***False positive Trojan.Downloader.ED***

[Derikalena]

Derik,

I know the staff here appreciate your patience with the support channel as they iron out the fix for this issue.

I apologize if anything I personally said to warrant that last part of your post.

Nothing you said John..I am referring to a post/rant made on page 11.

[Derikalena]

@Derikalena

If you're referring to my post I can tell you that you weren't the intended target for my rant.

It was firmly intended for those posters on this and other threads that were screaming and kicking like five year olds in a supermarket check-out queue claiming that MBAM had destroyed their computers.

Yours

Ivan

Intended or not Ivan, I can see how others might think that it was about them. I won't go on about this anymore because this is not why we are all here. I appreciate you reply to my post and let's just keep moving forward.

[jazzbrew]

@Jazzbrew

Please make sure you try the latest version of the tool.

Use the Malwarebytes Anti-Malware False Positive Fix Tool:

• Make certain you are logged in as an administrator
  
• Download the Malwarebytes Anti-Malware FP Fix Tool from here and save it to a convenient location such as your desktop
  
• Extract all of the files to a folder and run RunThis.bat. NOTE: Windows Vista, Windows 7 and Windows 8 users must right-click on the file and choose Run as Administrator and click Yes or Continue to any User Account Control prompts
  
• Restart your system and verify that it is now working properly
  

NOTE: There may be extra files in quarantine that will not be restored, though the system will be bootable. These are duplicate backup files and the files in question should already be restored.

As of 4/18/2013 12:07:04 AM PST - The downloaded file should be named: mbam-repair-1.08.0.1000.zip

That is the version that I ran yesterday (it ran for approximately 7 hours). I am still having many problems. Any other suggestions?

[KunichiMinamino]

The last images shows that you had a repair process already in progress so it could not complete what it was doing. Please go ahead and reboot the computer to normal mode if it will allow you or safe mode if not. If it simply won't boot to either then again try to go into the Recovery Console and try the SFC /SCANNOW again.

okay, I tried this again today. running sfc /scan now only gets me the message "there is a sytem repair pending witch requirses a roboot to complete. restart windows and run sfc again."

I try this but I can't get into windows normally or into safe mode at all. So I'm stuck. If I try this command at the recovery console, it seems that I jsut get the same message.

[jrhawk9]

Hopefully it should not prevent most if not all applications from running for you. We are working on further updates so it's possible we may soon have another update that might be able to address this. Please do not empty the quarantine for now. See if you can continue using the computer normally for the most part if possible. I'll continue to look and see if there is some other way to obtain or fix that file or not and let you know.

It's actually three files that I need replaced.....all three are still in quarantine. it's the three files I posted about earlier and I'll repost below. Two of the three files are directly related to errors I'm getting with Setpoint and while opening control panel. The third one I don't know what needs that file but I would like all three files replaced to their original location.

C:\Windows\WinSxS\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll

C:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.50712.1_x64__8wekyb3d8bbwe\msvcr110.dll

C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\msvcr90.dll

[AdvancedSetup]

@jazzbrew

Please be a bit more specific on what errors or issue you continue to have.

Please also remind me of what operating system as I'm trying to review and help quite a few users so having to search for your specific computer details consumes time better spent.

Thanks jazzbrew

@KunichiMinamino

I'll need to research that as I've never seen that before. Need to see if there is someway to force the fix or disable it so that we can move forward.

@jrhawk9

As this is a Windows 8 computer which is pretty new for most of us I'll need to do a bit more research still on how we can fix this.

Let me check with our Dev Team and see if there is something they can help with on this

[PIXEEMAN]

Can someone please assist with my issues !

[Kay]

Hi all,

My computer was totally fried. Many of the .exe files plus .dll files were missing, moved, or unavailable so I couldn't get on the internet nor open MBAM. After many tries of letting the computer fix itself with its repair program and then trying several Restore dates, I gave up and reformatted and am still re-installing programs. Fortunately, I had all of the important data backed up on thumb drives; I did lose all emails and addresses and My Favorites list.

On the bright side after doing about 200+ updates, I found as I re-installed some of my programs that there were updates that I wasn't aware of. It did get the CPU cleaned up from several years of junk. I had been cleaning out some stuff already, but now it is all gone...

My husband's computer had one hit from TrojanDownloader.ED while I had over 12,000. Since I never dreamed that this came from MBAM, I didn't think to check from my husband's computer. It might has saved many hours of re-installation. Next time I will check MBAM first from a different computer.

Kay

[vmagro]

It's actually three files that I need replaced.....all three are still in quarantine. it's the three files I posted about earlier and I'll repost below. Two of the three files are directly related to errors I'm getting with Setpoint and while opening control panel. The third one I don't know what needs that file but I would like all three files replaced to their original location.

C:\Windows\WinSxS\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll

C:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.50712.1_x64__8wekyb3d8bbwe\msvcr110.dll

C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\msvcr90.dll

I believe this issue is caused by MBAM's tool failing to takeown those directories and apply permissions that mbam is allowed to use to unquarantine the files.

I've had success doing a manual takeown /F "C:\etcetcetc" /A and then manually modifying the permissions of the folder via CACLS.exe and copying in the files from another working PC.

After the takeown and permission fix is done it may also be possible to re-run the FP Fix. This is untested however.

[blargh]

blargh -

Do you have the Setup disk for Office? What version of Office do you have?

No, I don't have the setup disk because my university offered it for free to students (Microsoft Office 2010 Professional Plus) but now they don't offer it for free (due to them losing massive amounts of money). I've tried the built-in repair tool (via the Programs and Features section of the Windows 7 control panel), but it said that repair was successful, but I still get the error message when trying to open any of the Office programs. I'm really getting desperate because I really need to use the Office software, and Google Docs/Drive just isn't cutting it for me. Any further help would be greatly appreciated.

Also, MalwareBytes support said that they're working on a fix for certain folders that aren't writable via heir MBAM repair tool, but I haven't heard anything more about that. Anyone else know?

[x3ntaur]

Pretty annoyed with the situation this has caused me, but can see others are having nightmare issues too.

I've managed to get my system to an operational state luckily (as I could not even log into Windows at one stage and was going to do a clean install).

Now I have encountered two problems,

1) Certain programmes are not loading and a system error popup appears with COMCTL32.dll missing.

2) Around 700 files are still showing as quarantined and cannot restore these.

3) BIGGEST problem is Windows cannot update.

OS is Windows 7 64 bit Home Prem

Malwarebytes PRO 1.75.0.1300

DB version: 2013.04.18.09

[Firefox]

Pretty annoyed with the situation this has caused me, but can see others are having nightmare issues too. I've managed to get my system to an operational state luckily (as I could not even log into Windows at one stage and was going to do a clean install).

Now I have encountered two problems,

1) Certain programmes are not loading and a system error popup appears with COMCTL32.dll missing.

2) Around 700 files are still showing as quarantined and cannot restore these.

3) BIGGEST problem is Windows cannot update.

OS is Windows 7 64 bit Home Prem

Malwarebytes PRO 1.75.0.1300

DB version: 2013.04.18.09

Hello and

Have you tried the solution provide below?

Please see the post here for help with this if needed. If you're still up and running then do not reboot.

From the quarantine tab select the Restore All button. Some of the files may not be able to be restored depending on the OS and other issues.

Otherwise please follow the directions from this post or let us know what additional issues you're having trying to follow those directions. http://forums.malwarebytes.org/index.php?showtopic=125136

Thanks again

[AdvancedSetup]

@jrhawk9

Please try going into the System Recovery Options and then run a Command Prompt

How to Boot to the "System Recovery Options" in Windows 8

Then from there try to navigate to where you saved the MBAM fix tool.

Example:

CD\ /D C:\MBAMFIX

Then type in the following once your in the folde where the files were saved: RunThis.bat

[KunichiMinamino]

@KunichiMinamino

I'll need to research that as I've never seen that before. Need to see if there is someway to force the fix or disable it so that we can move forward.

Question, I was thinking about trying this after looking around the forums:

http://www.sevenforums.com/tutorials/139576-startup-repair-infinite-loop-recovery.html

Do you think it would help at all, or would only damage my system futher/or be of no help?

thanks!

[x3ntaur]

Hello and

Have you tried the solution provide below?

Please see the post here for help with this if needed. If you're still up and running then do not reboot.

From the quarantine tab select the Restore All button. Some of the files may not be able to be restored depending on the OS and other issues.

Otherwise please follow the directions from this post or let us know what additional issues you're having trying to follow those directions. http://forums.malwarebytes.org/index.php?showtopic=125136

Thanks again

Hi,

Thanks for the reply, but I have already followed the steps in the link which was how I originally managed to get my system back up.

