Jump to content

***False positive Trojan.Downloader.ED***


Recommended Posts

  • Replies 361
  • Created
  • Last Reply

Top Posters In This Topic

I must THANK ALL the AWESOME people here helping one another to get through this disaster as quick as can be. I truly appreciate it and the fact Malwarebytes staff are helping and have made a place where all this help can come from. I have not slept much since Monday 3:15PM PST but my bank account thanks every single one of you that have helped. SO THANK YOU ALL !!!!!!!!

Link to post
Share on other sites

<snip>

There is NO EXCUSE for not making backups!

It is the FIRST thing you learn to do when you get a computer!

<snip>

I back up my data daily and do a Microsoft Backup image each month. When I realised the extent of the damage caused by this disaster I tried to restore the backup - it failed and I had to reinstall Windows. So much for the W7 built-in backup system - I have moved to a 3rd party image backup software. My data is OK. Meanwhile I have turned off Malwarebytes Filesystem Protection.
Link to post
Share on other sites

Please see if the following article makes it easier to do and let us know. I want you to run a FULL disk check

How to Run Disk Check in Windows 7

Thank you

Alright, I did this, but it seems like it has had no effect. (see images, I included four differnt, showing my progress so you can make your best judgement on what my next step should be) I have gotten the same messages that I have from before.

http://oi46.tinypic.com/ezhoxy.jpg

http://oi47.tinypic.com/b7x3d3.jpg

http://oi50.tinypic.com/2v2wrpk.jpg

http://oi48.tinypic.com/k0ospd.jpg

Link to post
Share on other sites

The error message when trying to open Microsoft Office products:

"The program can't start because MSVCR90.dll is missing from your computer. Try reinstalling the program to fix his problem."

And that page you linked to for fixing Flash for Chrome did not help. The error message in chrome is:

"Could not load Shockwave Flash".

Link to post
Share on other sites

After running the fixtool and restarting I am still getting many errors relating to missing GdiPlus.dll and comctl32.dll (Win 7 system).

Can anyone offer any suggestions for fixing this? I have tried to restore these files from quarantine - but nothing happens. When I go to the file locations referenced in the quanrantine list - the files seem to be there.

Link to post
Share on other sites

I'm mad as **** about this whole situation, and also can't believe this could have happened.

However, that said, I must report that MBAM support has been very fast. They quickly responded to my emails, and the repair tools did seemingly repair my Windows 8 computer. I ran the version 2 of the tool and have not had any errors or hiccups.

I am surprised though that I was told by support to run version 8 of the repair tool. For some reason, I'm a little leary of doing this. Perhaps I should wait a few more days until additional information evolves.

Link to post
Share on other sites

Jazzbrew -

Where are those files located? Are they in the Windows\System32 folder?

I'll be hitting the sack soon, but perhaps you can find that info out so MBAM support can help you get to a solution faster.

They are both located at C:|Windows\winsxs\.. This is a Windows 7 system.

Link to post
Share on other sites

  • Root Admin

Alright, I did this, but it seems like it has had no effect. (see images, I included four differnt, showing my progress so you can make your best judgement on what my next step should be) I have gotten the same messages that I have from before.

http://oi46.tinypic.com/ezhoxy.jpg

http://oi47.tinypic.com/b7x3d3.jpg

http://oi50.tinypic.com/2v2wrpk.jpg

http://oi48.tinypic.com/k0ospd.jpg

The last images shows that you had a repair process already in progress so it could not complete what it was doing. Please go ahead and reboot the computer to normal mode if it will allow you or safe mode if not. If it simply won't boot to either then again try to go into the Recovery Console and try the SFC /SCANNOW again.

Link to post
Share on other sites

  • Root Admin

The error message when trying to open Microsoft Office products:

"The program can't start because MSVCR90.dll is missing from your computer. Try reinstalling the program to fix his problem."

And that page you linked to for fixing Flash for Chrome did not help. The error message in chrome is:

"Could not load Shockwave Flash".

Okay didn't realize the other items were an issue.

If you have a 64-Bit version of Windows 7 please try to install this version of the 2008 C++ runtime

http://www.microsoft.com/en-us/download/details.aspx?id=2092

If you have a 32-Bit version of Windows 7 please try to install this version of the 2008 C++ runtime

http://www.microsoft.com/en-us/download/details.aspx?id=5582

This should be the link for the Shockwave installer for Chrome

http://support.google.com/chrome/bin/answer.py?hl=en&answer=2445333

Try installing those and rebooting and let me know what issues remain.

