Jump to content

Recommended Posts

Got a nasty last night on an XP system. Symptoms:

Wallpaper no longer present. Boots initially to a gray screent that then turns black

Program Files Folder shows empty

"Windows detected a hard disk problem" followed by repeated "Windows - Delayed Write Failed" errors

taskman unavailable

All taskbar shortcuts are gone

Several popups on taskbar:

1. "Hard drive clusters are partly damaged. Segment load failure

2. "Critical Error - Windows OS can't detect a free hard drive space. hard drive error

3. etcetera...

(Clicking on the baloons pulls up "System Fix" which cannot be closed and places a shortcut for System Fix on the taskbar)

cmd available, so I navigate to mbam directory and execute. mbam DB 7904 (10/8/2011) is out of date, so check for updates. Update appears to download (7.12 MB), but then error:

"An error has occurred. Please report this error code to our support team.

PROGRAM_ERROR_UPDATING (5, 0, CreateFile)

Access is denied."

Clicking on OK, mbam will continue to load with the old DB. Full scan in safe mode finds 9 registry items infected. Remove and reboot. Same symptoms including inability to update mbam. Quick scan finds 7 registry items infected. Remove and reboot. Same symptoms appear again. Repeat scan, remove, reboot -- same behavior, no joy.

I am willing to continue to repeat scans in the hope that iteration will eventually get rid of all of them, but am concerned that something is not being detected due to the 2 month old DB. Is there a way to manually update the DB? Or am I chasing the wrong rabbit down the hole and should be doing something else?

Next step, download DDS, copy to desktop and run. Results are a series of hash marks for much longer than 3 minutes, followed by several lines of "Access Denied", whereupon DDS (I believe) restarts the scan, and repeats until I kill the cmd shell.

Thanks.

Link to post
Share on other sites

Finally got DDS to work... Looks like 2 rogue exes in AppData created about the same time as I got infected...

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Run by Dave at 11:21:39 on 2011-12-03

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.262 [GMT -7:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe

C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe

C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\ZuneBusEnum.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe

C:\Program Files\Common Files\Anoto\DockingEngine.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Documents and Settings\All Users\Application Data\NaAlgcphpofdVU.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\Documents and Settings\All Users\Application Data\MYBFzRZ0YNBqrM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\attrib.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\cidaemon.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = localhost;*.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spark] c:\program files\spark\Spark.exe

uRun: [EPSON PictureMate (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2P1.EXE /P26 "EPSON PictureMate (Copy 1)" /M "PictureMate" /EF "HKCU"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Google Update] "c:\documents and settings\dave\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack

mRun: [Logitech Pen TrayIcon Server] c:\program files\logitech\iosoftware\LPTrySvr.exe

mRun: [Logitech Pen Docking Engine Server] c:\program files\common files\anoto\DockingEngine.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [EPSON PictureMate (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2P1.EXE /P26 "EPSON PictureMate (Copy 1)" /O5 "LPT1:" /M "PictureMate"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [NaAlgcphpofdVU.exe] c:\documents and settings\all users\application data\NaAlgcphpofdVU.exe

uPolicies-explorer: NoDesktop = 1 (0x1)

mPolicies-explorer: RevertWebViewSecurity = 1 (0x1)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab

DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135113565000

DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} - file:///C:/Documents%20and%20Settings/Dave/Local%20Settings/Temp/SimpleShare_NASFinder/NASFinder-050809/html/nafcom.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{3B3A41A1-08D1-4EA0-926C-7795EBA2C6C4} : DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{507EDAF8-AA82-448E-BED1-7F39FB114EC5} : DhcpNameServer = 192.168.11.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 10.140.9.12 bcref

Hosts: 10.140.9.17 bctl1

Hosts: 10.140.9.22 bctl2

Hosts: 10.140.9.27 bctl3

Hosts: 10.140.9.32 bctl4

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\dave\application data\mozilla\firefox\profiles\pr11a8rx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20110815

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110815&q=

FF - plugin: c:\documents and settings\dave\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.04.06);user_pref(general.useragent.extra.zencast,

============= SERVICES / DRIVERS ===============

.

