizarre issues, possible malware; MBAM not launching

Cheef
 Share
Go to solution Solved by JSntgRvr,

Recommended Posts

Cheef

Cheef

Posted
Posted

This is sort of a doozy so you may have to bear with me here. I appreciate any and all help. Please excuse the wall of text; I think all of this context is important.

My current PC is 6 years old (purchased March 2018). In May 2020 I bought new RAM and replaced my GPU (now a 980ti given by a family member; so it's old, but in great condition & still works fine). So it's *possible* my problems are hardware related, but I'm now very convinced it's some sort of malware.

About 2 weeks ago I realized late one evening that my PC was lagging pretty noticeably. I opened up MSI Afterburner and found my GPU was suddenly running at 70 degrees C (and climbing pretty rapidly) with 80%+ (spiking to nearly 100%) GPU utilization. Problem is... I was just looking at Google Chrome. I shut down my computer and figured it wouldn't happen the next day, but I was wrong. My PC was fine, then after approximately 10 hours, my GPU started heating up again, same issue. I installed Firefox and it happened on Firefox also. I updated my GPU drivers and nothing changed. A few days later, I reverted the recent Windows update (as this started shortly after the recent mid-April Windows update); no dice. My last resort was updating my board BIOS, which also didn't fix the problem.

Over the last 2 weeks, the problem has also gotten worse. Soon the GPU was acting weird almost from the moment I booted the computer; usually I have to reboot/restart the computer for literally ~2 hours just to get to a state where the GPU doesn't act weirdly, but again this only lasts for about ~10 hours. (Today I am lucky; I only had to reboot a few times.) I also noticed that if I have Task Manager open, the problem completely disappears, though TM will then suddenly and weirdly close itself after just a few minutes, thus making the problem re-emerge. After doing it several times in a row, TM will close out almost instantly upon opening, instead of lasting just a few minutes.

For a while I assumed my card was just showing very early signs of failure, as it's around 8 years old, but I've treated it very well. Naturally, with the discovery of Task Manager weirdly closing, I grew concerned it may be some sort of malware I've unintentionally downloaded or installed at some point in the last 2-3 weeks. (I don't know how I could have gotten this.) I'm a bit strapped for money, to put it mildly, and I'm rather desperate (I'm not in a monetary/time position to replace my computer), so I tried installing Malwarebytes to run a scan for malware and see if that was what was causing the GPU usage/temp spikes.

I tried installing it. Numerous times while trying to open the install file, I was prompted with the following window:

image.png.e2b977ce1ed37b8374484d02bdcfe9bd.png

Running as administrator didn't help. I had to re-download the install file several times before getting it to work. During the pre-install prompts I was repeatedly shown a "Are you sure you want to close the install?" type window, which was weird because I obviously wasn't trying to close it. It seemingly installed normally, but at the end the window would close out before I could hit the "finish install" or "close window" button. The "Malwarebytes" shortcut was then on my desktop, but the image was the generic and not the MBAM logo:

image.png.50f9dc216f349d20548d0c269c473588.png

When I try running it, even as Administrator, I am given this prompt:

image.png.564cedc878e935722cebb2018a51c39a.png

I downloaded and ran the Support Tool, which funnily enough downloaded and runs fine. I select the option to Repair and then "Malwarebytes won't open;" it works for about 15 minutes, then says that Malwarebytes is "repaired" and should "work properly." The shortcut is removed, and Malwarebytes is nowhere to be seen on my computer. I try reinstalling it, but the same thing happens gain and again. I've gone through this whole process ("Installing" and "Repairing") probably 10 times by this point.

I'm at my wit's end and, like I said, I'm pretty sure this is some sort of malware messing with my computer. Again, I'd really appreciate any and all help to try and solve this (if that's even possible), and I apologize again for the wall of text.

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted

@Cheef Do not repair this time. Follow the instructions below to gather logs and post them here.

Please do the following so that we may take a closer look at your system.

 

Disable-Fast-Startup
https://forums.malwarebytes.com/topic/299350-disable-fast-startup/

Then please restart the computer and then do the following.

