Jump to content

Malwarebytes can not delete

kyokushin
 Share

Recommended Posts

kyokushin

kyokushin

Posted
Posted

Hello everybody,

i have a quite big problem

i borrowed a usb drive from a friend and it was infected by something very powerful

i will try to discribe all symptoms

i could not run softwares like ccleaner, i can only run MBAM

i could not run online scans in internet all pages related to online scan refuse to open in all my browsers (IE, Firefox, Chrome)

i could not install any antivirus software

i tried to install avast, zonealarm but once i click it stops a few seconds later

MBAM detects a lots of trojan (PUM.Disabled.SecurityCenter or virus.sality ...), i delete them i restart but they come back

i found them here

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter)

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter)

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Heuristics.Shuriken)

C:\RECYCLER\S-1-5-21-1292428093-1972579041-1417001333-1003\Dc20.exe (Malware.Packer.Gen)

D:\cmym.exe (Malware.Packer.Gen)

i have no clue how to solve this problem

can some one give me a help please

:(

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Run RogueKiller again and delete all of these:

¤¤¤ Processus malicieux: 1 ¤¤¤

[sUSP PATH] tcrs.exe -- C:\DOCUME~1\T\LOCALS~1\Temp\tcrs.exe -> KILLED [TermProc]

¤¤¤ Entrees de registre: 5 ¤¤¤

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

----------------------------------------

Then.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
kyokushin

kyokushin

Posted
  • Author
Posted

OK good, the RK scan looks OK.

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Thanks for the reply

Despite the fact that the Rogue log looks good i still having problems for running Ccleaner for exemple

it stop

floating point support not loaded

i am running the malware scan right now i'll post the report while it finishes

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

These you can control by going to your Control Panel > Security Center > click > "Change The Way Sercurity Center Warns Me" on the bottom left column. Make any changes there.

Elément(s) de données du Registre détecté(s): 3

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès

I'm not sure what this means:

(Aucun élément nuisible détecté)

This one you (UAC) can set as outlined below, on or off:

¤¤¤ Entrees de registre: 1 ¤¤¤

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

http://www.howtogeek...-windows-vista/

--------------------------------

Please run ComboFix again and post the log, MrC

Link to post
Share on other sites
kyokushin

kyokushin

Posted
  • Author
Posted

These you can control by going to your Control Panel > Security Center > click > "Change The Way Sercurity Center Warns Me" on the bottom left column. Make any changes there.

I'm not sure what this means:

This one you (UAC) can set as outlined below, on or off:

http://www.howtogeek...-windows-vista/

--------------------------------

Please run ComboFix again and post the log, MrC

hi

thank you for your reply

the words you don't understand says

nothing harmful was detected = it's clean

I am on XP i'm not on vista or 7 so

i did not found how to do it correctly

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.