Jump to content

RobertM

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Mieke, Thanks for the reply. When I went to implement your suggestions I found that my situation had devolved significantly. I was denied permision to Explorer.exe, so my desktop disappeared and I had to launch stuff using TaskManager. I tried running dragging Explorer.exe onto ff33.exe, as you suggested, and, while it did get to the "OK" dialogue after a little while, I still had no access. I then tried to correct the permissions manually, using the "security" tab on the file properties dialogue, but, again, no luck. So... I decided it was time to do a reformat/reinstall. It's been a while anyway, and I think it is a good idea to do a clean build-up every year or so. I also have good backups Anyway, thanks for your help. Bob
  2. Hi Folks, A few months ago the laptop which my son uses for internet games became infected with a virus that was hijacking IE. I used MBAM to quickly and successfully clean it up -- thanks for that. Last night I found that it's got a similar infection, but MBAM won't fix it this time. After poking around this forum I've tried a bunch of things with no real success. Here are the symptoms, and what I have tried so far: OS is WinXP home SP3. 1. MBAM will install and run briefly. It begins "preparing for the scan" then suddenly exits after about 15 - 20 seconds. At that point it has scanned 0 objects and found 0 infections. I cannot restart MBAM (access denied -- or permission denied), nor can I delete the MalwareBytes program folder, but I can use the MBAM uninstall then run the MBAM setup again to get it to run again. It behaves exactly the same; early exit. I tried renaming to "Winlogon.exe" but no difference. 2. HJT will install but only runs for a very few seconds before exiting. I can't tell exactly what it is looking at (flashes by too briefly) but it might be going through the registry. Same as MBAM, access is denied after the exit. I can delete the HJT folder and re-install HJT. Again, it will exit early. 3. I tried ComboFix. It will start running, but after about 7 - 10 min I get a blue screen of death. Once I restart the machine I can run Combofix again with the same result.I tried renaming to Combo-Fix upon d/l, but no difference. 4. I tried RootRepeal. When it starts I get a message "Error - invalid PE image found". It scans for a little while 15 - 25 sec then exits. Subsequent tries give "access denied" errors. I can unzip a fresh copy of RootRepeal to the same place with the same results. 5. I tried ProcessExplorer to look for suspicious processes. Almost everything looks legit, with all of the processes that I can't identify being in the "windows/system32/" folder. There is, however, a process called "b.exe" which is there sometimes and not at other times. I believe that this is how the previous virus manifested itself, and might be causing the IE popups etc. I kill it when I see it, but it comes back after maybe 1/2 hour or so. 6. I tried removing the HD and slaving it to my desktop computer. MBAM was able to scan it fully and it found and fixed 1 infected object. But, upon reinstalling in the laptop, MBAM is still not able to run. So, I've gotten to the point of asking for help. From what I've read It seems like it might be time for an Avenger2 script, but I won't do that until I'm told to by someone smarter than myself. Thanks. Bob
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.