CLOSED window defender program got disabled, need to turn it back on, . . .

[winston 0]

hi everyone,

my window defender program got disabled 2 days after i visited a suspicious site, i tried to figure out how to turn it back on but i couldn't think any ways to cope with this, i run the emergency kit and perform the malware scan which gave me a scan report at the end of process, i enclosed that below this message but as i saw from the report, it does say my pc is actually fine without virus or any other malwares detected but however, my window defender still not working as i tried to go back to turn it back on, it doesn't work still, therefore, as per this query thread, can i find out how to have my window defender back to normal working state and how to be sure that my pc is actually completely clean even if the defender program issue is fixed ?

p.s. oh oh, by the way, for the frst installation, i tried to do that but however, my system pc automatically reject it 2 seconds after the program has been downloaded and therefore, i couldn't run it even though i recognized that i should go forward to run it, nevertheless, it's not i don't want to run it, it's just that my  pc doesn't let me go forward, so how should i get around this tricky part?

much appreciated,

thank you,

winston

 

Emsisoft Emergency Kit - Version 2020.1
Last update: 2020/2/9 pm 06:41:04
User account: mei-nb\mei
Computer name: MEI-NB
OS version: Windows 8.1x64 

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: Off
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:    2020/2/9 下午 06:41:44
C:\Users\mei\Desktop\Downloads\FRST.exe     detected: Trojan.GenericKD.33027215 (B) [krnl.xmd]
C:\Users\mei\Desktop\Downloads\FRST (1).exe     detected: Trojan.GenericKD.33027215 (B) [krnl.xmd]

Scanned    42701
Found    2

Scan end:    2020/2/9 pm 06:58:30
Scan time:    0:16:46
 

scan_200209-184144.txt

[stapp 149]

Please also attach the log from the Farbar Recovery Scan Tool as mentioned in here, so that one of our experts can help you.

https://support.emsisoft.com/topic/31345-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/

 

[winston 0]

cannot do that because everytime i download that program, my pc always rejects it and therefore i cannot go any further from there, so the conclusion is no download, no excution, no log . . .

[stapp 149]

 Okay let's wait for one of the experts.

[Kevin Zoll 308]

11 hours ago, winston said:

cannot do that because everytime i download that program, my pc always rejects it and therefore i cannot go any further from there, so the conclusion is no download, no excution, no log . . .

If you mean Windows Smart Screen then you must tell it that FRST is not malicious.  You click on more info and then allow it.  If you mean you browser is blocking it then tell the browser to allow it.  If you are referring to EEK detecting it that is a false positive.

I need the reports from FRST as EEK shows nothing other than FRST.

[winston 0]

i allowed frst to run anyway but once i click yes to run, nothing actually shows up after that, so i couldn't run it, not too sure what i should do now ? does that mean my pc is fine and clean because the first scan report result doesn't say anything about whether or not my pc is currently infected ? i feel so frustrated at the moment.

[Kevin Zoll 308]

If FRST is not running then something is preventing it from running. let's try a different tool.

Download AdwCleaner and save it on your Desktop.

1. Close all open programs and Internet browsers (you may want to print out or write down these instructions first).
2. Double click on adwcleaner.exe to run the tool.
3. Click on the Scan button.
4. After the scan has finished, click on the Clean button.
5. Confirm each time with OK.
6. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your Desktop.
7. Attach that log file to your reply.

 

NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.

[winston 0]

there's something called 'sezurago', that's annoying because that program couldn't be deleted and removed even with emsisoft anti-malware program that i have run in my pc,

in fact, when the pop-up message box shows up telling me to restart my pc, that malware still exists in my pc after i restart my pc, and i did that for 5 times already, that bad stuff

always there,

another question please,  in addition to emsisoft anti-malware program i have in my pc, i also have the another one called 'window defender', that program used to work before but

however, now isn't working anymore, it was disabled few days after i visited a malicious site, therefore, i wonder if it's possible to have it on to work because i really miss that

program, i have that in my pc for many years.

AdwCleaner[C01].txt

[Kevin Zoll 308]

Changing tools.

Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop.

• Double-click on setup.exe to install RogueKiller.

 

Close all programs and disconnect any USB or external drives before running the tool.

 

• Right-click RogueKiller.exe and select Run As Administrator to run the tool.
• Once the Prescan has finished, click Scan.
• Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply.