WARNING: Do Not click the Repair option under Advanced unless requested by a Malwarebytes support agent or authorized helper

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool. The tool also downloads and runs a file called FRSTEnglish. Please allow it to run.
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine 
  • A zip file named mbst-grab-results.zip will be saved to the Desktop or on the hidden Public desktop (usually C:\Users\Public\Desktop), please upload that file on your next reply


image.png.79d4442a821713608fa60808a98c2e69.png 

image.png.98d86a6c3017d2bbba48877ea4f6ba45.png

Thank you

  • Like 1
Link to post
Share on other sites
Cheef

Cheef

Posted
  • Author
Posted

Hi, thanks for the super quick response. I rebooted my computer after turning off fast restart. The GPU temp/usage is back to spiking and behaving weirdly; here are two screenshots of MSI Afterburner so you know what I'm talking about. The temperature/usage will temporarily fall back down to normal levels if I "click off" the browser, but it still sometimes spikes when a browser window is not on top. Not sure if this helps at all, but I figure context could be useful.

image.png.47490d2d5633dd454d9547472fabfd94.png image.png.7482ae839f198802951537598159163d.png

 

Here are the logs. It took about 20 minutes to get; not sure if that's normal or just a symptom of my computer acting up.

mbst-grab-results.zip

Link to post
Share on other sites
JSntgRvr

JSntgRvr

Posted
Posted

1. Download AV block remover, extract its contents to its own folder. https://www.safezone.cc/resources/av-block-remover-avbr.224/download
2. If the file is detected as a threat, allow it to run.
3. Run AVbr.exe. Put a check mark on drive C:.
4. If running AVbr.exe cause error or don't start at all you have to rename it to any name and try to run from the different place (you can rename its folder as well).
5. If it is still not run or closing shortly after the start, please run it in Safe Mode with Networking.

Follow the instructions. After rebooting a log AV_block_remove_date-time.log  is produced in the extracted folder's AV_block_remover sub-folder. Please attach this file to your reply.

  • Like 1
  • Thanks 1
Link to post
Share on other sites
Cheef

Cheef

Posted
  • Author
Posted

Hello, thanks for the quick response (again). I had to copy the downloaded file then run it as admin just to get it to actually run.

Here is the .log you need. I also note now that the Malwarebytes shortcut is now appearing properly on my desktop unlike before (see OP):

image.png.476b735406ede7139708c884a3fb4f40.png

 

AV_block_remove_2024.04.29-16.40.log

 

Seems the GPU is working fine for now -- no overheating or weird usage % yet.

Link to post
Share on other sites
JSntgRvr

JSntgRvr

Posted
Posted

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Please rename FRST.EXE or FRST64.EXE to FRSTEnglish.exe
  • After renaming the file right-click over FRSTEnglish.exe and select "Run as administrator"
  • When the tool opens click Yes to the disclaimer if this is the first time using the tool
  • Make sure there is a check mark in the Addition.txt check box
  • Press the Scan button.
  • It will make a log FRST.txt and Addition.txt in the same directory the tool is run from. Please attach both logs to your next reply.
  • Like 1
Link to post
Share on other sites
JSntgRvr

JSntgRvr

Posted
Posted

:Welcome:  :)
 
I'll be helping you with your computer.
 
Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.
 
Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary.  :)

Let's begin... 

  • Download the enclosed file Fixlist.txt
  • Save it in the same location FRST64.exe is saved (FRSTEnglish.exe)
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. If too large, use an online upload service and post the link. www.wetransfer.com is a good site.

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

 

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply
  • Like 1
Link to post
Share on other sites
  • Solution
JSntgRvr

JSntgRvr

Posted
  • Solution
Posted

Windows Resource Protection found corrupt files and successfully repaired them.
There are no infected objects detected
I must conclude that your computer is now clear. 

 Congratulations.

Use this application to remove tools used and their quarantined items:
 
Please download KpRm by Kernel-panik and save to your Desktop.

  • Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10 users right-click and select Run As Administrator.

  • Put a check mark next to these items:

- Delete tools

- Delete Restore Points

- Create Restore Point

- Delete now

  • Click the "Run" button.

automatic.png

  • When the tool has finished, it will create and open a log report and delete itself.

A few final recommendations:
 
The following information will help you to keep your computer and data safer as well as improve your overall privacy

Malwarebytes Browser Guard

uBlock Origin

Cybersecurity basics & protection
 
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity
 
Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/
 
Please review the following to help you better protect your computer and privacy
 
Tips to help protect from infection
 
Hopefully, we've been able to assist you with correcting your system issues.
 
Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal.

Regards.🙂

 

 

  • Like 1
Link to post
Share on other sites
Cheef

Cheef

Posted
  • Author
Posted

Ran the program just now and will implement your recommended changes later today when I get the chance. Everything seems good now and is working properly.

I really appreciate all the help you've given me. You've saved me lots of frustration and probably $1,000 that I don't have. Have a great rest of your week.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.