Jump to content

Laptop on XP SP3 very slow, Malwarebytes can't start


vin_

Recommended Posts

Hi,

I have some problem of running Malwarebytes although I have uninstall and used the remover. It will not start when I double click and my AVG antivirus always pop up a threat but I can't delete it because it will be there everytime I restart.

Also on hijack this logs:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\Kelvin\Local Settings\Application Data\cmbxatxb\ksskkthr.exe

I can't find any cmbxatxb\ksskkthr.exe file but I do find that there is a txt file that can't be deleted and always will create itself after I deleted all the other txt files.

My internet explorer will not me to browse to malwarebytes, avg etc but will allow me to browse like google.

I have uninstall my avg and tried to reinstall but failed.

Please help. File as attached. attach.txtdds.txthijackthis.log

Thank you,

Kelvin

Link to post
Share on other sites

Hello Kelvin and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall this application: easyMule

Step 2

Please follow the instructions here to download and run Malwarebytes:

http://forums.malwarebytes.org/index.php?showtopic=85715&st=0&p=434003entry434003

Link to post
Share on other sites

Hi Maniac,

I have this problem, after running malwarebytes a few times, and deleted this virus.sality, it is still coming back. Do you know why each time I have remove this virus, it keeps coming back? Is the second time I removed the same virus already. Thanks.

Here is the infected scan result:

Registry Keys Detected: 1

HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken.

vin

Link to post
Share on other sites

This is the file infector and the problem with file infectors like Sality are that they infect all of your legitimate programs.

The problem is... the virus is very buggy, so it does not do a good job of infecting your files, so any attempt to disinfect and possibly save your files would be futile, in that, due to the buggy virus, we cannot properly disinfect your files.

What I highly recommend now is a reformat and a reinstallation of Windows.

Please let me know if you are prepared to do so.

You may backup and save all files except programs (meaning pictures and documents are okay), because if you backup any applications, they will transfer to your clean system, and you will be reinfected.

Link to post
Share on other sites

Hi Maniac,

Thank you for your reply.

Is there any other solution besides reformat and reintallation of Windows? I prefer not to reformat (if possible)becasue of the time taken to backup documents and pictures and also reinstalling programs later on.

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Hi Maniac,

I am attaching the log files(combofix_log.txt).

I suspect this could be the problem as it show up more often in the antivirus software, but I cannot delete it as it is not showing the folder.

HKCU-Run-KssKkthr - c:\documents and settings\Kelvin\Local Settings\Application Data\cmbxatxb\ksskkthr.exe

Then I unhide the folder and saw this folder 'cmbxatxb' but is empty inside. I can;t find ksskkthr.exe. Shall i delete the whole folder?

Thank you for looking at this.

combofix_log.txt

Link to post
Share on other sites

Do not run anything without my instructions.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::

FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

Folder::

c:\program files\eMule

c:\documents and settings\Kelvin\Local Settings\Application Data\cmbxatxb

DDS::

IE: Download by easyMule - c:\program files\eMule\IE2EM.htm

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.