[winston 0]

here's the report, please have a look,

 

RogueKiller Anti-Malware V14.1.1.0 (x64) [Jan 28 2020] (Free) by Adlice
Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 8.1 (6.3.9600) 64 bits
Started in : Normal mode
User : winston [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200212_135530, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2020/02/13 06:25:54 (Duration : 02:15:54)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Rogue.Segurazo (Malicious)] SegurazoIC.exe (4016) -- (Digital Communications
Inc) C:\Program Files (x86)\Segurazo\SegurazoIC.exe -> Found
[Rogue.Segurazo (Malicious)] SegurazoService.exe (4060) -- (Digital
Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoService.exe ->
Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Rogue.Segurazo (Malicious)] SegurazoIC (4016) -- (Digital Communications Inc)
C:\Program Files (x86)\Segurazo\SegurazoIC.exe -service -> Found
[Rogue.Segurazo (Malicious)] SEGURAZOKD (0) -- (Digital Communications Inc.)
\??\C:\Program Files (x86)\Segurazo\SegurazoKD.sys -> Found
[Rogue.Segurazo (Malicious)] SegurazoSvc (4060) -- (Digital Communications
Inc) C:\Program Files (x86)\Segurazo\SegurazoService.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
  [Rogue.Segurazo (Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Segurazo --
N/A -> Found
  [Rogue.Segurazo (Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Segurazo --
N/A -> Found
  [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-4258784372-
1363556664-1368506968-1001\Software\csastats -- N/A -> Found
  [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-4258784372-
1363556664-1368506968-1001\Software\AppDataLow\Software\QiYi -- N/A -> Found
>>>>>> O23 - Services
  [Rogue.Segurazo (Malicious)] (X64) HKEY_LOCAL_MACHINE\System
\ControlSet001\Services\SEGURAZOKD -- (Digital Communications Inc.) "C:
\Program Files (x86)\Segurazo\SegurazoKD.sys" -> Found
  [Rogue.Segurazo (Malicious)] (X64) HKEY_LOCAL_MACHINE\System
\ControlSet001\Services\SegurazoSvc -- (Digital Communications Inc) "C:
\Program Files (x86)\Segurazo\SegurazoService.exe" -> Found
>>>>>> O87 - Firewall
  [PUP.RelevantKnowledge (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE
\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy
\FirewallRules|{A249C05E-EBF1-4394-AACC-00A9888F1907} -- v2.22|Action=Allow|
Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files
(x86)\RelevantKnowledge\rlvknlg.exe|Name=rlvknlg.exe| (C:\Program Files
(x86)\RelevantKnowledge\rlvknlg.exe) (missing) -> Found
  [PUP.RelevantKnowledge (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE
\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy
\FirewallRules|{0C6F6A31-F73F-49E2-AB69-D220F7D406C8} -- v2.22|Action=Allow|
Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files
(x86)\RelevantKnowledge\rlvknlg.exe|Name=rlvknlg.exe| (C:\Program Files
(x86)\RelevantKnowledge\rlvknlg.exe) (missing) -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Rogue.Segurazo (Malicious)] (folder) Segurazo -- C:\ProgramData\Microsoft
\Windows\Start Menu\Programs\Segurazo -> Found
[Rogue.Segurazo (Malicious)] (folder) Segurazo -- C:\ProgramData\Segurazo ->
Found
[Rogue.Segurazo (Malicious)] (folder) Segurazo -- C:\Program Files
(x86)\Segurazo -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Chrome Addon
  [PUP.SearchManager (Potentially Malicious)] Search Manager (C:\Users\mei
\AppData\Local\Google\Chrome\User Data\Default\Extensions\BHOAGC~1) --
bhoagceacaklimpcejjofabngcjkebfg -> Found
  [PUP.SearchManager (Potentially Malicious)] Search Manager (C:\Users\mei
\AppData\Local\Google\Chrome\User Data\Default\Extensions\NCCFGP~1) --
nccfgpamboionigdpfjmijhlgmgdbael -> Found
 

[Kevin Zoll 308]

Do not coy & paste logs to your replies.  The instructions call for all logs to be attached for a reason.

You can have RogueKiller delete everything it found.

[winston 0]

so, i'm all done now ?

after i click the 'remove' button to delete all the malicious stuffs detected, that's it ?

[Kevin Zoll 308]

Run a fresh scan with FRST, attach the new FRST scan reports to your reply.

How are things running?

[winston 0]

so far, fine,

but, the emsisoft anti-malware software that i've previously installed and run in my pc keep showing up pop-up dialogue box telling me that segurazo malicious program detected and then asking me to restart my pc when actually i have already cleared or cleaned them as we work through before,

 

for frst fresh scan, i will do it and come up with a log report to see how it goes . . . ,

[Kevin Zoll 308]

Send me the Emsisoft detection report as well.

[winston 0]

FRST.txt Forensics_200214-121117.txt

[Kevin Zoll 308]

Your FRST scan report is incomplete.  The forensics log does not show what was detected.  Open the detection and export the information for the detection.

[Kevin Zoll 308]

Thread Closed

 

Reason: Lack of Response

 

PM either Kevin, or Arthur to have this thread reopened.

 

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

 

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread