Jump to content

***False positive Trojan.Downloader.ED***


Recommended Posts

  • Replies 361
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

@KunichiMinamino

Please run the following for me and we'll see about getting all those file replaced.

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


    When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Thank you

Link to post
Share on other sites

I too fell victim to the false-positive, receiving the prompt upon login saying CRYPTUI.dll was missing. I've been trying everyday, to get back into the system but to no avail. HOWEVER, I was finally able to get back into my system this evening (Lenovo T510 running Win7 32-bit)!.....I booted using an MRI disc. Once in the MRI Home, I used the "F-MOD" portion to search for CRYPYUI.dll. The results kicked back a copy of the file, located in ...\Windows\winsxs\x86_microsoft-windows-cryptui-dll_ ..... I then copied the file to my System32, rebooted the machine, and was finally able to get Safe Mode With Networking. From there I ran the 'RunThis.bat' (Run with Admin), updated my MWB, rebooted.....and have been using the machine for about 2hrs now with no prob whatsoever!

Link to post
Share on other sites

Ron, re post #317...as I posted previously, when I chose safe mode with networking, it loaded the PCI devices listing, and locked up there. When I shut down and restarted, it loaded to the same devices list. I can't do anything...no desktop, no windows, nothing. It's completely frozen at the devices listing. Consequently, I ordered a new PC. No point bringing it in for service, the cost would be prohibitive compared to a new purchase. Needless to say, I won't be installing mbam on my new PC. How about mb pays for half of my new PC, since since mbam's wayward update trashed my old one?

Link to post
Share on other sites

I have to say that I'm extremely disappointed in Malewarebytes. After using your software for years and being thrilled with it, I recommended it to my parents. They downloaded it, and were running Malewarebytes. They got hit by this update - hard. Malewarebytes quarantined 1,100 files and then prompted them to restart, which they did. Now their XP machine blue screens on boot, even in all of the various Safe Modes. I grabbed their computer in an attempt to fix it. I pulled their hard drive, and I can see that the quarantine folder is completely empty. I've copied the files that comprise the fix over to their c:\ drive, but right now I'm facing permission issues so it won't let me execute the "runthis.bat" file. With their quarantine being empty, I have a feeling their entire system is completely hosed. I've opened a support ticket, but am not optimistic that I can bring back their system without starting over and re-installing the OS, along with the software that they've installed.

The irony is that in running Malewarebytes to protect themselves, they are now faced with the complete loss of their computer's OS. I've never seen an issue this bad in all my years working in IT, and I cannot in good conscience recommend your software to anyone at this point.

Link to post
Share on other sites

So I still have 4 of my clinet computers that have all these COMCTL32.dll and MSVCR90.dll errors. They cannot save documents in Word, cannot run or update Java, cannot load Open Office, HP Printer software errors with comctl32.dll errors.I have tried offline sfc file check repair, tried copying the files from other pc's or from anotehr folder on the PC. I have tried every solution there is posted. HOW CAN THIS BE SOLVED FOR THESE PEOPLE???

Link to post
Share on other sites

  • Root Admin

@TCCK

Each computer is different and may require different fixes. Have you opened a ticket on the Help Desk to have someone assist you?

That would be my recommendation but if you like you can send me a private message with the DDS logs from one of the computers and I'll try to assist you in fixing it.

Thank you

Link to post
Share on other sites

Still no progress with my PC (not reinstalled Windows yet as I have not had time) but these errors are causing issues with some work needed such as no Silverlight (and cannot install) due to the COMCTL32 dll. Having the false error seemed to have done more damage to my system than what it was supposed to protect from :(

Link to post
Share on other sites

  • Root Admin

@brachphotos

Hello Will

Can you please run the following on one of those computers and post back the logs

Please run the following scanner and send back the logs.

Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

Next, Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


    When done, DDS will open two (2) logs:

    1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Thanks

Link to post
Share on other sites

  • Root Admin

I have 3 PCs at this client site that are showing the same thing with SEP. I have logs from two of the PCs. I am awaiting the third user to finish what she's working on before I can gain access to her system.

Each PC will post as a seperate reply.

PC #1 is attached.

STEP 1

Machine #1

Please uninstall the following software as older code has been compromised.

Java Auto Updater

Java™ 6 Update 33

STEP 2

Please do a clean removal of MBAM but do not reinstall just yet.

MBAM Clean Removal Process

STEP 3

Please uninstall Symantec Endpoint Protection from the Control Panel, Add/Remove Programs and reboot

After the reboot download and then run the following Norton_Removal_Tool from Symantec and again reboot.

STEP 4

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

STEP 5

Now reinstall Symantec Endpoint Protection and let me know if there are any issues with running it now or not.

Once we're sure that Symantec is working correctly then we'll look at installing MBAM

Link to post
Share on other sites

  • Root Admin

PC #3 is attached.

All three were impacted by the false positive update two weeks ago.

-Will

Follow same advice as other computers except also please run a Disk Check on this computer.

Remove this old Java

Java 7 Update 17

Java Auto Updater

Java™ 6 Update 39

Let me know it's status.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.