![](http://content.invisioncic.com/Mmalware/set_resources_28/84c1e40ea0e759e3f1505eb1788ddf3c_pattern.png)
JeanInMontana
-
Posts
3,859 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JeanInMontana
-
-
Just installed IE8 Beta 2 and, after some glitches, got it up and running. Once I am used to it, think I will like it. I am not a professional user, just a guy.
Keep in mind beta programs can do serious system damage. You might want to consider your experience level when beta testing.
-
Hi littlebity and welcome to Malwarbytes! Thanks for your kind words much appreciated.
-
Ditto nosirrah, and do you ever do forum work?
-
Right, i'm not sure how i got this virus.
It is a backdoor virus, and i have Kaspersky anti-virus.
I'm not sure if this file that it is supposedly the virus is important and i shouldn't delete it.
The file is under
C drive
Program Files
Applications
iebr.dll
Please send me a message back asap. Thank you!
Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936
-
I currently have Symantec Corporate Anti-Virus running in background (free from work), and Windows Defender. I also use Spyware Blaster, and the immunization feature of Spybot. I use Windows Firewall.
I recently had a bad infection, which neither of the two background scanners recognized at all (vundo, etc.). I downloaded the free MBAM, and it cleared it up. Thank you.
Yet, I am getting frequent false positives these days from SAV.
I am thinking of purchasing MBAM resident protection. I am wondering, what could it replace. If I had MBAM background protection running, no need for Windows Defender or any other background anti-spyware app, correct? (Although I know it's good to use different on-demand scanners.)
I have read people's questions here about whether they need to have a background AV program running besides MBAM, and your answer is always yes. But I'm wondering, is that really necessary, or do you say that, to be on the safe side?
Isn't there some overlap between what background MBAM does and a background AV app. Both look for trojans and other malware, no? Doesn't MBAM look for viruses as well, or does ignore them, leaving them to the AV apps?
Just trying to avoid too many unnecessary background apps running, hogging resources, etc. Also, SAV did not help me at all with the recent infection (which MBAM fixed), yet it keeps feeding me false positives.
Are any readers here using MBAM as your only resident protection, without a resident AV app? If so, how is that working for you?
Hi maiki and welcome to Malwarebytes. Joe53 is correct. But I will elaborate a bit. First Spyware Blaster and immunization in SBS&D are not back ground scanners. They block sites and active X installs. Keep them always updated and all protections enabled. Second, get a free AV that won't suck the life out of your system and is actually working. We recommend Avira from Antivir to run along sided of MBAM. You do need an anti virus, MBAM is not an antivirus program. The Windows firewall is crap. Online Armor makes a great free firewall I run it Avira and MBAM all together and have very low system resource use. If your going to buy MBAM, please use the link in my signature. Feel free to keep asking questions, we aim to please and give the best support we can for our product.
-
In your case, I would decide on how often to update, and refrain from clicking the update button before your chosen update day.
Bad idea. Update, every time there is one to be had, be glad someone is working to save you from what is out there and for free!
-
You could simply do some beta testing with users here on the forum when significant technology changes are made to help ensure such problems which required the rapid deployment of 1.30 in the first place. That's how MBAM started, a long trial of beta testing, but now there don't seem to be any betas, just new release versions, and if it breaks, then a new version must be pushed out.
We did do beta testing. Beta testing has never stopped every new version has been tested. There were still bugs. Ermm we do know how MBAM started too.
-
Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.
Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.
-
Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.
The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.
-
H Paulyc and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 .
-
Combo fix produces a HJT log, so since it is not posted you did not post all the log. Perhaps you have the entire system set for French, since you are French
that makes sense. If you don't use P2P how did all this get on the machine? Those are all P2P programs. Not just one mind you but 3. Someone uses them and they are illegal to use to get music and video that should be paid for, and most likely how you got infected.
"{47974CE3-0114-4A3F-AFEA-C4B634D5F5AA}"= UDP:C:\Program Files\uTorrent\uTorrent.exe: -
I don't search the site for all posts by a user. What you put in this forum is all the info I had. The errors you state in the other post can be in FF and the Yahoo search ... what program is it referring to? What are the settings for saving history in FF? It can be set to not save at all.
You didn't answer how did you get a HJT log the first time? Have you tried doing as the program says? You need to update MBAM to 1.30 run a quick scan see if that allows you to then run HJT.
-
Hi there opiumden34 and welcome to Malwarebytes. Your looking better now, MBAM removed a plethora of malware. Please move HJT from your desktop and to it's own folder in program files.