Link to post
Share on other sites

  • Root Admin

I'm mad as **** about this whole situation, and also can't believe this could have happened.

However, that said, I must report that MBAM support has been very fast. They quickly responded to my emails, and the repair tools did seemingly repair my Windows 8 computer. I ran the version 2 of the tool and have not had any errors or hiccups.

I am surprised though that I was told by support to run version 8 of the repair tool. For some reason, I'm a little leary of doing this. Perhaps I should wait a few more days until additional information evolves.

If you're computer is running well now then there should be no need to run any further repair tools.

Link to post
Share on other sites

  • Root Admin

@Jazzbrew

Please make sure you try the latest version of the tool.

Use the Malwarebytes Anti-Malware False Positive Fix Tool:

  • Make certain you are logged in as an administrator
  • Download the Malwarebytes Anti-Malware FP Fix Tool from here and save it to a convenient location such as your desktop
  • Extract all of the files to a folder and run RunThis.bat. NOTE: Windows Vista, Windows 7 and Windows 8 users must right-click on the file and choose Run as Administrator and click Yes or Continue to any User Account Control prompts
  • Restart your system and verify that it is now working properly

NOTE: There may be extra files in quarantine that will not be restored, though the system will be bootable. These are duplicate backup files and the files in question should already be restored.

As of 4/18/2013 12:07:04 AM PST - The downloaded file should be named: mbam-repair-1.08.0.1000.zip

Link to post
Share on other sites

Since that bad update I managed to get my machines that were affected up and running but I still have issues.

oK I have 2 issues one for my computer at home. I am still missing comctl32.dll and msvcm90.dll. I tried to install logitech webcam drivers and it wouldnt install as I was missing

comctl32.dll. I do have another computer running the same copy of windows, can i copy these files from that machine onto the corrupted one ?

Also my work computer has the following issues

My computer at work was corrupted I managed to get back into Windows and restore most of the dlls but now I have these issues

1 My NIC card and Network connection wont pick up the internet

2 My Internet explorer does not load and google is not picking up the internet

3 I have Cisco Anyconnect secure mobility client installed and this error pops up - "The VPN client client agent was unable to initialize the system network socket support" and this message "VPN service not available"

4 When I try to check out the system properties I get error message - SystemPropertiesProtection.exe - ALT90.dll missing.

5 Also it's killed my System Event Notification Service. It's not starting and I can't start it.

6 I tried to start COM+ System Application serivce and received - Error 1068: The dependency service or group failed to start.

I would appreciate some help fixing these problems as they were caused by your bad update and I don't want to resort to re-imaging any of my computers.

Thank you.

Link to post
Share on other sites

Since that bad update I managed to get my machines that were affected up and running but I still have issues.

oK I have 2 issues one for my computer at home. I am still missing comctl32.dll and msvcm90.dll. I tried to install logitech webcam drivers and it wouldnt install as I was missing

comctl32.dll. I do have another computer running the same copy of windows, can i copy these files from that machine onto the corrupted one ?

Also my work computer has the following issues

My computer at work was corrupted I managed to get back into Windows and restore most of the dlls but now I have these issues

1 My NIC card and Network connection wont pick up the internet

2 My Internet explorer does not load and google is not picking up the internet

3 I have Cisco Anyconnect secure mobility client installed and this error pops up - "The VPN client client agent was unable to initialize the system network socket support" and this message "VPN service not available"

4 When I try to check out the system properties I get error message - SystemPropertiesProtection.exe - ALT90.dll missing.

5 Also it's killed my System Event Notification Service. It's not starting and I can't start it.

6 I tried to start COM+ System Application serivce and received - Error 1068: The dependency service or group failed to start.

I would appreciate some help fixing these problems as they were caused by your bad update and I don't want to resort to re-imaging any of my computers.

Thank you.

