Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Security Essentials closing immediately and no internet


  • Please log in to reply
9 replies to this topic

#1 bee24

bee24

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 24 November 2015 - 05:19 PM

My computer has crashed a few times in the last few days. I was looking into hardware issues until I noticed that MSE wasn't running. When I try to open it, it opens for less than a second then closes. Windows defender does the same thing. As I was trying to look into this issue I suddenly couldn't connect to the internet anymore. When I run the windows troubleshooter it says "the wired network adapter is experiencing problems". I have no problems connecting to the internet on other computers in the house or through wifi. I'm running windows 7. What should my first steps be? Thanks in advance.

 

Update: I was able to connect to the internet by using a usb ethernet adapter that I had so that may be a hardware issue.


Edited by bee24, 24 November 2015 - 08:58 PM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:52 AM

Posted 25 November 2015 - 07:43 AM

Bee24:

:welcome: to the Bleeping Computer Am I Infected Forum. My name is Phil, and if you would permit, since we will be working together, I would like to address you by your first name, if that is alright with you.

I am sorry to hear of the issues you are having with your computer. It does sound like something is interfering with your security software, so I suggest that we run a few preliminary scans to determine how seriously your computer might be compromised.


:step1:

ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):

  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

*Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found).
*Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
*Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!



:step2:

Download and install Malwarebytes Anti-Malware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.2.*.****.exe and follow the prompts to install the program ( * = program version numbers may vary - always get the latest version).
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard
  • Paste the contents of the clipboard into your next reply.

 

 

 

I would like you to paste the logs from both scans into your next reply. I will examine those and determine what our next step should be. If there is evidence of serious infection, you might have to open a new thread in the Virus, Trojan, Spyware and Malware Removal Logs Forum, but let's not get ahead of ourselves yet.

If I haven't responded to your reply in 24 hours, please send me a personal message.

Have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 bee24

bee24
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 25 November 2015 - 03:43 PM

Hi Phil. Thanks for helping me out. My name is Brendan. I downloaded AVG and ran a scan while waiting for a reply so I'll include that also. I had already ran Malwarebytes recently so I'm not surprised it didn't find anything. I still can't open MSE. Here are the logs:

 

AVG:

"Whole Computer Scan"

"Scanned:";"Scan Whole Computer"
"Started:";"11/24/2015, 9:48:13 PM"
"Finished:";"11/24/2015, 11:31:04 PM"
"Number of items:";"374101"
"Launched by:";"Brendan"
 
"Name";"Description";"Status";"Status";"Priority"
"c:\Program Files\Microsoft Security Client\MsMpEng.exe (5988)";"Trojan horse Hiloti.CG";"Secured";"Healed";"High"
"C:\Users\Brendan\AppData\Local\Temp\setdebug.exe";"Trojan horse Downloader.Generic14.ABWS";"Secured";"Healed";"High"
"D:\downloads\vector_calculus_marsden_6th_edition_solutions_manual_rar_downloader.exe";"Adware Generic_r.ATM";"Secured";"Healed";"Medium"
"C:\Windows\Temp\pcds86.exe";"Trojan horse MSIL9.AMQG";"Secured";"Healed";"High"
"D:\downloads\vector_calculus_marsden_6th_edition_solutions_manual_rar_downloader (1).exe";"Adware Generic_r.ATM";"Secured";"Healed";"Medium"
 
