winston 0 Posted February 10, 2020 Report Share Posted February 10, 2020 hi everyone, my window defender program got disabled 2 days after i visited a suspicious site, i tried to figure out how to turn it back on but i couldn't think any ways to cope with this, i run the emergency kit and perform the malware scan which gave me a scan report at the end of process, i enclosed that below this message but as i saw from the report, it does say my pc is actually fine without virus or any other malwares detected but however, my window defender still not working as i tried to go back to turn it back on, it doesn't work still, therefore, as per this query thread, can i find out how to have my window defender back to normal working state and how to be sure that my pc is actually completely clean even if the defender program issue is fixed ? p.s. oh oh, by the way, for the frst installation, i tried to do that but however, my system pc automatically reject it 2 seconds after the program has been downloaded and therefore, i couldn't run it even though i recognized that i should go forward to run it, nevertheless, it's not i don't want to run it, it's just that my pc doesn't let me go forward, so how should i get around this tricky part? much appreciated, thank you, winston Emsisoft Emergency Kit - Version 2020.1 Last update: 2020/2/9 pm 06:41:04 User account: mei-nb\mei Computer name: MEI-NB OS version: Windows 8.1x64 Scan settings: Scan type: Malware Scan Objects: Rootkits, Memory, Traces, Files Detect PUPs: Off Scan archives: Off Scan mail archives: Off ADS Scan: On File extension filter: Off Direct disk access: Off Scan start: 2020/2/9 下午 06:41:44 C:\Users\mei\Desktop\Downloads\FRST.exe detected: Trojan.GenericKD.33027215 (B) [krnl.xmd] C:\Users\mei\Desktop\Downloads\FRST (1).exe detected: Trojan.GenericKD.33027215 (B) [krnl.xmd] Scanned 42701 Found 2 Scan end: 2020/2/9 pm 06:58:30 Scan time: 0:16:46 scan_200209-184144.txt Link to post Share on other sites
stapp 160 Posted February 10, 2020 Report Share Posted February 10, 2020 Please also attach the log from the Farbar Recovery Scan Tool as mentioned in here, so that one of our experts can help you. https://support.emsisoft.com/topic/31345-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/ Link to post Share on other sites
winston 0 Posted February 10, 2020 Author Report Share Posted February 10, 2020 cannot do that because everytime i download that program, my pc always rejects it and therefore i cannot go any further from there, so the conclusion is no download, no excution, no log . . . Link to post Share on other sites
stapp 160 Posted February 10, 2020 Report Share Posted February 10, 2020 Okay let's wait for one of the experts. Link to post Share on other sites
Kevin Zoll 309 Posted February 10, 2020 Report Share Posted February 10, 2020 11 hours ago, winston said: cannot do that because everytime i download that program, my pc always rejects it and therefore i cannot go any further from there, so the conclusion is no download, no excution, no log . . . If you mean Windows Smart Screen then you must tell it that FRST is not malicious. You click on more info and then allow it. If you mean you browser is blocking it then tell the browser to allow it. If you are referring to EEK detecting it that is a false positive. I need the reports from FRST as EEK shows nothing other than FRST. Link to post Share on other sites
winston 0 Posted February 11, 2020 Author Report Share Posted February 11, 2020 i allowed frst to run anyway but once i click yes to run, nothing actually shows up after that, so i couldn't run it, not too sure what i should do now ? does that mean my pc is fine and clean because the first scan report result doesn't say anything about whether or not my pc is currently infected ? i feel so frustrated at the moment. Link to post Share on other sites
Kevin Zoll 309 Posted February 11, 2020 Report Share Posted February 11, 2020 If FRST is not running then something is preventing it from running. let's try a different tool. Download AdwCleaner and save it on your Desktop. Close all open programs and Internet browsers (you may want to print out or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on the Scan button. After the scan has finished, click on the Clean button. Confirm each time with OK. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your Desktop. Attach that log file to your reply. NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer. Link to post Share on other sites
winston 0 Posted February 12, 2020 Author Report Share Posted February 12, 2020 there's something called 'sezurago', that's annoying because that program couldn't be deleted and removed even with emsisoft anti-malware program that i have run in my pc, in fact, when the pop-up message box shows up telling me to restart my pc, that malware still exists in my pc after i restart my pc, and i did that for 5 times already, that bad stuff always there, another question please, in addition to emsisoft anti-malware program i have in my pc, i also have the another one called 'window defender', that program used to work before but however, now isn't working anymore, it was disabled few days after i visited a malicious site, therefore, i wonder if it's possible to have it on to work because i really miss that program, i have that in my pc for many years. AdwCleaner[C01].txt Link to post Share on other sites
Kevin Zoll 309 Posted February 12, 2020 Report Share Posted February 12, 2020 Changing tools. Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop. Double-click on setup.exe to install RogueKiller. Close all programs and disconnect any USB or external drives before running the tool. Right-click RogueKiller.exe and select Run As Administrator to run the tool. Once the Prescan has finished, click Scan. Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply. Link to post Share on other sites