[AdvancedSetup]

Question, I was thinking about trying this after looking around the forums:

http://www.sevenforu...p-recovery.html

Do you think it would help at all, or would only damage my system futher/or be of no help?

thanks!

Please don't do that right now. That might put your system into a state where you might have to reinstall all your software again which we'd like to try and avoid.

I understand it's frustrating but you need to try to be patient so that the outcome doesn't get worse than it is.

Thank you again for your understanding as I also have many other users I'm trying to assist.

[KunichiMinamino]

Please don't do that right now. That might put your system into a state where you might have to reinstall all your software again which we'd like to try and avoid.

I understand it's frustrating but you need to try to be patient so that the outcome doesn't get worse than it is.

Thank you again for your understanding as I also have many other users I'm trying to assist.

that's perfectly alright. I understand. I'll sit tight untill futher notice. Hopefully goodnews will come soon I'll be patient untill then.

[AdvancedSetup]

@KunichiMinamino

I think I see the issue but difficult to tell for sure as you don't have a timeline for these images.

Please boot back into the Recovery Console and run it again now that you've run some other scans and let's see if it work now.

That pending repair should be due to you not specifying the drive to fix.

http://oi47.tinypic.com/b7x3d3.jpg

Run SFC with offline option. All spacing counts and switches count and need to be as shown.

sfc /SCANNOW /OFFBOOTDIR=c:\ /OFFWINDIR=c:\windows

This assumes that C:\Windows is the correct drive from the Recovery Console. If it's not then substitute the correct driver letter.

You can determine that by running something like: DIR C: and see if it shows all or most of the folders you would expect to see on your hard drive.

If an error then try DIR D:

[KunichiMinamino]

@AdvancedSetup

(first off, this post is done by phone as my other computer in the house is in use. Ignore spelling errors)

As for thr pictures. I had multiple so you could see the entire comand prompt. It all within thr same time frame.

now for this time, when i typed the sfc, i got this message:

"windows resorce protection could not start the regular service"

[KunichiMinamino]

(Double post)

If i do the exsact same prompt with only lowercase, it works. (doing it now) usually it just tells me it has found corupt files it cant fix.

[x3ntaur]

Any more ideas regarding my post (#262)?

Have tried sfc coming up with window protection....

[manfin]

Have a couple of computers down and have already wasted days and by the looks there's some people who still can't run vital programs, can't reinstall CC+ stuff, can't repair, can't reinstall, can't uninstall and their only option looks to be format c:

And we're one of them.

Have followed all instructions as given on the MalwareBytes forum, restored files through the fixit tool. Hit the wall and had to contact support, which is apparently another brick wall!

By the way, I really love it when you contact support and you specifically outline what you've done and what has failed and their response is to offer back the exact same remidies you've already explained have failed.

We still can't run Norman anti virus, can't run any Microsoft Office programs, can't run Snagit, Dell Controlpoint and various other programs are effected on startup.

We currently have errors related to the following files:

comctl32.dll

MSVCR90.dll

ltkrn15u.dll

ConvertToDM40.dll

Also have a MOM.Implementation error with our display driver.

Seriously, what course of action is to be taken here? We've paid corporate license fees for you to destroy our computers.

[jrhawk9]

@jrhawk9

Please try going into the System Recovery Options and then run a Command Prompt

How to Boot to the "System Recovery Options" in Windows 8

Then from there try to navigate to where you saved the MBAM fix tool.

Example:

CD\ /D C:\MBAMFIX

Then type in the following once your in the folde where the files were saved: RunThis.bat

I tried it and I get the message below after it tries to run 'fixtool.exe /pmoff' and 'fixtool.exe /quarantine -list':

'The subsystem needed to support the image type is not present'

[Achi]

I was told to reboot in safe mode with network and download/run a fix file, and that made things even worse! I cannot even boot on safe mode now. I took it to our repair guy and he tried reinstalling OS and it's not working; we may lose everything now, not to mention $$$$$$!!!

[jackwnoe]

Is there really a big difference from running the fix in normal mode vs running it in recovery mode? If I have the file saved in the C drive, would the prompt be C:\MBAMFix. Will that take me to the folder and then let me run the runthisbat. I just want to make sure I get it right before I try again.