mountaintree16

cpaesq, Layered protection is great, and is what I use Just to add to what others have said here, Have an active, up-to date antivirus program with updates done at least once daily Mbam pro is a GREAT program to have Yes, likely the trojan would not have gotten in had you opted to have Malwarebytes protection start with Windows. However, Mbam and your AV program may not update properly from the limited account on XP, so please log onto the admin account at least once a day to update until you are sure you are getting updates either from the limited account or you can continue to log onto the admin account to ensure that you are getting daily updates I would recommend staying far, far away from the pirate bay website and any similar sites. In addition to the above, a HOSTS program would also do you well, I use HostsMan, which I would be more than happy to assist you with in getting onto your machine and answer any questions you may have about it. What HostsMan HOSTS file does is block baddie websites and most advertisements, adding further protection to your machine. Of course, nothing, like anything in life, is 100%, but combining all these things greatly reduces the risk & makes your machine very difficult to infect Of course, practicing safe browsing habits, staying away from questionable websites, and not using P2P software also is good! When replying, please use the ADD REPLY button at the bottom of the page, as this makes the forum easier to read. Thank you

Well in the Beta (which will be complete hopefully within a few weeks for final release) you can the option to not have a logfile displayed after the scan, but it will still be saved to your computer and is easily accessible from within the program just like it always has been. I don't believe it is possible for the logfile to show only if there are infections found, though, but I could be wrong, so if I am, I am sure that someone will correct me

fin97, Are you actually looking for the IP protection to stay ON but block IP's SILENTLY or are you truly looking to turn it OFF? Also, are you a paid or free user? Just wondering so I can answer your question better if you are paid, if you are free, please follow ShyWriters directions above mine

You're welcome To find rules.ref, Follow Exile360's directions a couple posts above this post (show hidden files/folders), and then you should be able to find it: Afterwards it would be a good idea to reset hidden file/folder settings as given in the directions by Exile360 also. Did our replies help you with your questions or do you still have some questions?

You continue with your post with Screen317 here: http://forums.malwarebytes.org/index.php?s...st&p=217725

Please do the following to see if it corrects it: Step 1: Verify Internet Connectivity of Internet Explorer: Backup the Registry: Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so. Please download ERUNT from here ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup. Note: the default location is C:\Windows\ERDNT which is acceptable. [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe Once you've done your backup, please do the following: Click on Start and select Run In the Run box copy and paste the text in the following code box exactly as written and press Enter or click on OK:REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f Try updating again and if it does not work then please proceed to Step 2 Step 2: Verify Your Internet Connection Settings: Open Internet Explorer Note: It MUST be Internet Explorer, not Firefox, Opera, Chrome or any other internet browser [*]Click on Tools at the top and select Internet Options Note: If you do not see Tools, press the Alt key on your keyboard and it will show up [*]Click on the Connections tab [*]Click on the LAN settings button [*]Under Automatic configuration make sure that the box next to Automatically detect settings is checked, if it is not, then click the box next to it to check it [*]Under Proxy server make sure that the box next to Use a proxy server for your LAN (These settings will not apply to dial-up or VPN connections). is not checked and if it is, click the box next to it to uncheck it [*]Click on the OK button to close the Local Area Network (LAN) Settings window [*]Click on the OK button to close the Internet Options window [*]Try updating Malwarebytes' Anti-Malware again to see if it now works correctly Now try updating Malwarebytes' Anti-Malware once more and if it does not work then please proceed to Step 3 Step 3: Exclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs: For Windows XP: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\System32\drivers\mbamswissarmy.sys For Windows Vista or Windows 7: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\System32\drivers\mbamswissarmy.sys For 64 bit versions of Windows Vista or Windows 7: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\SysWoW64\drivers\mbamswissarmy.sys Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well The FAQ contains examples of setting file exclusions for some known AV products. PS - There are virus's that target Mac computers, just so you are aware of that. I can link you to some articles on this if you'd like. Norton now has a Mac AV, as does Kaspersky. PC Tools offers a free AV program for Macs.

You're welcome! I'm glad I could help! I just wish I had been better help, but now I know where/how to find it for the future

Thanks Exile, I'll hang onto that for future reference

Did you try putting the ink in the correct slot and see if everything worked after doing so?

Hmm well did you put it in crookedly or anything? In my experience sometimes when replacing an ink cartridge the printer will ask me to print a test page in order to align the new ink cartridge and whatever else it needs to do to prepare the printer for the new cartridge Have you ever put ink in that second slot BEFORE? Might be for a special ink cartridge type or something else entirely.

You're welcome, Jay! Here's the link I prefer for downloading Mbam (if you want to try downloading it again): http://majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html Download Malwarebytes Anti-Malware Download Malwarebytes Anti-Malware from the USA Download@MajorGeeks << Then click one of these to begin the download Download Malwarebytes Anti-Malware fromthe USA Download@MajorGeeks <<

Glad all is well now What did you end up doing to be able to clean up the laptop? Sorry I couldn't be more helpful with the rules.ref I've done it before (on XP though, not Vista/7) but I can't figure why its not where its supposed to be unless the location has changed since that help file was written on the link I gave you.

