Jump to content

canada765

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by canada765

  1. Yes it's been resolved. Please see my previous comment through. Thank you,
  2. Also I noticed that Malwarebytes does the registry repairs first and then does the quarantene of the virus file. I'm not sure if you have other reasons for doing it this way but for this particular virus (and possibly others) if that could be reversed then this step of having the user remove/move the virus would be unnecessary. Again, I'm speaking about this virus in particular but it may be something to think about. If the registry has been hijacked then removal of the program on the disk has to be done first as every time the registry is modified it attempts to restart the virus.
  3. One more thing, just this virus alone will result in the removal of 766 objects using MalwareBytes, just in case anyone wants to know...
  4. Yes, MalwareBytes removed the virus using the procedure I described above. One thing I forgot to add though and it could be important is to also physically remove the virus file before running MalwareBytes since the virus could reactivate itself when Malwarebytes is modifying the registry. (I've see it happen). First, make sure you can see hiden files and folders. (Enable showing the Hidden files and folders from the "Folder Options" application in the Control Panel). The virus wil be in the "Documents and Settings" directory under the user account your logged into and then in the "Application Data" directory. The virus has so far been called ProtectorXXX.EXE. IT's safe to just delete this (or move it to a different name) and then run MalwareBytes and it will take care of everything. I've seen some others talk about this virus and given more complex procedures to remove it but so far this is the easiest way I have found and I setup a machine to recreate the problem just to find the best way to remove it which I have done 4 or more times now. Hope it can help some others.
  5. For others who see this the display on the screen will usually read "Windows Turnkey Console" and usually has the Protector-xxxx.exe file associated with it. I have been playing with it and found a fairly easy way to remove. This works just fine on a system infected with the live virus, I just tried it. Move the virus spam window to the side so you can work, Open the Explorer (Right click on Start, click on "Explore"). Navigate to C:Windows\system32 and copy the taskmgr.exe to your desktop Rename the taskmgr.exe to something else and then you can double click on it to execute it. Look for "Windows turnkey console" or a task that begins with "Protector" and hit the "End process" button. This will stop the active component of the virus that is currently running in memory. If you don't have Malwarebytes installed you can install it now either from your web browser or load from your memory stick. Do not try to run directly after installing it. (It won't matter really but it won't start anyway) Then in your Explorer window, navigate to C:\Program Files and go into the "MalwareByes Anti-Malware" folder Click on "Mbam.exe" and copy it to a different name but leave it in the same folder (this is necessary) Double click on the copy, and it will run, update virus definitions if asked and run a "Quick Scan". It will completely remove the virus, I just verified this twice in fact. :-)
  6. HEY ! I got it working !! In the registry there is something called "Image File Execution Options" and some virus must have put some entries in there as there were entries for mbam.exe mbamgui.exe abd nbamservice.exe. (I removed them) Incidentally when I was trying to run malwarebytes, I could see the "svchost.exe" program trying to run but now I know why since that was what they put in there !!!! So hey, got it. Is this typically caught when Malwarebytes runs ? I'm just curious since it was done as a remote disk from another computer and that didn't fix it. Anyway, it's running perfectly now. thanks for giving me some leeds. I've been up to my eyeballs in registry crap and glad to be out of it. What a frickin mess.
  7. I was able to get the task manager and regedit commands to work as they should by repairing the registry, there was an intercept being done there by this former Protector-qlkq.exe virus and that was not removed from the registry by Malwarebytes. I had assumed, maybe incorrectly, that this would have been done by Malwarebytes running on the external disk, but is there an issue there why it wasn't ? I had to delete 2 keys from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ taskmgr.exe regedt.exe But still looking at this as Malwarebytes still isn't able to execute on the system in question.
  8. The "Merge" was not working (said file not found) and for some reason I can't run "regedit" directly from the command window, it says the program is not found but I was able to find it and run it (by changing the name) and managed to import the ExeFix.req file successfully into the registry. The net result of running the FixPolicies.exe was no change unfortunately. I see in the Fix_policies.cmd script he's not displaying output (> NUL) so no real idea if it was successful or not. I'll try to examine the registry and see if I can tell but so far this did not help. One more note, Norton Internet Security did install and work correctly on the system, but Malarebytes same result, seems to install but not execute. One more thing, the task manager doesn't seem to work. Regards, Steve
  9. I am working on a XP system, I could not do anything on it due to Malware, so I removed the disk and was able to run Malwarebytes on it from another system. It found and removed one serious problem (Protector-qlkq.exe). The system now seems to run normally and I can install Malwarebytes (and other anti virus software) but they won't run. (none of them). I then did a repair installation on the system, the exact same thing happens, Malwarebytes and other anti-virus software won't run so I suspect there are some issues with the registry. Can anyone suggest anything to narrow this down or have suggestions other than a complete new installation to save this system? There appears to be nothing else wrong with it, other software seems to work ok but for some reason none of the antivirus programs will work. Thank You Steve
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.