Jump to content

***False positive Trojan.Downloader.ED***


Recommended Posts

As many of you are aware, we suffered a false positive earlier today which caused many of our users' systems to be rendered inoperable. The offending database was v2013.04.15.12, and was live for only 8 minutes.

We sincerely apologize for this false positive and an update was immediately pushed out to remove the offending definition that caused this.

------------------------------------------------------------------------------------------------------------------------------------------------

For Malwarebytes Anti-Malware Users:

Option A -- if your system can boot normally

Use the Malwarebytes Anti-Malware False Positive Fix Tool:

  • Make certain you are logged in as an administrator
  • Download the Malwarebytes Anti-Malware FP Fix Tool from here and save it to a convenient location such as your desktop
  • Extract all of the files to a folder and run RunThis.bat. NOTE: Windows Vista, Windows 7 and Windows 8 users must right-click on the file and choose Run as Administrator and click Yes or Continue to any User Account Control prompts
  • Restart your system and verify that it is now working properly

NOTE: There may be extra files in quarantine that will not be restored, though the system will be bootable. These are duplicate backup files and the files in question should already be restored.

Option B -- if your system cannot boot normally

Step 1: Boot into Safe Mode with Networking:

Windows XP:

  • Restart your computer.
  • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with the Windows XP Advanced Options menu.
  • Select the option for Safe Mode with Networking using the arrow keys.
  • Then press Enter on your keyboard to boot into Safe Mode with Networking.

You should then be presented with the Windows XP Login screen. Log in to Windows and when it prompts you about Safe Mode and asks if you'd like to continue click Yes.

Windows Vista and Windows 7:

  • Restart your computer.
  • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with the Windows Advanced Boot Options menu.
  • Select the option for Safe Mode with Networking using the arrow keys.
  • Then press Enter on your keyboard to boot into Safe Mode with Networking.

You should then be presented with the Windows Login screen. Log in to Windows.

Step 2: Use the Malwarebytes Anti-Malware False Positive Fix Tool:

  • Make certain you are logged in as an administrator
  • Download the Malwarebytes Anti-Malware FP Fix Tool from here and save it to a convenient location such as your desktop
  • Extract all of the files to a folder and run RunThis.bat. NOTE: Windows Vista, Windows 7 and Windows 8 users must right-click on the file and choose Run as Administrator and click Yes or Continue to any User Account Control prompts
  • Restart your system normally and verify that it is now working properly.

NOTE: There may be extra files in quarantine that will not be restored, though the system will be bootable. These are duplicate backup files and the files in question should already be restored.

------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes Enterprise Edition Customers:

  • Within the console reinstall MBAM over the top (push install)
  • Use Windows tasks to execute the command (as admin): "C:\Program Files\Malwarebytes' Anti-Malware\mbamapi.exe" /quarantine -restore all

If the above failed, then you may also do the following

Use the Malwarebytes Anti-Malware False Positive Fix Tool:

  • Make certain you are logged in as an administrator
  • Download the Malwarebytes Anti-Malware FP Fix Tool from here and save it to a convenient location such as your desktop
  • Extract all of the files to a folder and run RunThis.bat. NOTE: Windows Vista, Windows 7 and Windows 8 users must right-click on the file and choose Run as Administrator and click Yes or Continue to any User Account Control prompts
  • Restart your system and verify that it is now working properly

------------------------------------------------------------------------------------------------------------------------------------------------

If you are still having a problem:

For those of you still having problems, please contact support via the following links and they will assist you directly in getting your systems functioning properly again:

Home User Support

Business Support

Please be sure to include the following information to expedite the repair process:

  • OS installed (i.e. XP, Vista, 7, 8 etc.)
  • Whether you have restarted your computer yet or not
  • Whether or not the system is bootable if you have attempted a restart of your system yet
  • Whether or not you have your Windows installation media (CD, DVD, recovery discs etc.)

We have also taken extensive measures to ensure that a false positive like this never happens again. Once more, I apologize that this occurred and hopefully we will be able to get everyone's systems in proper working order once more without too much trouble.

Thank you

Link to post
Share on other sites
  • Replies 361
  • Created
  • Last Reply

Top Posters In This Topic

These steps don't seem to help a user that is unable to logon. I have several users who receive at the logon prompt this message:

logonui.exe error - cryptui.dll missing

Clicking okay gives a black screen. Not accessible from the network. How do we get around this?

Link to post
Share on other sites

I was able to get Windows 7 back up using safe mode and a restore point. MBAM still shows 66 system files in quar. It does not seem to do anything with restore all. Is this step needed after the restore? What should I do?

Link to post
Share on other sites
  • Staff
I followed the steps above (reinstalling in safe networking mode) and still get that the program can't start because comctl32.dll is missing from my computer.

Edgor,

Is your system running Windows XP? If Exile's instructions do not work, please try installing this file from Microsoft. It should reinstall comctl32.dll onto your system.

Link to post
Share on other sites

I had to do a system restore on windows 8, as I was unable to get to safe mode, luckily I had a restore point only a couple of days ago, so didn't lose to many programs, malwarebytes anti-malware straight away picked up the new update, so now I am up and running, with only 1 program to reinstall.

Link to post
Share on other sites

Says I need permission to perform this action. Now what?

BTW, there is a comctl32 already in that folder that it would be overwriting. Your file is 637K, the one in there is 619K from 11/20/2010.

Link to post
Share on other sites

Says I need permission to perform this action. Now what?

BTW, there is a comctl32 already in that folder that it would be overwriting. Your file is 637K, the one in there is 619K from 11/20/2010.

Please contact support and they will assist you directly in getting the software to run so that you may restore the files from quarantine:

Home User Support

Business Support

Thank you

Link to post
Share on other sites

I am in touch with tech support and they keep telling me to download a fix file but malwarebyte screwed up my browsers so I cannot access anything online....

If you have a second system with internet access as well as a portable storage media such as a USB flash drive, external hard drive or blank CD, then you may download the required files using that system and transfer them to the affected PC using your portable media.
Link to post
Share on other sites

I've received 10 responses here in the time I've received one email.

Yes, unfortunately our Support helpdesk is quite busy at the moment due to this issue as most affected users have gone there for assistance but they are working as fast as they can and are getting caught up finally.
Link to post
Share on other sites

Just do a system restore:

To open the System Recovery Options menu on your computer


  • Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer using the computer's power button.

  • Do one of the following:

    • If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.

    • If your computer has more than one operating system, use the arrow keys to highlight the operating system you want to repair, and then press and hold F8.

    [*]

    On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press Enter. (If Repair your computer isn't listed as an option, then your computer doesn't include preinstalled recovery options, or your network administrator has turned them off.)

    [*]

    Select a keyboard layout, and then click Next.

    [*]

    On the System Recovery Options menu, click a tool to open it.

Link to post
Share on other sites

I finally had to system restore back to 5 days ago. Folks, this better never happen again or I'm moving to a different vendor.

Already have to uninstall and reinstall my virus program and several other things as a result of this mess. My entire evening has been wasted.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.