Link to post
Share on other sites

Before I sign off for the night, I'd like to encourage folks to start a regular "System Image" or "Disk Image" backup routine. This will take a snapshot of the drive that Windows is installed on (and other drives too, if you so instruct it). This is a stem-to-stern backup of your drive(s). There is such a backup program built into Windows 7 (Win8 is a bit more complex, but can also do it). In Vista Business and above and all versions of Win7, click on Start, All Programs, Maintenance, Backup and Restore. On the left side of the window, you should see "Create a System Image". The Wizard will guide you through the process, you only need an external backup drive large enough to hold the backup of your drive(s). Windows backup will replace your prior System Image backup every time you run it. It can take quite a bit of time, depending on how much data you are backing up. There are other programs you can purchase (Macrium Reflect, Shadowprotect Desktop are two that spring to mind) that allow more flexibility and even the option to restore your backup to an entirely different computer. They're not cheap, but think of it as a sort of a Groupon to your local PC repair store. You get a $300 - 500 (or more) disaster recovery repair at a substantial discount.

That being said, always test your backups on a regular basis. Can you actually restore the whole system image, or any part of it as you please? Both your PC and your external backup drive depend on "Hard Disk Drives" and they can silently fail, making bits and pieces of your system or backup disappear. Please learn to use a S.M.A.R.T. analysis program as an adjunct to ensure the health of the hard disk drive built into your system and your external hard disk drives as well. One program that is free for personal and business use is Crystal Disk Info. It will even tell you about USB hard drives that are plugged into your system, as long as they use SMART monitoring. I usually use the "Portable Edition (zip) from Sourceforge) available here:

http://crystalmark.i...ad/index-e.html

This helps you to keep an eye on the health of your drives and even interprets the findings. It can take a bit of time to start up after you click Diskinfo.exe, especially if you have USB drives attached. Always nice to know the health of your main drives and the external drive you use for backup. Look at the top of the window and it will list your drives and note their condition, don't be intimidated by all of the information listed below. Your tech can help you understand that if action is required. If your drive isn't listed as being in "Good" condition, seek the help of a Tech and let them know what you've found. You may need to replace that drive to avoid data loss.

Link to post
Share on other sites

I called a tek to come fix the things that malwarebytes had corrupted and he ended up ruining my pc. I had to throw him out, but still pay him and my pc is still having issues due to this mess. This application has made my life hell. Ive now spent over $300 to undo everything the malwarebytes update has done.

Link to post
Share on other sites

I want to post that I have tried many methods discussed in this thread to no avail. Since I can't get into safemode at all due to the loginui.exe error - cryptui.dll is missing, I have at least tried booting to the recovery environment and was unsuccessful there, went into BIOS and changed to boot from CD and attempted to use my Win 7 Upgrade disk to try tell the system to upgrade and that also failed. Ran the sfc /scannow and the long version of that as well and they both did not work. Tried running chkdsk c: /r and it says this:

488384511 KB Total Disk Space

310974024 KB in 454695 files

228636 KB in 38585 indexes

0 KB in bad sectors

621791 KB in use by the system

65536 KB occupied by the log file

176560060 KB available on disk

4096 bytes in each allocation unit

122096127 total allocation units on disk

44140014 allocation units available on disk

Failed to transfer logged messages to the event log with Status 50

I have been corresponding with support via emails as well and here is what he states:

"We're awaiting some feedback from our developers who are working on a few fixes for users who cannot boot. They're currently in testing and we must be sure that anything we send for our users to run is safe and not buggy to cause any additional damage"

Since I am not too pushed for time, I can try waiting for another solution but it is looking more and more like a total reformat might need to be done. I have learned a very valuable lesson regarding System Image back up while reading posts in here and I also have realized that allowing the program to auto quarantine things was a huge mistake. I, however, did use an automatic backup program that backed up selected files and folders of my choosing to three different external drives, so all is not lost for me in that respect. Just wanted all this information posted so that you can be made aware of my efforts thus far. I do not, however appreciate some know it all talking down to people as if we were all idiots. That was totally uncalled for. You, my dear sir/madam, could have worded your post entirely different in order to get your point across without having to make us less tech savvy people feel like we are far less superior than you. Not everyone learns the basics when they are first starting out.

Link to post
Share on other sites

@Derikalena

If you're referring to my post I can tell you that you weren't the intended target for my rant.

It was firmly intended for those posters on this and other threads that were screaming and kicking like five year olds in a supermarket check-out queue claiming that MBAM had destroyed their computers.

Yours

Ivan

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.