winston 0 Posted February 13, 2020 Author Report Share Posted February 13, 2020 here's the report, please have a look, RogueKiller Anti-Malware V14.1.1.0 (x64) [Jan 28 2020] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 8.1 (6.3.9600) 64 bits Started in : Normal mode User : winston [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20200212_135530, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2020/02/13 06:25:54 (Duration : 02:15:54) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Rogue.Segurazo (Malicious)] SegurazoIC.exe (4016) -- (Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoIC.exe -> Found [Rogue.Segurazo (Malicious)] SegurazoService.exe (4060) -- (Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoService.exe -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Rogue.Segurazo (Malicious)] SegurazoIC (4016) -- (Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoIC.exe -service -> Found [Rogue.Segurazo (Malicious)] SEGURAZOKD (0) -- (Digital Communications Inc.) \??\C:\Program Files (x86)\Segurazo\SegurazoKD.sys -> Found [Rogue.Segurazo (Malicious)] SegurazoSvc (4060) -- (Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoService.exe -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> XX - Software [Rogue.Segurazo (Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Segurazo -- N/A -> Found [Rogue.Segurazo (Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Segurazo -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-4258784372- 1363556664-1368506968-1001\Software\csastats -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-4258784372- 1363556664-1368506968-1001\Software\AppDataLow\Software\QiYi -- N/A -> Found >>>>>> O23 - Services [Rogue.Segurazo (Malicious)] (X64) HKEY_LOCAL_MACHINE\System \ControlSet001\Services\SEGURAZOKD -- (Digital Communications Inc.) "C: \Program Files (x86)\Segurazo\SegurazoKD.sys" -> Found [Rogue.Segurazo (Malicious)] (X64) HKEY_LOCAL_MACHINE\System \ControlSet001\Services\SegurazoSvc -- (Digital Communications Inc) "C: \Program Files (x86)\Segurazo\SegurazoService.exe" -> Found >>>>>> O87 - Firewall [PUP.RelevantKnowledge (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE \System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules|{A249C05E-EBF1-4394-AACC-00A9888F1907} -- v2.22|Action=Allow| Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe|Name=rlvknlg.exe| (C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe) (missing) -> Found [PUP.RelevantKnowledge (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE \System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules|{0C6F6A31-F73F-49E2-AB69-D220F7D406C8} -- v2.22|Action=Allow| Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe|Name=rlvknlg.exe| (C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe) (missing) -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Rogue.Segurazo (Malicious)] (folder) Segurazo -- C:\ProgramData\Microsoft \Windows\Start Menu\Programs\Segurazo -> Found [Rogue.Segurazo (Malicious)] (folder) Segurazo -- C:\ProgramData\Segurazo -> Found [Rogue.Segurazo (Malicious)] (folder) Segurazo -- C:\Program Files (x86)\Segurazo -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> Chrome Addon [PUP.SearchManager (Potentially Malicious)] Search Manager (C:\Users\mei \AppData\Local\Google\Chrome\User Data\Default\Extensions\BHOAGC~1) -- bhoagceacaklimpcejjofabngcjkebfg -> Found [PUP.SearchManager (Potentially Malicious)] Search Manager (C:\Users\mei \AppData\Local\Google\Chrome\User Data\Default\Extensions\NCCFGP~1) -- nccfgpamboionigdpfjmijhlgmgdbael -> Found Link to post Share on other sites
Kevin Zoll 309 Posted February 13, 2020 Report Share Posted February 13, 2020 Do not coy & paste logs to your replies. The instructions call for all logs to be attached for a reason. You can have RogueKiller delete everything it found. Link to post Share on other sites
winston 0 Posted February 14, 2020 Author Report Share Posted February 14, 2020 so, i'm all done now ? after i click the 'remove' button to delete all the malicious stuffs detected, that's it ? Link to post Share on other sites
Kevin Zoll 309 Posted February 14, 2020 Report Share Posted February 14, 2020 Run a fresh scan with FRST, attach the new FRST scan reports to your reply. How are things running? Link to post Share on other sites
winston 0 Posted February 14, 2020 Author Report Share Posted February 14, 2020 so far, fine, but, the emsisoft anti-malware software that i've previously installed and run in my pc keep showing up pop-up dialogue box telling me that segurazo malicious program detected and then asking me to restart my pc when actually i have already cleared or cleaned them as we work through before, for frst fresh scan, i will do it and come up with a log report to see how it goes . . . , Link to post Share on other sites
Kevin Zoll 309 Posted February 14, 2020 Report Share Posted February 14, 2020 Send me the Emsisoft detection report as well. Link to post Share on other sites
winston 0 Posted February 14, 2020 Author Report Share Posted February 14, 2020 FRST.txt Forensics_200214-121117.txt Link to post Share on other sites
Kevin Zoll 309 Posted February 14, 2020 Report Share Posted February 14, 2020 Your FRST scan report is incomplete. The forensics log does not show what was detected. Open the detection and export the information for the detection. Link to post Share on other sites
Kevin Zoll 309 Posted February 24, 2020 Report Share Posted February 24, 2020 Thread Closed Reason: Lack of Response PM either Kevin, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread Link to post Share on other sites
Recommended Posts