Malwarebytes: 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/25/2015
Scan Time: 12:27 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.25.04
Rootkit Database: v2015.11.23.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Brendan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 378849
Time Elapsed: 4 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET:
D:\123\LOST.DIR\175634 a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
D:\downloads\aida64extreme460.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\downloads\cbsidlm-cbsi213-SpeedFan-ORG-10067444.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting - quarantined
D:\downloads\cbsidlm-tr1_14-MagicDisc-SEO-10383679.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
D:\downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\downloads\CrystalDiskMark3_0_3-en.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
D:\downloads\FoxitReader605.0618_enu_Setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\downloads\FoxitReader611.1031_enu_Setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\downloads\undeleteplus_setup_a.exe Win32/MyPCBackup.A potentially unwanted application deleted - quarantined
D:\New folder (2)\clockworkmod\backup\2012-02-05.20.34.02\data.ext3.tar a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
D:\New folder (2)\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_05_22\Apps\com.magmamobile.game.Galaxy_6.apk a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
D:\New folder (2)\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_05_22\Apps\com.zynga.hanging_454.apk a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
D:\New folder (2)\rerware\MyBackup\AllAppsBackups\AppsMedia_2012_05_22\Apps\com.zynga.scramble_461.apk a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
D:\New folder (2)\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.ludia.familyfeudandfriends.free_11.apk a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
D:\New folder (2)\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.ludia.FifthGrader.free_10.apk a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
D:\New folder (2)\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.zeptolab.ctr.lite.google_1.apk a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
D:\New folder (2)\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.zynga.scramble_461.apk a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
E:\123\LOST.DIR\175634 a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
E:\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Downloads\CrystalDiskMark3_0_2c-en.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
E:\Downloads\FoxitReader545.0114_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application deleted - quarantined
E:\Downloads\Fraps_3.5.9_Pre-Registered_[MBT]_secure.exe Win32/TopMedia.B potentially unwanted application deleted - quarantined
E:\Downloads\spsetup119.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
E:\Downloads\spsetup120.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
E:\New folder (2)\clockworkmod\backup\2012-02-05.20.34.02\data.ext3.tar a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
 
 

 



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:52 AM

Posted 26 November 2015 - 06:11 AM

Brendan:

Thank you for your logs and for your permission to address you by your first name. :)

You indicate that MSE will still not run. My guess is, based on the excerpt below from your AVG log, that your MSE was corrupted by the Trojan. Some viruses and malware are known to disable anti-virus and anti-malware applications.

 

"c:\Program Files\Microsoft Security Client\MsMpEng.exe (5988)";"Trojan horse Hiloti.CG";"Secured";"Healed";"High"


Msmpeng.exe Link


I would recommending uninstalling MSE, rebooting, and then reinstalling it.

Please try the usual Control Panel, Uninstall Programs option to uninstall MSE before attempting the more complex removal options provided in this link.

Once you have successfully uninstalled MSE, you can download a new copy from this link and reinstall. Reboot after reinstallation and try to run MSE again.

If MSE launches, please run a full scan and report back. If anything is found, I would appreciate receiving the MSE scan log.

If MSE still won't launch, we will dig deeper.

If I haven't replied to you in 24 hours, please send me a personal message.

Have a great day, Brendan.

Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#5 bee24

bee24
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 26 November 2015 - 12:46 PM

Thanks for the reply. I tried uninstalling and reinstalling MSE and I still can't open it or windows defender. I can see the file you're talking about. It was deleted when I uninstalled MSE and was reinstalled when I installed MSE. If this is a problem with the software I'm fine with using another anti virus program. I still find it odd why I can't connect to the internet through my ethernet port anymore but it's possible it was just a hard failure at a coincidental time. Is there anything else you would like me to try? 



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:52 AM

Posted 26 November 2015 - 02:20 PM

Brendan:
 
I am very concerned that MSE and Windows Defender are not able to be launched.  I think your Internet issue is probably related.  It is a long shot that there would be a hardware failure coincidentally, though that is not impossible. There is always "Murphy's Law", but I would rule out virus/malware issues first.

I wouldn't recommend switching anti-virus programs at this time. MSE is a respected security solution. Something is interfering with it, and that "something" would most probably cause issues for other anti-virus applications as well, if not immediately, then down the road. So we need to determine if your computer is "clean."
 
We know from the online ESET scan log that viruses and malware were detected.  Your computer might be still "compromised."  I think you need professional, expert help.  I am still a Study Hall student, and, in any event, FRST logs cannot be submitted in this Forum, for your protection.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. It can take up to five days for an initial response, but after that, the pros there are pretty good at responding within a day or two of each new post that you make. That Forum, as you can understand, is very busy and the number of trained experts is limited.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

I am sorry that you and I could not resolve this quickly and easily, but the most important thing now is to secure your data, and your computer, and get back to a fully functional state. If you have not backed up your data recently, I would do that after you have posted in the Virus, Trojan, Spyware, and Malware Removal Logs Forum. Programs can be reinstalled, but lost data is just that: lost.

