Jump to content

Malwarebytes Anti-Rootkit help


Recommended Posts

I've tried MBAR on 3 computers in the last week or so and i'm 1.5 for 3 on getting to run. The problem i'm having is this error message:

Administrative account is required to run this program. Please switch to

another user account with administrative privileges and restart the

program.

On all 3 computers the user accounts were definitely administrator accounts. On the first computer, i couldn't get around this issue period, i had to aswMBR to find and remove the rootkits. On the second computer it ran like a champ, detected multiple infections and removed them like it knew it was doing.

On the 3rd computer, which is my computer, at first i was getting this same error messages. I have 2 accounts on this machine, my primary user account and a second that never gets used, at all.

Anyway, I checked the account settings for both users, checked their group memberships and all that good stuff, nothing, i restarted the computer, nothing. I removed both user accounts for every group except the administrators group, still nothing. So i decided to scan it MBAM, well, because i running out of useful ideas. MBAM found a single infected object in the recyclebin, but its path was masked from the OS, so at first it seemed like a false positive, or a ghost file, but it wasnt. I had MBAM remove the file, let it restart my computer and all was well. After it rebooted I started MBAR with no problems. I updated MBAR and started a scan, everything seemed to be going fine, except MBAR was taking a REALLY long time to scan my computer. 1:45 mins in to the scan i had to relocate, it was really late and i had to go home. I had told my laptop to hibernate, which it usually does without issues.

Fast forward 18 hours to this afternoon. I grab my laptop and boot it and to my dismay i find out my laptop didn't hibernate for whatever reason, I looks like it hung up at some point during the hibernation process, because the battery was dead and windows was booting after having not been cleanly shutdown. so that whole scan was gone, however when i tried to run MBAR this afternoon, I am back to got this error again. I tried a few things, including running MBAM again, nothing.

I would like to figure out what’s causing this, MBAR looks like it has promise of being a good utility and a nice addition to my arsenal, however i've got to get it to run consistantly first. Not to mention that i would like to scan my computer, i think its infected because its performance went completely south a couple days ago.

Link to post
Share on other sites

Hello and welcome to Malwarebytes

If you think you are infected, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the

Malware Removal forum
so a qualified helper can help you fix any malware related problems or infections you may have.
  • Please read and follow the directions here, skipping any steps you are unable to complete.
  • After posting your new post, make sure under options, you select Follow this topic and choose Instantly,
    so that you're alerted when someone has replied to your post.

NOTE: Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.


    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk

OPTION 3

If you would like to use our
Malwarebytes Premium Consumer Services
partner, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
support site.

Please be patient, someone will assist you as soon as possible.
Link to post
Share on other sites

I appreciate you offer for help to disinfect my computer, however, its not needed, i'm quite capable of taking care of that aspect myself, I'm an independent consultant, i do this stuff for a living.

The help i was asking for is some insight as to why MBAR gives the error message listed in my above post regarding the user account being an administrator account, and what the variables are that it looks for to determine if the user is an administrator or not, because its behavior seems somewhat inconsistent, e.g. it runs fine on some computers and not on others, or, in the case of my computer, the first couple times I attempted to run it, it gave me the error and after a few more random attempts, it ran a scan just fine, after that scan, the next attempt was back to giving the error again.

Link to post
Share on other sites

Disclaimer

This is beta software, for consumer and approved partner use only, use at your own risk, and by proceeding you are agreeing

to the terms of our license agreement, enclosed as "License.rtf".

All Beta versions are non-final products. Malwarebytes does not guarantee the absence of errors which might lead to interruption

in normal computer operations or data loss. Precautions should be taken. The types of infections targeted by Malwarebytes Anti-Rootkit can be very difficult to remove. Please be sure you have any valued data backed up before proceeding, just as a precaution.

While we encourage and invite participation, Malwarebytes Anti-Rootkit BETA users run the tool at their own risk. Malwarebytes bears

no responsibility for issues that may arise during use of this tool, however all reasonable efforts will be made by Malwarebytes to

assist in recovery should the need arise.

If you experience any problems in running the tool or it hasn't fully resolved all of the issues you had, please contact support.

http://www.malwarebytes.org/contact_consumer

You can also have a look in the help file that came with Mbar @ ReadMe

Thank You

Link to post
Share on other sites

I appreciate you offer for help to disinfect my computer, however, its not needed, i'm quite capable of taking care of that aspect myself, I'm an independent consultant, i do this stuff for a living.

The help i was asking for is some insight as to why MBAR gives the error message listed in my above post regarding the user account being an administrator account, and what the variables are that it looks for to determine if the user is an administrator or not, because its behavior seems somewhat inconsistent, e.g. it runs fine on some computers and not on others, or, in the case of my computer, the first couple times I attempted to run it, it gave me the error and after a few more random attempts, it ran a scan just fine, after that scan, the next attempt was back to giving the error again.

It would be very helpful for the developer if you'd please send the following logs as attachments to your reply. These logs are located in the Malwarebytes Anti-Rootkit folder.

All mbar-log-2012-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)

system-log.txt

Link to post
Share on other sites

Firefox, That was the first thing i tried when i got the error message.

LDTate,

I did get the scan to work, but under less than ideal circumstances. In order to get it to work, I had to enable the actual administrator account under local security policies, log in as that user and run the scan, doing it that way it worked fine, however hardly practical for most users, especially considering on Windows home versions the local security policy editor doesn't exist and the changes would need to be made via the registry.

I have attached the logs you've requested, there are 2 of each logs, the first set are from my failed attempts to run the scan under my normal user account. these are the mbar-log-2012-12-6,txt and the system-log-1.txt.

The second set of logs are from the successful scan using the built-in administrator account. They are mbar-log-2012-12-08.txt and system-log-2.txt.

The first system-log.txt also has the scan info from the one time i was able to run the scan with my normal user account.

I noticed in the mbar-log it shows USERNAME :: COMPUTER NAME [Limited] but it shows this in the logs of both the successful and unsuccessful scans, so its probably irrelevant

mbar-log-2012-12-06 (21-14-26).txt

mbar-log-2012-12-08 (05-45-49).txt

system-log-2.txt

system-log-1.txt

Link to post
Share on other sites

Wallyb,

This is the feedback I received.

"Administrative account required" issue seems to be fixed in 1011.

So get the latest MBAR and try it.

I had discovered that a couple of days ago when i decided to check for a newer version. I've tested it on all the machines i was having this problem on and it worked perfectly on all of this. So for me at least, this issue is resolved.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.