Solved Windows malicious software stopped working

[RonnieJP]

I simply removed the MRT.exe file from Windows/System32 and put in on a backup drive.
No more errors, even after maintenance.
I downloaded the manual version of the MSRT Tool from Microsoft and it ran fine with no issues.
Since so many users are experiencing this (at least those who look at the logs), my feeling is this may be an issue only with the February MSRT from Windows Update. I'll wait and see if it's fixed with the next update due on March 11.

 

[MasterChief]

So many users? There's 2 or 3 of you (here anyway.)

If there was an issue with it, neither you nor I would be able to post on this site due to denial of service.

Like I keep saying, something inherent to the problem systems is causing it to crash, and that #1 likely reason is malware or rootkit.

 

[werty]

Can you recommend an antivirus program to check whether there is malware or rootkit. I have already ran Malwarebytes.

 

[MasterChief]

Can you recommend an antivirus program to check whether there is malware or rootkit. I have already ran Malwarebytes.

Now we're talking. I hope you don't find anything, but it's the right thing to check, IMHO.

I think Malwarebytes makes a separate rootkit scanner, ADWCleaner seemed pretty nifty last I used it and Norton makes some kind of tool to scan for rootkits. (I just wouldn't install anything from Norton that keeps permanent drivers on the machine. I don't think the scanner does, but I never used it.)

And then there's this, specifically to search out TDSS rootkit and variants: TDSSKiller Download

If they don't find anything, then you either have something that some genius made lol or system is clean and well.

 

[werty]

I have scanned with TDSSKiller. This is the result:

 

[forgottenfaith]

I keep telling you - it's not malware.
Not everybody checks the error logs.

I deleted MRT.exe as well. Waiting for March updates to kick in (11/3/14).

 

[anthropos]

I am using three machines with Windows 8.1, I encountered the same issue on two of them at the same time. I solved the issue for one via reinstalling of the OS a few days later as the errors bugged me. Another point of the problem is that one is able to use MRT manually but it keeps crashing during or after an automatic maintenance.
The problem started on that patch day and I do not think that persistently pointing to any malware is the way to go here, the culprit could be something else.

As for the number of people having this issue: the numbers or users here reporting this problem is by no means representative, if noone repots here that can never mean that everything is nice and ok and noone has problems.

 

[MasterChief]

I am using three machines with Windows 8.1, I encountered the same issue on two of them at the same time.

Thanks for the information that supports the probability of malware present to the highest degree.

 

[anthropos]

I am using three machines with Windows 8.1, I encountered the same issue on two of them at the same time.

Thanks for the information that supports the probability of malware present to the highest degree.

I know you would say that: you want to see malware so everthing would indicate maleware to you; MRT gave negative results so far as other programs but that is not going to convince you as you convinced yourself already.
I would have got maleware through Windows Update as the error happend directly afterwards and I just used that PC for updating the same day the error has started.

 

[MasterChief]

I don't want to see anything in particular. I go by odds and facts, and that is always the smartest way to do, regardless if the hunches are correct in the end or not. That's all.

 

[RonnieJP]

I am using three machines with Windows 8.1, I encountered the same issue on two of them at the same time. I solved the issue for one via reinstalling of the OS a few days later as the errors bugged me. Another point of the problem is that one is able to use MRT manually but it keeps crashing during or after an automatic maintenance.
The problem started on that patch day and I do not think that persistently pointing to any malware is the way to go here, the culprit could be something else.
As for the number of people having this issue: the numbers or users here reporting this problem is by no means representative, if noone repots here that can never mean that everything is nice and ok and noone has problems .

Just curious - after you re-installed the OS on the one PC, did you apply the February MSRT update again, and if so, were there no more errors?

 

[anthropos]

I don't want to see anything in particular. I go by odds and facts, and that is always the smartest way to do, regardless if the hunches are correct in the end or not. That's all.

The sole fact is that some guys have problems, actually one program is crashing under certain conditions recently, and that program is called MRT and that crashing apparently started with the last patch day, everything else is speculation and interpretation. (And I said "under certain conditions" because MRT works fine when started manually and it never found anything regardless of quickly scanning or fully scanning the system.)
After the reinstall another issue still persisted since the last patch day: after installing any modern app the wifi connection is lost for a few seconds so that I have to install the apps one by one -- it was so after the patch day and before the reinstall of the OS and it was the same again after installing the last updates. I never had these problems before said patch day and maybe something got broken in Win 8.1 for some configurations.

Just curious - after you re-installed the OS on the one PC, did you apply the February MSRT update again, and if so, were there no more errors?