R0 Spssys;Toshiba SPS Service;c:\windows\system32\drivers\spssys.sys [2005-12-20 164256]

R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files\vmware\vmware vcenter converter standalone\vmware-converter-a.exe [2011-8-19 423536]

R2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files\vmware\vmware vcenter converter standalone\vmware-converter.exe [2011-8-19 423536]

R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files\vmware\vmware vcenter converter standalone\vmware-converter.exe [2011-8-19 423536]

R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-12 22768]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-3 41272]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-5 135664]

S3 bmdrvr;Modified Clusters Tracking Driver;c:\windows\system32\drivers\bmdrvr.sys [2011-3-15 54384]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-5 135664]

S3 LapUsb;Logitech io Pen USB driver;c:\windows\system32\drivers\LapUsb.sys [2004-10-16 68571]

S3 SUSCOM;Susteen Serial port driver;c:\windows\system32\drivers\SUSCOM.SYS [2002-10-22 40448]

S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]

S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]

.

=============== Created Last 30 ================

.

2011-12-03 17:58:03 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-02 18:11:51 352392 ---ha-w- c:\documents and settings\all users\application data\MYBFzRZ0YNBqrM.exe

2011-12-02 05:35:43 444552 ---ha-w- c:\documents and settings\all users\application data\NaAlgcphpofdVU.exe

2011-11-30 03:25:09 -------- d--h--w- C:\HP Universal Print Driver

2011-11-28 05:20:34 -------- d-----w- c:\documents and settings\dave\local settings\application data\VMware

2011-11-28 05:20:33 -------- d--h--w- c:\program files\VMware

.

==================== Find3M ====================

.

2011-11-27 18:20:42 60416 ---h--w- c:\windows\ALCFDRTM.VER

2011-11-26 17:46:40 414368 ---h--w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22:41 692736 ---ha-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ---ha-w- c:\windows\system32\crypt32.dll

2011-09-26 17:41:20 611328 ---h--w- c:\windows\system32\uiautomationcore.dll

2011-09-26 17:41:20 220160 ---ha-w- c:\windows\system32\oleacc.dll

2011-09-26 17:41:14 20480 ---ha-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ---ha-w- c:\windows\system32\win32k.sys

.

============= FINISH: 11:34:20.04 ===============

Link to post
Share on other sites

Update:

Downloaded rkill and ran.

Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\5W401YN0\uSeRiNiT[1].exe

Then went in and deleted the rogue exes.

Then ran mbam. Currently scanning. I expect it to find the bad reg entries and then remove them...

Crossing fingers....

Link to post
Share on other sites

Rebooted with JOY!

Gray screen (missing wallpaper), programs still hidden, and quick launch buttons missing. But no pop-ups and taskman fires up with a 3 finger salute.

Still getting error on Malwarebytes Update...

Any ideas on that problem? Also, will unhide return attributes for the file structure?

Thanks.

Link to post
Share on other sites

Malwarebytes finds 0 infected items. Unhide crunching away with directories and files showing up in a semi-random fashion.

Looks like it is working. "System Fix" icon showing in Quicklaunch -- hopefully pointing to an empty directory or file that is no longer there...

Purchased MalwarebytesPRO and will install after unhide is done. Hopefully this will fix the update issue I was having and provide future protection...

Hoping next post with final result is last one...

Link to post
Share on other sites

Last post...

Unhide did it's job. Everything back. "System Fix" quicklaunch (and shortcut that appeared after unhide completed) pointed to the exe in AppData that I had deleted previously. Recycle bin they go...

Unhide also fixed the Malwarebytes update issue -- I tried running the update on the freeware version prior to installing the PRO and the update worked with no error messages. My guess is that the System Fix attribute changes included a read only attribute for whatever folder Malwarebytes uses for the update.

This issue can be closed...

Now if I can just get rid of that Google redirect... :)

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.