Malicious Software Removal Tool finds 194 infections, says there is none on completion

• Is MSRT at the latest and current version (March 2016 - build 5.34.12400.0)?
• Have the tool ran and reported these 'preliminary' detections just once (when you updated the tool last week)? Or do detections persist if you run additional scans (either quick or full)?

FWIW, we have seen similar reports over the years but never a clear explanation as to why this occurs. See this probably related thread - to include sources for the following:

If the mrt.log file shows clean (no infection found) then it's likely MSRT suspected a possible threat during the scan, displayed it as such (preliminary detection) but determined it was not an actual threat before completion. The initial detection could be due to heuristic analysis or an incorrect virus signature in the database. Microsoft Antimalware software uses heuristic analysis which will automatically submit suspected threats to the server where the file(s) is checked against signature updates in the master database. If a match is found and verified as malicious, updated signatures will be downloaded in order to take action on the detection. If the detection is determinded to be a false positive, no action is necessary.

Please also keep in mind that MSRT only scans for and removes a limited number of specific malware families (a small subset of active malicious software) so it is not comprehensive... and, in general, shall not remove as many threats that might be compounded by categories such as adware, toolbars or Potentially Unwanted Programs (PUPs).

However, since you are talking about an 'abnormal number of threats being detected', and your resident AV (+ MBAM) is giving you a 'clean bill of health', I would suggest you run some additional scans (including a full scan using same MSRT and/or the MSS - if you haven't yet done so) - using AdwCleaner and the ESET Online Scanner - for a second (third) opinion.

Please report back if any detections by these tools.

Same version # for MSRT, date of March 15, 2016.

I have run MSRT a few times, not always to completion. Each time the 194 infected files pops up rather quickly. (for the windows 8.1 machine)

mrt.log notes 'Failed to collect/send ServiceErrorReport heartbeat. HR = 83760002' 

I usually run MSRT with internet disconnected. It looks like that is the cause of the error message.

I will edit this when Microsoft Safety Scan is complete. Also I will add the ESET and AdwCleaner results.

Thank you for your reply!

1a. Approx Jan 2013

1b. Win 8

1c. probably October 2013

1d. Lenovo

1e. No, but GWX was on. I removed it from the kb3035583 from the installed upgrades.

2. Monday, Feb 1 2016. (its in the 64bit directory)
3. Suspicious behavior with internet connectivity. I had upgraded Virtualbox but hadn't rebooted before running a virtual machine. Suddenly lost internet connectivity and Avast GUI stopped working. Assumed malware could be involved and downloaded 30 day trial. The trial since ended and is the free version presently.

 - I should remember if something was detected so I think not

4. A McAfee 30 day subscription with the machine. I did a system refresh sometime last year, so it has been on this machine relatively recently.
5. McAfee preinstalled.

6a. Yes to all

6b. Yes to all except KB3035583

7a. 11.0.29 (kb3139929)

7b Firefox 45 and Chrome 48.0.2564.116 m*.* Also firefox developer, thunderbird, steam, readcube

8. No*.* Double checked with installed programs. Active-X Flash is not installed*.*

9. CCleaner registry cleaner. Had AVG tuneup on at one point, but may have been before refresh.

PS: sorry for the thread mixup. Since I found this relatively in common in both systems, I assumed a similar cause so posted both.

MSRT found 99 infected files on my Windows 7 machine, but the scan hasn't completed yet.

Win 8.1

Avast Free

Malwarebytes Free

'Files Infected: 194'

Win 7

Norton Security (licensed)

'Files Infected: 99' The scan is about halfway done at the time of my writing this.

We can only deal with one (1) computer in this thread. Since you posted in a Win8.1-specific forum, it'll be the Win8.1 computer.

Assuming Win8.1 64-bit...

Please answer each of the following [admittedly tedious] diagnostic questions in a correspondingly-numbered list in your very next reply, preferably without quoting this post:

1a. When (approx. date) did you purchase the computer?

1b. Did the computer come with Win8 (or Win8.1) preinstalled, did you do a clean install of Win8 (or Win8.1), or did you upgrade a (e.g., Win7) computer to Win8?

1c. Assuming you started with Win8 => When (approx. date) was Win8.1 installed?

1d. Who manufactured the computer (e.g., Dell; Sony; HP; Acer; Lenovo)?

1e. Has Win10 ever been installed?

2. In Windows Explorer [WinKey+E], navigate to & right-click on:

• **C:\Program Files (x86)**Avast Software <=this folder

Select PROPERTIES: What's the CREATED date displayed on the resulting GENERAL tab?

3. When & why was MalwareBytes' Anti-Malware (MBAM) installed? Is it the MBAM Premium 30-day free-trial or MBAM Free? Has MBAM ever detected & quarantined anything since it's been installed?
4. Has a Norton application or a McAfee application EVER been installed on the computer since you bought it?
5. Did a Norton free-trial or a McAfee free-trial [pick one] come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)

6a. Is KB3139929, KB3140735, KB3138910 & KB3138962, KB3137513, KB3139940, KB3139914, KB3139398, and/or KB3139852 listed in Installed Updates (not Update History)? [1]

6b. How about KB3138615, KB3123862, KB3035583, KB2976978 and/or KB3044374?

7a. What Update Version & KB number are displayed in the second line of text in IE11's Help | About [Alt+H+A] tab; e.g., Update Version: 11.0.54 (KB1231231) ?

7b. Is Firefox version 45.x (or higher) and/or Google Chrome version 49.0.2623.87 (or higher) or any other alternate browser installed?

8. Is Adobe Flash Player v21.0.0.182 installed? TEST HERE USING INTERNET EXPLORER ONLY! => http://www.adobe.com/software/flash/about/

 Example of the Version Info box on that page

(disregard the table below the Version Info box)

9. Are you in the habit of using "Registry cleaners" (e.g., Registry Mechanic; System Mechanic; RegCure; RegClean Pro; Advanced SystemCare; Registry Booster; McAfee QuickClean; Glary Utilities; AVG PC TuneUp; Norton Registry Cleaner; PCTools Optimiser; SpeedUpMyPC; PC Doctor; TuneUp Utilities; WinMaximizer; WinSweeper; Comodo System Cleaner; Advanced System Optimizer; CCleaner's Registry Cleaner component)?

====================================================

[1] Control Panel | Programs and Features | View installed updates (in left-hand menu)

MSRT found 99 infected files on my Windows 7 machine, but the scan hasn't completed yet.

Win 8.1

Avast Free

Malwarebytes Free

CCleaner

SlimDriver

'Files Infected: 194'

Win 7

Norton Security (licensed)

CCleaner

SlimDriver

'Files Infected: 99' The scan is about halfway done at the time of my writing this.