I reinstalled everything and that version of MRT is installed again but I got that error only during an automatic maintenance, so two PCs, both 32 bit, had that problem and the 64 bit never got that problem.

 

[MasterChief]

The sole fact is that some guys have problems, actually one program is crashing under certain conditions recently, and that program is called MRT

Back to square one, full circle and all of that good stuff. If it is not malware crashing an extremely small fraction of machines, then what else could it possibly be?

I can't think of anything else, myself. I happen to know a thing or two about Microsoft's OSes too, so it's not like I'm just saying, "Oh boy I'm stumped. Must be malware."

I would not at all be surprised to learn that it is involving rikvm rootkit, which hides itself and cannot be seen without WinDBG. It is flourishing as of late.

 

[RonnieJP]

Just curious - after you re-installed the OS on the one PC, did you apply the February MSRT update again, and if so, were there no more errors?

I reinstalled everything and that version of MRT is installed again but I got that error only during an automatic maintenance, so two PCs, both 32 bit, had that problem and the 64 bit never got that problem.

Interesting, my system is also 32-bit and I only got that error after automatic maintenance. Running the MRT tool downloaded from MS's website manually never shows any issues in the logs. Since 64-bit systems are now way more prevalent out there, that could be why this issue isn't being reported on a widespread basis.

 

[anthropos]

Just curious - after you re-installed the OS on the one PC, did you apply the February MSRT update again, and if so, were there no more errors?

I reinstalled everything and that version of MRT is installed again but I got that error only during an automatic maintenance, so two PCs, both 32 bit, had that problem and the 64 bit never got that problem.

Interesting, my system is also 32-bit and I only got that error after automatic maintenance. Running the MRT tool downloaded from MS's website manually never shows any issues in the logs. Since 64-bit systems are now way more prevalent out there, that could be why this issue isn't being reported on a widespread basis.

After I reinstalled the entire OS (as I got the problem that Windows Defender were unable to download any updates) everything was good so far except the other issue with the app updates; I do not think maleware is involved as I gave one fix-it from Microsoft a try and I think it did more bad than good.
I never downloaded MRT manually, I used the same MRT which got installed via Windows Update (typed mrt into the Run window and used the different scan options), and everything worked perfectly and no error occured -- till an automatic maintenance started some time later.

 

[MasterChief]

(as I got the problem that Windows Defender were unable to download any updates)

Yet another indicator of malware having been present.

Hopefully it does not crop up again as I'm guessing you didn't use Killdisk.

 

[RonnieJP]

Well, it's Patch Tuesday, so I put the MRT.exe file back into the Windows/System32 and downloaded the new update for Malicious Software Removal Tool. Still show application error 1000 in the event log after I triggered a manual maintenance job. The file was not replaced by the update. It's still version 5.9.9902.0 with the same time stamp.
I fact, in Windows Explorer, it shows the file was created back in 2010 and modified in February's update. So, I'm just going to remove the MRT.exe file again and just run the standalone version of the MSRT Tool for March.
I'd be interested to hear if the other 32-bit users affected by this issue have the same MRT.exe file version?

 

[werty]

My system successfully updated the new version of MRT to 5.10.... And till now the errors have stopped. I have done like that: removed the mrt log in debug folder (windows/debug). Deleted the two files: MPGEAR and one more but cant remember what his name was in the Windows/Temp folder. Installed all the march patch updates and that's it. Hope this works also for you

 

[Borg 386]

In the past I found that MSRT went into a folder where it wasn't easily accessible. Not only that, but it didn't delete past versions of it. MSRT is set to run a scan automatically if you d/l it along with the updates.

For a while now I have been d/l ing the standalone version, running it before I do the updates, then refreshing the updates list. It disappears from the list once it has been run. Then I d/l the rest of the updates. I haven't had any problems with it doing it that way & I have easy access to it should I need to run it.

 

[RonnieJP]

My system successfully updated the new version of MRT to 5.10.... And till now the errors have stopped. I have done like that: removed the mrt log in debug folder (windows/debug). Deleted the two files: MPGEAR and one more but cant remember what his name was in the Windows/Temp folder. Installed all the march patch updates and that's it. Hope this works also for you

I don't know exactly what happened, but somehow the new version 5.10 of MRT.exe is now in my System32 folder, even after I deleted the old version that was not overwritten when I updated yesterday. I'm not set for automatic windows updates, so I don't understand how it got there. Also, that file MPgear.dll is now gone altogether. Bottom line is now when I run maintenance (at least manually) there is no more event log error for MRT.exe. So, at least for now, seems like the new version did the trick.