Jump to content

exile360

Experts
  • Posts

    31,301
  • Joined

  • Last visited

  • Days Won

    41

Everything posted by exile360

  1. Cyclic redundancy check errors seem to be generally related to data corruption, so perhaps your .pst file has been corrupted. The only thing I can recommend is try running chkdsk /f from a command prompt (you will need to reboot after running it), to see if that fixes the problem. Aside from that, I would say your only bet would be if you had a recent backup of your .pst file (which conains your emails, contacts etc) to try loading from the backup.
  2. You are both very welcome, and Danielle I also recommend that you read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7 This will help to ensure that you are totally clean, even if there is something that Malwarebytes' Anti-Malware missed. Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. Good luck and safe surfing.
  3. Greetings, if you still want to get things working please read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7 Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. Good luck and safe surfing.
  4. Hello, and welcome to the forum. Unfortunately I don't speak Italian, so I hope you can understand or translate this. To get everything fixed please read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7 Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. Good luck and safe surfing.
  5. Unfortunately the realtime protection module doesn't function in x64. This is due to the difference in driver requirements (which the realtime component in MBAM needs to function) in x64, particularly in Vista, as MS has a rather complicated, and limiting implementation of 64bit. As far as I know the developers are doing what they can to work out compatibility with Vista x64, but in the meantime you can still schedule scans and use automatic updates for MBAM which aren't available in the free version. If you don't want to wait it out until they get x64 working for MBAM then you can PM Marcin and I'm sure he will accomodate you with a refund, but I'd personally recommend being patient as MBAM is one of the best softwares of it's kind out there. No matter what you decide, we're here to help and answer any questions you might have. Good luck and safe surfing.
  6. Greetings and welcome to the forum. When you get "kicked out" do you mean the computer reboots itself or does it just log you off?
  7. Welcome to Malwarebytes'. I don't see anything malicious in your logs so I'm thinking it could be an issue with either your hosts file or your firewall. If you're using the free version of AVG it has no firewall and the Windows firewall wouldn't block it. But if you're using the AVG internet security suite, then it could be it's firewall blocking it. If it's not the firewall, then it could be the hosts file, which you can check by trying to access www.securitywonks.net from internet explorer on her computer, if it won't connect then it's probably her hosts file which can be edited in notepad. The hosts file is located at C:\WINDOWS\system32\drivers\etc\hosts. Look for the entries 127.0.0.1 www.malwarebytes.org and 127.0.0.1 www.securitywonks.net. If that's not the problem, then I would try doing a complete uninstall of malwarebytes, then run a good registry cleaner like ccleaner to remove any leftover registry entries related to malwarebytes, then reboot and reinstall the latest version. If you still have problems let us know.
  8. Hello alicez, I'm going to try to answer your questions, although keep in mind I'm not one of the developers, just an experienced user. 1. Yes, it could potentially take longer on Vista as there are many factors to consider such as the much larger size of the winsxs folder in Vista. Also, if your Vista is x64 it has substantially more system files and directories than XP. Since you're talking about scan times of 40 minutes or more, I'm also assuming that you're doing full scans, not quick scans as those should only take 1-5 minutes on nearly any system so all the files/processes etc. are all factors that can increase how long it takes. 2. MBAM doesn't currently install a listing in the Vista Security Center, however it may change someday (that's up to the developers). 3. The little shield indicates that the program requires full administrative privelages to function and that if the program is run, it will prompt for permission to do so using User Account Control (many settings in Windows Vista also have that shield on their icons indicating the same thing, such as installing Windows Updates, and system programs like Regedit). As XP automatically runs all processes with full administrative privelages without requiring any special permission/user approval, there won't be any icon to indicate a need for special privelages. UAC (User Account Control) is a new feature implemented in Vista to help with security, and if users pay attention to the prompts and make certain that the apps they run/install requiring permission are safe, it can actually prevent a lot of malware from infecting a system without the intervention of anti-virus and anti-spyware apps (a nice perk from MS if you don't get too annoyed/desensitised to the popups). I hope I have been helpful, if you have any more questions feel free to ask as the users here are very knowlegable and helpful.
  9. Previously MBAM has updated automatically via checking for updates, but it is ALWAYS best practice to completely uninstall the program, reboot, run a reg cleaning utility like ccleaner and remove any entries related to MBAM, and then reboot if any were present/removed, and then install and update the latest version.
  10. Greetings and welcome to the forum. Most likely there is some other component of the malware that is causing the trojan to regenerate. To get you fixed up please read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7 Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.
  11. Greetings and welcome to the forum. I looked at your log and it appears, aside from the one trojan, which you should absolutely remove, the rest of what Malwarebytes' is detecting is related to mywebsearch. I'm guessing you have a Dell computer as they now come with this junk preinstalled on them. I would recommend removing all of it. Mywebsearch is known for tracking internet usage and skewing results of online web searches to redirect you to affiliates of Funweb products for the sake of profits. You could leave mywebsearch if you really wanted to as it's not quite as malicious or dangerous as a lot of other malware, but I would remove it all if I were you. Now, since you actually do have a trojan on your system, I would highly recommend following these instructions to make sure that trojan didn't download and install any other malicious software to your pc that Malwarebytes' might have missed. Please read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7 Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.