Once you have done that run it in scan only and put a check next to all of the following lines and then click fix.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
O2 - BHO: (no name) - {054cb733-20bf-40aa-8392-0df7448addcf} - (no file)
O2 - BHO: (no name) - {0f570f28-7ed6-4f41-9df0-401ace8ab0b7} - (no file)
O2 - BHO: (no name) - {2835B8E3-DA53-4A77-A657-2E46C84D3330} - C:\WINDOWS\system32\opnkjKAq.dll (file missing)
O2 - BHO: (no name) - {5055BBBE-A236-490F-A798-A1ED92BE378C} - C:\WINDOWS\system32\khfCtttt.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {702DC270-C60A-4CAE-8BC2-0009A6174290} - C:\WINDOWS\system32\urqpnKcb.dll (file missing)
O2 - BHO: (no name) - {7055903A-E1DF-4F12-82CB-5A3C05E4A0D4} - (no file)
O2 - BHO: (no name) - {70af9f25-88c1-4ff5-90a1-b7db14f2c605} - (no file)
O2 - BHO: (no name) - {71BF1537-68C6-4A35-B7BB-59185CA2FE7E} - C:\WINDOWS\system32\qoMeEULC.dll (file missing)
O2 - BHO: (no name) - {74979E96-A3DB-4AE9-AE48-7A3D1E47ACE6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8651D72A-F366-4781-8163-08969B1F37F7} - (no file)
O2 - BHO: (no name) - {9868917F-A069-4B6A-8495-1591DEDD17CE} - (no file)
O2 - BHO: (no name) - {D2D4546A-A1B0-4344-8F94-78DC44DC0479} - C:\WINDOWS\system32\nnnkIyWQ.dll (file missing)
O2 - BHO: (no name) - {E7611C63-2B1C-4E4F-9113-B920578941D4} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O20 - AppInit_DLLs: hxmubx.dll,C:\WINDOWS\System32\dbgeng32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
Uninstall Morpheus and delete all files associated, including those you have downloaded with it. Rarely is P2P downloading legal and Malwarebytes will not be associated with illegal activities and this is most likely how you got infected.
You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.
Reboot to normal mode.
Update MBAM run a quick scan, post that log and a new HJT log please.
-
Can you get a screen shot of the MBAM error please? Safe mode message? Are you in safe mode? Have you checked all things mentioned in the error message? This might be malware related. I'm not seeing any though. Also please open Notepad and under the edit tab uncheck word wrap. I need to see the HJT log lines as all one line.
-
You can't have TeaTimer running during the fixes.
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Open SB S&D
Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode.
Click on the Tools section and then Resident.
You will see two items.
1. Resident "SD helper" (Internet Explorer bad download blocker.) active
2. Resident "Tea Timer" (Protection of over-all system settings.) active.
Uncheck number 2..
Leave number 1 checked always.
You can enable Tea Timer again if you wish once all special fixes have been done.
Update MBAM run a quick scan post that log and a new HJT log.
-
To be sure lets see a new MBAM log, be sure you update it, current version is 1.30. Run a quick scan and post that log then a new HJT too.
-
I figured since you were in msconfig you knew how to use it. Don't play in there if you don't know what your doing; in msconfig, find the entry and uncheck the box in front of it. Click apply and then OK. It will then say you need to reboot. After the reboot you will need to say no to msconfig starting at every reboot. OK while your in msconfig look for anything that says bootini in the list of autostarts, and if present uncheck it.
Disable auto-reboot
When Running windows and it crashes you will get a blue screen and it will
automatically restart, ofter it will restart too fast for you to see the
error message. You could check the error log in this case but that is too
easy. We are going to disable auto restart on system failure.
1. Go to Start -> Control Panel -> System (Windows+Pause works, too)
2. Go to Advanced
3. Under the Startup and Recovery section, click Settings...
4. Under System Failure un-check "Automatically restart"
Be sure you update MBAM it is now at version 1.30.
-
OK be sure to update MBAM before all scans. Your running an old version. 1.30 is current.
Please set your system to show
all files; Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Please find this file C:\Program Files\Notepad++\notepad++.exe and attach it in a zipped folder here in a new topic you start, link back to your thread in the HJT forum please.
We need this file since MBAM is not findng it. Please do your best to get it.
-
Well, how did you run HJT the first time? Get rid of the P2P stuff "Limewire" downloading without paying is illegal and Malwarebytes will not be connected in anyway to illegal activities. You have no malware showing in any logs so I don't know what to do for you. You haven't given any symptoms to indicate you have malware either. "Something is wrong." doesn't tell me anything.
-
This user has a thread going already with Raid helping, I'm closing this one. Fractal, follow the instructions you were given in your other topic and reply there.
-
Since you have started another thread and it shows illegal activity I will close this thread. Do Not open another topic.
-
Be sure you do the System Restore reset too. If you ever use the infected Restore point your going to be right back where you started. Also all the prevention stuff I mentioned is free.
Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.
The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.
-
Hello Joe9000 and welcome to Malwarebytes. You are not taking action when you scan with MBAM. Please update MBAM run another quick scan and post that log and then get the correct version of HJT and follow the rest of these instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936
-
Hi again. Please uninstall MBAM, delete all files and folders and in 45 minutes from the time you see on this post, download the new version and reinstall it. Let's see if that fixes the update issue and be sure to also run a quick scan post that log and a new HJT log please.
Happy Birthday GT500
in General Chat
Posted
oops better late than never I hope.