I will be watching your thread in the "...REMOVAL LOGS" Forum to further my education. I am quite interested to find out what the problems are, though I regret it is at your expense.

It has been my pleasure to work with you, Brendan. I just wish that you and I had been able to resolve your issue here to save you stress and time. The very best of luck to you. Have a great day, if you can, despite your computer issues.

Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#7 bee24

bee24
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 28 November 2015 - 03:18 PM

I was planning on submitting a thread but was busy on Thanksgiving and Friday. When I went to use my computer this morning AVG wanted to reboot to install an update so I did. When windows rebooted, AVG immediately found a threat in C:\windows\syswow64\wmpduiq.dll and quarantined it. I was able to open MSE and windows defender. I tried to run a scan in MSE but 30 minutes in, it froze. I thought having AVG running may have caused a conflict so I uninstalled AVG and MSE (or so I thought). When I tried to reinstall MSE I received an error. It suggested I reboot and try again so I did. When Windows booted, to my surprise MSE opened and was running. I tried to uninstall it again but it wasn't in the installed programs list anymore. I installed the MSE removal tool and ran it. The client closed and I can't open it anymore but the entire "Microsoft Security Client" still exists in program files with files inside. Most of the files were created in April. I'm unable to manually delete any of the files inside of the folder because it says I don't have permission from system. Now, when trying to install or uninstall MSE I receive an error. What should my steps be at this point? I reinstalled AVG in the mean time and I can still open Windows Defender. 


Edited by bee24, 28 November 2015 - 03:36 PM.


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:52 AM

Posted 29 November 2015 - 06:11 AM

Brendan:

 

Thank you for your post.  I was suspicious that there was still malware in your computer that was crippling your security software.  It is usual for security applications to try and "protect" themselves, not always successfully against some of the more sophisticated "bad guys", which is why you can't delete the residual MSE files.

 

You should never have two anti-virus applications running.  They do conflict with each other and cause all sorts of issues, as you have found out personally.

 

You really need expert help.  I would recommend that you post in the Virus, Trojan, Spyware and Malware Removal Logs Forum.  As noted in my previous post here, you should link to this topic, so that the MRT member is aware of what we have tried to do here.

 

Please post back here when you have posted in the " ... Malware Removal Logs" Forum to let me know that you have posted there.  I will monitor your thread over there.  The MRT members are highly trained and I have every confidence that they will be able to get you back up and running.   :)

 

Our "prime directive" here is: "Do No Harm."  Your problems are beyond the scope of my current knowledge and I do not want to waste your time or possibly cause harm to your computer/data.

 

Have a great day, Brendan, and the best of luck to you and your computer over in the "... Malware Removal Logs" Forum.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#9 bee24

bee24
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 01 December 2015 - 02:02 PM

Thanks Phil. I made a new thread here: http://www.bleepingcomputer.com/forums/t/598092/microsoft-security-essentials-issues-and-cant-connect-to-internet/



#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:52 AM

Posted 01 December 2015 - 03:30 PM

Brendan:

 

Thanks for getting back to me.  I checked out your thread.  I didn't see the FRST "Addition.txt" file, but do not post it now.  If an MRT member sees a "reply", he or she will think someone else on the team is helping you.  Just have it handy, because you will probably be asked for it.

 

In the meantime, while waiting for assistance, please do not run any more scans or alter your computer by installing and uninstalling programs.  Doing so will complicate the MRT's life, and require you to submit new FRST scan logs.

 

Most importantly, be patient, as hard as it is.  An MRT member will respond in a few days, and after that, you can expect to get response pretty much daily until your computer issues are resolved.

 

I will be watching your thread with interest to find out the culprit behind the issues you have reported.

 

Excellent first post, by the way, in the "Logs" Forum.  Don't beat yourself up about forgetting the "Addition.txt" file.   :)  You gave the MRT lots of good information and a link to what was already done.  You did well!  :thumbup2:

 

Good luck and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users