Jump to content

Malwarebytes blocked, Chameleon doesn't seem to work

gail33

By gail33
in Resolved Malware Removal Logs

 Share

Recommended Posts

Maurice Naggar

Maurice Naggar

Posted
Posted

You should use the guides posted in the MBAM FAQ's to set trust settings in MBAM so it trusts Norton Internet security and also in Norton Internet Security so that it trusts MBAM

http://forums.malwarebytes.org/index.php?act=findpost&pid=215158

Lacking the trust settings, that is why MBAM ran so very, very long.

Without the trust settings, Norton was scanning each file for each time that MBAM was doing the scan. Leading to real slowdown.

Link to post
Share on other sites
gail33

gail33

Posted
  • Author
Posted

Hi Maurice,

I took a quick look at the link you provided for making Norton trust MBAM. I didn't have time to work on the process this morning, and to be honest I can see myself screwing something up. I pondered all day, and wondered if disabling Norton to run the MBAM scan would work, so I tried it. The quick MBAM scan ran in its customary 4 minutes and found nothing.

If it's possible, and you don't mind, can we skip making Norton trust MBAM for now, just to finish up? I will ask a nephew, who is much more computer literate than I, if he would work on the Norton-MBAM issue later.

gail

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Given that MBAM scan found nothing, then we can wrap this up.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

Rkill

roguekiller.exe

Tdsskiller.exe

Fss.exe

securitycheck.exe

Safer practices & malware prevention

Print out this section for your future reference.

We are finished here. Best regards. cool.gif

Link to post
Share on other sites
gail33

gail33

Posted
  • Author
Posted

Hi Maurice,

I'm posting this from a different computer.

Before I forget, when starting "gs" user, those 3 RunDLL screens still appear.

I read through your post, and since I'm not on the computer at the same time every day I decided before opening the browser I would update MBAM and Norton (on the computer you've been cleaning up.) MBAM updated just fine, but when I tried to update Norton the file size was 136,000+ MB. I'm wondering about the size of the file because the program did download updates the last day I had the computer online. Sprint isn't working well today so I'm going to have to take the laptop to town.

Also, did you want me to run the DDS program (from your post #22)?

Re: checking USBs

I have one USB I suspect is harboring whatever malware MBAM dealt with. What happens when I hold down the SHIFT-key as the USB is inserted? Does Norton automatically scan the USB, or does the SHIFT-key stop the computer from starting the USB? MBAM seems to find more nasty things than Norton, so is it possible to scan the USB with MBAM and Norton before it is opened?

gail

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Gail,

As to Norton, please pursue the issue with Norton support. They have a web support site.

When you hold the SHIFT-key during the insertion of a USB-key-thumb drive the "auto-run" does not execute.

But you also need to look at cleaning up a suspect USB

Download and run "Flash Drive Disinfector" by sUBs. It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.

http://download.blee...Disinfector.exe

There is no GUI interface or log file produced.

Run each of your USB-flash-thumb drives thru Flash-disinfector. Also scan each of them with your MBAM & also antivirus.

As to the "gs" and rundll thing....

1) You'll forgive me, I am at a loss to understand the difference & uniqueness of "gs" versus the other account.

Does gs have administrator-level rights ?

Did we not run our tools in the same account as when you started this help-topic ?

2) Reboot the computer fresh. Login with the gs account. and keep using it while I "try" some more things.

Please know that if I am unable to pin this down, I will then ask you to backup the "gs" documents & personal files to offline media, and then quit using that account & delete it.

That would be the final solution.

For now, as I said, restart & login to gs

Step 1

To show all files:

  • Press Windows-key +R key on your keyboard to get RUN option.
  • Type in 
    explorer.exe

    and press Enter to start Windows Explorer.

  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 2

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Gail only. If you are a casual viewer, do NOT try this on your system!

If you are not Gail and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites
gail33

gail33

Posted
  • Author
Posted

Hi Maurice,

I'm posting this with a different computer from the one you are trying to clean.

As to the "gs" and rundll thing....

1) You'll forgive me, I am at a loss to understand the difference & uniqueness of "gs" versus the other account.

Does gs have administrator-level rights ?

Did we not run our tools in the same account as when you started this help-topic ?

When we started, "gs" was my everyday user account that had admin rights. During step 7 (?), when you instructed me to download a program and put it on the C: drive, the computer would not allow me to do that, only to download into "gs downloads". I was logged in as admin, but when I went into control panel-user account, I found I was logged in as a regular user, even though it showed me as admin. I tried many times to change to admin, to no avail. I shut the computer off, and when I restarted it "gs" no longer had admin rights, neither did "my computer". A relative suggested I start in safe mode and change a setting. I did that and got admin rights back, but not through "gs", it showed up in "my computer".

My ignorance, screwed you up. I did not realize I could log to the "gs" user AND get admin rights by entering the "my computer" passward. You caught it and straightened me out..

But the problems have multiplied with that computer, and Sprint started having a problem with their tower last Thursday, resulting in no internet access at home. I did take the computer to town on Sat. to update Norton and MBAM. I ran a Norton full scan and MBAM full scan (with norton shut off), neither found anything, and then started on your last instructions, beginning with deleating the previous Combofix download.

Then I could go no further because of Sprint. The next day I took the computer to town, logged into "gs"....and the thing wouldn't show the desktop. It was running the little circle, but the desktop wouldn't load. Went back home, and was finally able to log into "gs" only after removing the battery. But no Sprint to download anythng.

I'm going to ship the computer off to a more computer-intelligent relative in the morning. Hopefully he has it on Thursday, and if it's okay with you, he'll pick up with you trying to straighten things out.

Thank you for your patience and your instructions. You have been a blessing to me.

Link to post
Share on other sites
gail33

gail33

Posted
  • Author
Posted

Hi Maurice,

UPS told me the computer should be deliveredd yesterday (Thursday), but I didn't call Bob to see if he did get it. I gave Bob the info for this forum, and I expect him to post as soon as he can get into the "gs" user. Bob did tell me he prefers McAfee and has no problems running MBAM PRO with the McAfee. Do you have an opinion on Norton or McAfee? gail

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

If I my druthers between Norton & McAfee, I would give the nod to McAfee.

But that aside, now is NOT the time to switch antivirus apps. Hold off on any switch until after I give the all clear.

The main remaining goal is to get detail on the alleged DLL display (at startup) that you had seen.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

I have been advised that a clean Windows install has been done. I am marking this as resolved.

I will just convey to you my best wishes, and encourage you to put in practice safer practices.

You should create a "system repair disc" for your Windows 7 either to a CD, DVD, or new USB-flash-thumb drive {if your hardware can boot from USB}.

The following is a reference page at Microsoft and also has a link to a how-to-video.

Create a Windows 7 system repair disc

This "repair disc" is a very handy tool that one may use when and IF you are not able to start Windows 7 normally.

This "repair disc" or "rescue disc" is not intended as a replacement for having the Windows 7 operating system DVD.

Make a rescue disc, put a label on it, store it away for a "rainy day".

Safer practices & malware prevention

Best regards. cool.gif

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.