windows security at glance / can't check windows update / cant open microsoft store.

  • Thread starter Thread starter jordy5566
  • Start date Start date
J

jordy5566

Guest
Hello everyone,
I'm new here.
I wanna ask for help, mine is Windows 10 Pro.
I don't know when this problem occur again, because this problem once infected my PC before and it recovered by installing fresh win 10.
so here I am, got infected again with that malware and change my registry key.
that malware infect and disable/remove my winDef, firewall and many more service.
Already read many solution on this forum but there's no help.
and also I already using malwarebytes and got that malware quarantines,
here's some screenshot about the problem.

*Malwarebytes history.

3e4d7847-9a50-4f68-a316-65434dafaaff?upload=true.pngLog Malwarebytes after scanning:

Malwarebytes

www.malwarebytes.com



-Log Details-

Scan Date: 11/28/20

Scan Time: 4:32 PM

Log File: 978d7324-315c-11eb-a01d-309c23b48462.json



-Software Information-

Version: 4.2.3.96

Components Version: 1.0.1122

Update Package Version: 1.0.33530

License: Trial



-System Information-

OS: Windows 10 (Build 19041.630)

CPU: x64

File System: NTFS



-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 323320

Threats Detected: 32

Threats Quarantined: 0

Time Elapsed: 2 min, 16 sec



-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect




-Scan Details-

Process: 2

Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINRMSRV.EXE, No Action By User, 943, 767022, , , , , 462EE20E8ABBBB559BD1C4F8BE87B123, 5B85CEB558BAADED794E4DB8B8279E2AC42405896B143A63F8A334E6C6BBA3FB

Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, No Action By User, 943, 767023, , , , , FB9F4EB58354E9D3D6B7F84F5D12B639, 91BFB82ED5C32979368EDDCD34861B631926D2352D16ADF189944C4BA8CCF4E1



Module: 2

Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINRMSRV.EXE, No Action By User, 943, 767022, , , , , 462EE20E8ABBBB559BD1C4F8BE87B123, 5B85CEB558BAADED794E4DB8B8279E2AC42405896B143A63F8A334E6C6BBA3FB

Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, No Action By User, 943, 767023, , , , , FB9F4EB58354E9D3D6B7F84F5D12B639, 91BFB82ED5C32979368EDDCD34861B631926D2352D16ADF189944C4BA8CCF4E1



Registry Key: 12

Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\WDI\SrvHost, No Action By User, 883, 653659, , , , , ,

Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A08B8C4C-0C10-475E-926C-79220085DDBF}, No Action By User, 883, 653659, , , , , ,

Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{A08B8C4C-0C10-475E-926C-79220085DDBF}, No Action By User, 883, 653659, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Windows Error Reporting\winrmsrv, No Action By User, 503, 780529, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BC8E5CDF-69F8-4ED7-8BAF-689443C5CB53}, No Action By User, 503, 780529, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{BC8E5CDF-69F8-4ED7-8BAF-689443C5CB53}, No Action By User, 503, 780529, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\StartupCheckLibrary, No Action By User, 503, 735770, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{09C27E85-93F6-4676-916D-B98200CBA773}, No Action By User, 503, 735770, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{09C27E85-93F6-4676-916D-B98200CBA773}, No Action By User, 503, 735770, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2DBF508E-AEE2-4965-9F4C-EFC51A32B048}, No Action By User, 503, 780231, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{2DBF508E-AEE2-4965-9F4C-EFC51A32B048}, No Action By User, 503, 780231, , , , , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\WININET\Winlogui, No Action By User, 503, 780231, 1.0.33530, , ame, , ,



Registry Value: 5

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{09C27E85-93F6-4676-916D-B98200CBA773}|PATH, No Action By User, 503, 782993, 1.0.33530, , ame, , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2DBF508E-AEE2-4965-9F4C-EFC51A32B048}|PATH, No Action By User, 503, 780232, 1.0.33530, , ame, , ,

Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{8CF2E784-34EE-42E9-929A-3965043C7E06}, No Action By User, 943, 840273, 1.0.33530, , ame, , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A08B8C4C-0C10-475E-926C-79220085DDBF}|PATH, No Action By User, 503, 784920, 1.0.33530, , ame, , ,

Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BC8E5CDF-69F8-4ED7-8BAF-689443C5CB53}|PATH, No Action By User, 503, 780528, 1.0.33530, , ame, , ,



Registry Data: 3

PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, No Action By User, 14085, 293294, 1.0.33530, , ame, , ,

PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, No Action By User, 14085, 293295, 1.0.33530, , ame, , ,

PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, No Action By User, 14085, 293296, 1.0.33530, , ame, , ,



Data Stream: 0

(No malicious items detected)



Folder: 0

(No malicious items detected)



File: 8

Backdoor.Agent, C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\WDI\SrvHost, No Action By User, 883, 653659, , , , , 403D7BBBCEAB066DAB197B14A064B35D, 1E55ED90FD3370CFBF6DC9A307C8E7F83D16CAB966434C3D6DE57C96C8BD985F

Backdoor.Agent, C:\WINDOWS\SYSTEM32\WINSCOMRSSRV.DLL, No Action By User, 883, 653659, 1.0.33530, , ame, , 919611928882E781ABAB300BF9227374, CBDD93BA08E87007665250C3253A1FE9AD38511E4A8A2E5305ADC0F36E43AB44

Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WINDOWS ERROR REPORTING\WINRMSRV, No Action By User, 503, 780529, 1.0.33530, , ame, , 51141535057D55CEE3A698FBA639E2E5, 6D14926A027BAB0C0E5107EF6F621BD19EA5E87102F1CDBABE439338EC82CC40

Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, No Action By User, 503, 735770, 1.0.33530, , ame, , 6A4853B07D29E96054C2476508689D49, 40FC511C38766F52BD9B407A2057EC601B6A3D536E5887FBC732D785D59109C2

Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WININET\WINLOGUI, No Action By User, 503, 780231, , , , , 3BB16A706C21AD0956B905700FD4BBE3, 3079C0970A5B36FB5890E921666A4D7823D26B5FA7B6F1DD2A1E700EF0D22519

Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINRMSRV.EXE, No Action By User, 943, 767022, 1.0.33530, , ame, , 462EE20E8ABBBB559BD1C4F8BE87B123, 5B85CEB558BAADED794E4DB8B8279E2AC42405896B143A63F8A334E6C6BBA3FB

Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, No Action By User, 943, 767023, 1.0.33530, , ame, , FB9F4EB58354E9D3D6B7F84F5D12B639, 91BFB82ED5C32979368EDDCD34861B631926D2352D16ADF189944C4BA8CCF4E1

Trojan.FakeMS.TskLnk, C:\WINDOWS\SYSTEM32\STARTUPCHECKLIBRARY.DLL, No Action By User, 4104, 676770, 1.0.33530, , ame, , 250532B95FBF3154FE571B65217D4B11, 8F8C635949FD4A315DC7C2D30FC9A6A18149621E72B9598ABF50D54A4BF116AC



Physical Sector: 0

(No malicious items detected)

WMI: 0
(No malicious items detected)
(end)


*Windows Security

9c549f4e-8d37-479e-a121-3dae8c62d5a1?upload=true.png


*Windows Updateb08fb24d-4885-40aa-a56f-c9f9ee61bbc8?upload=true.png


*Microsoft Store

2dc47080-03bf-4b49-8e8f-181d00c0feb5?upload=true.png


this problem occur maybe because that malware already change my registry/delete some service.
is it clear if any potential malware is clean by malwarebytes?
if yes, then how can I recover that services or the key registry that have been changed ?
Please help. its driving me crazy cause it happen twice now.

More...
 

Similar threads

C
Replies
0
Views
104
Compuuter
C
D
Replies
0
Views
146
Default Username 98
D
B
Replies
0
Views
128
Bill GatesMS
B
Back
Top