Checking if malware prevents MBAM service install

[villandra]

I'll be posting more detail on the main forum, but I understand this is where to post information on running processes.

I had an infection with one of the fake antivirus viruses. Vipre found and removed two pieces of it, and identified it as Trojan.Win32.FakeAV.oq(v). I understand there are hundreds of variations of that virus. The process that ran the virus was ATA.EXE, and every time I ran any EXE it ran. It also hijacked my browsers to give me a message about IE being infected and needing to do this and that to fix it.

To fix it I booted into safe mode, and manually removed as much of the virus as possible. I deleted every file that was created when the virus appeared. Then I deleted ATA.EXE, which was not previously found nor deleted, even though the search feature is set to find hidden files and folders, and system files. I searched the registry but didn't find anything more of this virus except the registry line that Vipre deleted. That would be unusual for this virus, particularly as it altered the registry to change the exe file association. In my experience, malawarebytes is better at finding registry changes, but of course I can't run it.

Next I couldn't run any EXE file. I ran three fixes, including the one here http://www.dougknox.com/xp/file_assoc.htm, and Malawarebytes' exeHelper. All exe files are now working, except the one that installs MBAMservice on my computer. I also had trouble with my shortcuts, and I ran the fix for that on http://www.doughknox.com, and they are now pretty much working.

I now have Malwarebytes installed, but the service won't install. It doesn't appear in services.msc nor in the services tab of msconfig when it runs at startup.

I am running Windows XP Pro, service pack 3. I have a home built computer with a Gigabyte motherboard, which came with some unique processes like daemons and a couple of oddly named things that run the system clock.

I previously had the trial version of Malabytes' antimalware installed - and it wouldn't run. I bought the paid version and installed it over it, thinking maybe it wouldn't work after the trial version ran out. I have now, several times, uninstalled it using the add/remove programs, rebooted computer, ran MBAM-clean, rebooted, and installed the MBAM-setup-bunchofnumbers version of the installer, and rebooted the computer. Didn't help. The MBAM service still does not appear in services.msc or in services in msconfig.

When I double click the mbamservice file in the program folder, the first time it opened an empty command window, and since then an empty command window flashes briefly and then disappears. I've tried both versions of the install file (the other is the mbam-consumer one), so I don't think it's a corrupt file.

I've also tried Rkill, didn't help. I do think that's the one that told me it stopped windows/explorer.exe (which is currently running). I tried a half dozen of the chameleon fixes, but of course that didn't help - the service isn't running.

I ran dds.scr. I am attaching the smaller file. I don't have a way to zip the larger one - attach.txt (and it cannot now be found on my computer). Here are the processes I noticed that I didn't recognize. There was nothing else in it that made no sense.

Aioscan, Aiosoftware, BufferChm, CP_AtenaShokunin1Config, CueTour, InstantShare, OfotoXMI, Product Context, SFR, SHASTA, staticer, speccy (not the first I've seen of speccy), Tray App, and QFolder. Tray App could conceivably be the system tray. BufferChm looks like a system process. hijackthis.logdds.txt

Thanks!

I also searched the registry for mbam. All references to mbam looked normal; I didn't see anything that looked to me like it should specifically block a file whose name contains mbam from running, not that I have much expertise in the Windows registry.

[LDTate]

http://www.bleepingcomputer.com/forums/topic437024.html/page__gopid__2555388#entry2555388

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!