Jump to content

Kaisersosay

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, Man, it is soooooo aggravating to have malwarebytes start cooking for a few seconds then stop and close shop. I then can't run it again unless I copy the backup mbam.exe and rename it and drop in the directory. I am sure its one of these programs stopping it, but can't tell which one. I know the second winlogon.exe is the renamed process explorer launch program. I am suspicious of all those svchost.exe but some of them when deleted force a computer reboot. I previously had and killed wiawow32.sys (known malware). Process PID CPU Description Company Name System Idle Process 0 98.46 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 848 Windows NT Session Manager Microsoft Corporation csrss.exe 908 Client Server Runtime Process Microsoft Corporation winlogon.exe 944 Windows NT Logon Application Microsoft Corporation services.exe 992 1.54 Services and Controller app Microsoft Corporation ati2evxx.exe 1160 ATI External Event Utility EXE Module ATI Technologies Inc. svchost.exe 1172 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1312 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1440 Generic Host Process for Win32 Services Microsoft Corporation incdsrv.exe 1464 incdsrv Nero AG svchost.exe 1708 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1976 Generic Host Process for Win32 Services Microsoft Corporation IreIKE.exe 1996 IreIke Service Application SafeNet aawservice.exe 340 Ad-Aware Service Lavasoft spoolsv.exe 616 Spooler SubSystem App Microsoft Corporation svchost.exe 2244 Generic Host Process for Win32 Services Microsoft Corporation AppleMobileDeviceService.exe 2364 Apple Mobile Device Service Apple Inc. CTSVCCDA.EXE 2548 Creative Service for CDROM Access Creative Technology Ltd svchost.exe 2640 Generic Host Process for Win32 Services Microsoft Corporation IPSecMon.exe 2824 IPSecMon Service Application SafeNet jqs.exe 2860 Java Quick Starter Service Sun Microsystems, Inc. mcmscsvc.exe 2984 McAfee Services McAfee, Inc. McNASvc.exe 3068 McAfee Network Agent McAfee, Inc. McProxy.exe 3148 McAfee Proxy Service Module McAfee, Inc. Mcshield.exe 3200 On-Access Scanner service McAfee, Inc. mdm.exe 3256 Machine Debug Manager Microsoft Corporation svchost.exe 3468 Generic Host Process for Win32 Services Microsoft Corporation MsPMSPSv.exe 3632 WMDM PMSP Service Microsoft Corporation alg.exe 3936 Application Layer Gateway Service Microsoft Corporation mcsysmon.exe 2728 McAfee SystemGuards Service McAfee, Inc. MpfSrv.exe 2096 McAfee Personal Firewall Service McAfee, Inc. lsass.exe 1004 LSA Shell (Export Version) Microsoft Corporation ati2evxx.exe 1528 ATI External Event Utility EXE Module ATI Technologies Inc. taskmgr.exe 2432 Windows TaskManager Microsoft Corporation explorer.exe 264 Windows Explorer Microsoft Corporation CTHELPER.EXE 1600 CtHelper MFC Application Creative Technology Ltd InCD.exe 1888 InCD Nero AG mcagent.exe 2016 McAfee Integrated Security Platform McAfee, Inc. wcescomm.exe 1260 ActiveSync Connection Manager Microsoft Corporation winlogon.exe 3512 Sysinternals Process Explorer Sysinternals - www.sysinternals.com CCleaner.exe 452 CCleaner Piriform Ltd ctfmon.exe 3828 CTF Loader Microsoft Corporation Kai
  2. Hi, I see there must have been some widespread malware out in the last 48 hours with all these posts indicating folks can't run malwarebytes or several other programs. Malwarebytes has always worked for me previously, but I must admit this is the nastiest bug I have had to deal with. Some of the things I have tried might work for others. It only partially worked for me (no pop ups for the annoying ransomware fake antivirus programs). Suggestions culled from the other mssgs here, all tried in safe mode and regular mode: When malwarebytes stops running after a few seconds -->Rename mbam.exe -->Seems this has worked for a few lucky ones -Unfortunately the same thing happens with the renamed executable for me and others -I redownload and change the names before running it the first time and it will still quit out after a few seconds and then won't run again -Uninstalling/redownloading/reinstalling to different directories gives the same problem Download process explorer and rename it to winlogon.exe. -The process explorer works for me, but I find nothing to delete. (I had previously killed processes and deleted files as mentioned under task manager) Other googled suggestions -Ran task manager and killed the following processes and removed their files msa.exe, b.exe, svchast.exe (Meant to look like svchost.exe) -Ran msconfig -Disabled AntipyPro_12 from services (not a mispelling, its AntpyPro_12 with no s in it) -Could NOT KILL tahidazu.dll in startup. I get an error message. I manually deleted the file c:\windows\system32\tahidazu.dll but i get a dialogue box that the specified module can't be found on the next startup -Ccleaner -I thought surely ccleaner startup tool would do the trick but it won't disable or delete detokadafe which is the program associated with the run32dll.exe "c:\Windows\System32\tahidazu.dll",s -Ccleaner Registry scan keeps finding the tahidazu registry entry and fixes it but it comes right back -Manual REGEDIT to delete any instance of detokadafe fails as well as it keeps coming back with (system restore previously turned off) -Ran services.msc -AntipyPro_12 is indded disabled and the svchast.exe it points to has been deleted -Can't turn on windows defender error 5: access is denied Is there a network mode that lets malwarebytes scan another computers harddrive over a network? I thought of just pulling the hard drive out and plugging it into the working computer but am afraid the bug could spread and it still wouldn't clean out registry errors and the like. Well, I got one more suggestion I will try tonight. Since windows defender won't run, I will uninstall and reinstall it. I don't hold high hopes because this malware interrupts the installation and/or running of malwarebytes, spybot, mcAfee and windows defender. It didn't seem to interfere with Ad-Aware 2008 but all adaware found the first time were cookies I guess I could try a windows xp reinstall but I don't think it will take without reformatting as the CD is a few service packs old. I will leave files backing up to an external drive and hope I see a solution on this forum for how to get mbam.exe working when it keeps getting stopped by the bug assuming the simple solutions like renaming, killing processes don't do the trick. Kai
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.