Ah darn! Hmm. I wish I had access to a Vista or 7 right now. Do a search for Malwarebytes and see what comes up, and see if you can find rules.ref in any of those. If you can't, a clean install might be your best bet (if you don't think you'll have trouble re-installing Mbam on the infected machine). To do a clean install: If you are having any problems with Malwarebytes' Anti-Malware protection please do the following. 1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel. 2. Restart your computer (very important). 3. Download and run this utility. 4. It will ask to restart your computer (please allow it to). 5. After the computer restarts, install the latest version from here. Note: You will need to reactivate the program using the license you were sent via e-mail.

Oh! Sorry for the misunderstanding. Try doing a search for rules.ref on his laptop. If its in a Malwarebytes folder, then you've found the right one and replace the old rules.ref with your new rules.ref file.

Er, what I had meant was, can you pull the rules.ref off (after updating Mbam to its most current definitions of course) off your computer, burn it to Cd or use a Flash drive to transfer the rules.ref?

can you access sites like msn.com, yahoo.com? or is it just the security websites and the like that you cannot access? Yes, you can copy the Mbam Setup to a PC as well as current database definitions as laid out in Issue #4 here: http://forums.malwarebytes.org/index.php?s...ost&p=49525 Also as a side note, when replying, please use the "ADD REPLY" button or erase what the person you are replying to said, as this makes the forum easier to read. As for other ideas, you can try the following to see if it helps: Please do the following to see if it corrects it: Step 1: Verify Internet Connectivity of Internet Explorer: Backup the Registry: Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so. Please download ERUNT from here ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup. Note: the default location is C:\Windows\ERDNT which is acceptable. [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe Once you've done your backup, please do the following: Click on Start and select Run In the Run box copy and paste the text in the following code box exactly as written and press Enter or click on OK:REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f Try updating again and if it does not work then please proceed to Step 2 Step 2: Verify Your Internet Connection Settings: Open Internet Explorer Note: It MUST be Internet Explorer, not Firefox, Opera, Chrome or any other internet browser [*]Click on Tools at the top and select Internet Options Note: If you do not see Tools, press the Alt key on your keyboard and it will show up [*]Click on the Connections tab [*]Click on the LAN settings button [*]Under Automatic configuration make sure that the box next to Automatically detect settings is checked, if it is not, then click the box next to it to check it [*]Under Proxy server make sure that the box next to Use a proxy server for your LAN (These settings will not apply to dial-up or VPN connections). is not checked and if it is, click the box next to it to uncheck it [*]Click on the OK button to close the Local Area Network (LAN) Settings window [*]Click on the OK button to close the Internet Options window [*]Try updating Malwarebytes' Anti-Malware again to see if it now works correctly Now try updating Malwarebytes' Anti-Malware once more and if it does not work then please proceed to Step 3 Step 3: Exclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs: For Windows XP: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\System32\drivers\mbamswissarmy.sys For Windows Vista or Windows 7: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\System32\drivers\mbamswissarmy.sys For 64 bit versions of Windows Vista or Windows 7: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\SysWoW64\drivers\mbamswissarmy.sys Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well The FAQ contains examples of setting file exclusions for some known AV products. ----------------------------------- If that does not do the trick for you and if you cannot transfer Mbam via CD, please do the following: Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help. If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you. After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post. Thank you

You're welcome! Wait, so I am confused... did transferring the rules.ref work or did it not?

Can you pull the rules.ref off of your machine or another clean machine that can update to the most recent definitions? That's what I would do in your situation if at all possible

Please see Issue #4 here: http://forums.malwarebytes.org/index.php?s...ost&p=49525 Hope that helps!

Great job!! I finished changing all my Mbam bookmarks over to the new domain a couple days ago also

Good Just wait for someone to reply to you in the Malware Removal Forum, someone will be with you as soon as possible and will guide you from there. You're welcome!

Honestly I am not surprised that you are infected. Your Adobe reader is way out of date and you are running a Service Pack on XP that is due to have support ended for it on July 13th, 2010. You should update to SP3 soon. Are you using an antivirus program? Anyway, please read the following so that you can get yourself cleaned up: Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help. If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you. Also, when replying, please use the "ADD REPLY" button or erase what the person you are replying to said, as this makes the forum easier to read. After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post. HJT should NEVER be used by an untrained person OTHER than to scan & remove items as guided by an EXPERT. A False Positive is a detection that is found that is not really an infection. Thank you

You have Virut it seems Please read here: http://miekiemoes.blogspot.com/2009/02/vir...s-throwing.html

hehe I am going to have a talk with them... scan needs to NOT be aborted, lol. I was just wondering if anyone had experience with what invisible scan mode is with a scheduled Avira scan.. I was thinking that way it would be more difficult for someone to stop the scan I already knew someone was actually stopping the scan, bleh.