  12. This is quoted from one of the forum moderators. Many have been having this issue. Welcome to Malwarebytes Please try the following routine to see if you can get Malwarebytes to run. Click on Start, click Run, and then type devmgmt.msc and click OK On the View menu click on Show hidden devices Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys Highlight that driver and right click on it and select DISABLE Now RESTART your computer. Download a copy of Malwarebytes but DO NOT run it yet. Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it. Once the program is installed go to the UPDATE tab and try to update the program if you can. Then go to the SCANNER tab and run a Quick Scan and allow MBAM to fix anything found. If that does work then please follow the routine below and post a new topic in the listed forum with the requested information. Please read and follow the instructions provided here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 When ready please post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7 Someone will be happy to assist you further with cleaning your system. During this scan and cleanup process you should not install any other software unless requested to do so.
  13. Yes, all those you named plus rootkits to boot. That doesn't mean it will catch every nasty of one particular type every time though, as all malware is updated and modified rather frequently to bypass detection, so it is always good practice to use a good antivirus and keep it up to date, a good firewall, and a good anti-spyware/anti-malware program. Keeping other freebie tools around that you can use as on-demand scanners to scan with at least once a month, if not once a week with is also a good idea.
  14. The quick answer is no, probably not as Blacklight happens to be one of the tools in my own toolkit that I track and it hasn't been updated at all in quite a long time and Malwarebytes' is being updated constantly, including it's detection of new rootkits. The long answer (although not really that long) is who knows? No one tool can detect all active malware on any given day and it never hurts to have a backup. Blacklight is a small tool that runs without installing anything, so why not keep it around for a second opinion? To be honest though, in my experience GMER is better at detecting rootkits than Blacklight, but it is not definitions based like Blacklight, so it won't tell you if it detected an actual malicious rootkit, you must have it analyzed by someone who knows how to interpret the output.
  15. Excellent, I'm glad to be of service. Good luck and safe surfing.
  16. OK, time to go a little deeper. Try this one, do the same as the last fix except save it as a .reg file instead of .bat. Reboot when you're done and see if it worked. If not, let me know and I'll continue to help you figure it out. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig"=dword:00000000 "DisableSR"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoSaveSettings"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr] "Type"=dword:00000002 "Start"=dword:00000000 "ErrorControl"=dword:00000001 "Tag"=dword:00000004 "ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,72,00,2e,00,73,00,79,00,73,\ 00,00,00 "DisplayName"="System Restore Filter Driver" "Group"="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters] "FirstRun"=dword:00000000 "DontBackup"=dword:00000000 "MachineGuid"="{EAAFAEEC-4AFE-42BE-83D9-C12FDD4942A6}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Enum] "0"="Root\\LEGACY_SR\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig"=dword:00000000 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore] [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore]
  17. No, TDDS is a rootkit and after MBAM removes the infections, you should uninstall it through the device manager.
  18. When selecting english, hit the space bar and it should select it, then press enter.
  19. Greetings and welcome to the forum. To get you fixed up please read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7 Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.
  20. Alright, let's try this then, please copy the following text into notepad and save the file as restorefix.bat. When saving it, be sure to use the drop down that says Save as type, and select All files. Once it's saved double click it, it should reenable the system restore service. @echo off setlocal set key=HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore set disableconfig=DisableConfig set disablesr=DisableSR :Enable swreg add %key% /v %disableconfig% /t REG_DWORD /d 0 > NUL swreg add %key% /v %disablesr% /t REG_DWORD /d 0 > NUL :eof
  21. Please go to start and click on Run and type services.msc once the services management console comes up look for a service called System Restore Service, and make sure it is set to Automatic under startup type and that it's status says Started. If it does not, right click it and click properties and use the drop down to select Automatic startup type and click the button that says start. If this doesn't help, let me know and I'll see what we can figure out.
  22. No problem, glad I could help out. Just remember, if you see ANY signs of infection, or even if you don't but you want to make absolutely sure you're clean, just read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7
  23. Excellent, one of the experts in the HijackThis forum will analyze your logs and help you get rid of the bugs. Then they will probably add detection and removal for it to MBAM once they figure out what's causing it. Just remember to be patient in the HijackThis forum as the number of experts is much smaller than the number of users needing assistance, but fear not, they will get to you and help you out.
  24. You will, don't worry. The HijackThis forum is just really busy with a lot of users needing help and the members who assist are doing so in their free time free of charge, so just be patient, someone will help you out and analyze your logs (which they may already be doing and just haven't finished analyzing yet). Thanks for your patience and for posting on the forum.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.