Jump to content

ATechGuy

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by ATechGuy

  1. 1.39 is now out, and UBCD4Win has a "Patch". I'm curious of the patched MBAM.exe is really 1.39, or a special build. Perhaps this is more of a question for the UBCD4Win forum, but I figured it would make more sense to get clarification here. Thanks.
  2. I believe the initial case happened due to SuperAnti-Spyware removing the svchost.exe program and the phoney "Microsoft Common" folder. But it FAILED to also remove the registry key and thusly caused the problem. So, no knocks against MBAM there. However, I was just hoping that if you happened to FIND the registry key, AND it had a reference to a non-existent file, you would REMOVE the reference (who cares if you leave the key if it's empty...). At least that way, you could FIX the "File not found" problem. Of course, one might also say, and, HOW might you actually RUN MBAM if you don't have the shell? Well, just like running any other program at that point--from Task Manager. Clearly, not your average run-of-the-mill user, but between you and me, everything ounce of heuristic you can deploy can help in this fight. Cheers, -Ken
  3. And, from your link, it's quite possible that the key is there by default, but it's also blank, by default, which is also fine. It's the dead-end reference that's the problem. Sorry if that wasn't made obvious before. -Ken
  4. Thanks Bruce. While I'm not suggesting how to do this, I can say that if you find ANY references to non-existing files within this whole key (Image File Options), you aren't going to hit an FP. While most of the executables in this key are minor, the Explorer.exe key is clearly a VERY special case, and one that wouldn't expect to be listed here unless your a *shell* developer and in that case, you wouldn't be running MBAM...:-) Thanks for looking into this. I ran into this problem a month or so ago, and now more than four times in the past week. I can't say for sure which Anti-Malware program is actually removing the malware file in \Microsoft Common\, as I typically run several while in PE mode and then flip back to safe mode to finish off the job. With MBAM not working in UBCD4Win right now, I can be certain that it wasn't MBAM that removed the referenced file. However, Had MBAM (or if done properly, the other programs that removed the malware) caught this dead-ended file reference in the registry, it would have made life a bit easier. Since a couple of months had passed, I had forgotten about this key so it took me a bit to track it down when explorer appeared to stop working due to "Cannot be found"...
  5. Actually, when this key is in existence, which it normally is not, you CANNOT run explored if the file referenced in the key no longer exists. Trust me. Try it for yourself.
  6. Thanks Marcin, Your product rocks. FWIW, I entered a posting on your web site for a registry key that needs to be looked at, as it can render a PC useless if the key exists but the file it references is removed. Having MBAM in the UBCD4WIN toolkit would be the best.
  7. A combination of malware running around in the past few days has infected several of my client's PCs. One of the files that gets removed is C:\Program Files\Microsoft Common\*.* (typically the file contained in this folder is svchost.exe) However, there is still a reference to this file and as a result, whenever Explorer.exe is attempted to be run, the following key is executed, the file isn't found, and the program won't run. With no shell, you get, well, you know. If you try running explorer.exe from the Task Manager, you get "file not found", even though it's there on the disk. What's isn't immediately obvious is the "file not found" isn't explorer.exe, it's the file in the registry key that was removed by anti-spyware programs. The key is: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe] "Debugger"="C:\\Program Files\\Microsoft Common\\svchost.exe" It would be great if you could add this to your WONDERFUL program and detect if this registry key exists and if so, add it to the list of items detected. (It might be worth check to see if the file it's pointing to still exists too, as it would make sense to detect it at the same time.) Thanks again for making such a great program as your available.
  8. May I presume this is related to "Error Code 718, The Keyset is not Defined" that we now get with 1.38? Any suggestions on how to fix this? Thanks, -Ken
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.