Jump to content
exile360

***False positive Trojan.Downloader.ED***

Recommended Posts

When I click restore all it restores nothing? My system is still hosed up? Suggestions?

Please contact Support directly via one of the following links as they will need to assist you directly with this to get your system back in working order if the above fixes did not correct the problems:

Home User Support

Business Support

Share this post


Link to post
Share on other sites

All,

If you can get Windows to boot (safe mode or not). Download this file: Here

Unzip the file then run the file: RunThis.bat as admin. This should restore all your files from quarantine.

Thank you.

Share this post


Link to post
Share on other sites

Hi Mainard,

When I unzip the file I get 4 choices, which one do I run:

Fix Tool

MBAMCore.dll

MBAM-Rules

Run This

Share this post


Link to post
Share on other sites

Hi Mainard,

When I unzip the file I get 4 choices, which one do I run:

Fix Tool

MBAMCore.dll

MBAM-Rules

Run This

Run Run This.bat as administrator, that's all that's required for running the fix.

Share this post


Link to post
Share on other sites

RunThis.bat (run as admin if on Vista/7/8)

Thank you.

Share this post


Link to post
Share on other sites

HOW DO YOU DO THIS IF YOU CANNOT ACCESS THE INTERNET IN SAFE MODE?

Did you try Safe Mode with Networking? If you did and were still unable to access the internet then you'll need to download the fix from another computer and transfer it over to the affected system using some external media such as a USB flash drive, burnable CD/DVD or external hard drive.

Share this post


Link to post
Share on other sites

Just need to know about items left in quarantine....do they matter after a Windows System Restore? Why doesn't Restore All work???

Share this post


Link to post
Share on other sites

Just need to know about items left in quarantine....do they matter after a Windows System Restore? Why doesn't Restore All work???

Restore All works, but sometimes there are duplicate backup copies created in quarantine. Since the files have already been restored, these backup files cannot be restored and will remain in quarantine until deleted.

Share this post


Link to post
Share on other sites

Ksd68,

There may be copies of the same file in your quarantine. You can check manually at the file locations listed within the quarantine tab.

Thank you.

Share this post


Link to post
Share on other sites

Restore is working in terms of the actual files being placed back where they came from - but b/c of the sheer volume of FPs that that file cause the program seems to have 'ghost' entries, or as a moderator put it, duplicates.

Check for any of those files in their actual locations and you'll see that they are back where they belong. Once you do that you can just delete the quarantine entry

Share this post


Link to post
Share on other sites

We have followed the suggestions above. We have been able to release some files from the quarantine, but many files are not able to be released. We click on the release all button, the screen refreshes, and the files remain in the quarantien.

Somehow we need to redploy the missing files.

It would be helpful if we could script out the current encrypted quarantine to a readable list so we can determine which files to recover from a master image, and automate from there.

Share this post


Link to post
Share on other sites

Double verify the missing files are actually missing, per my previous response and the two above it.

Share this post


Link to post
Share on other sites

Well that was a PITA to manually check 66. Feel bad for those who have more. Seems Windows Restore pulled MBAMS fat outta the fire. They were all there so I deleted the quarantine.

Share this post


Link to post
Share on other sites

How many files are not being restored? Most of those should be x64 related files, and it might be easier to figure out what they are and run the appropriate installer....

Share this post


Link to post
Share on other sites

It restores all files except for anything in the winsxs folder. Those files cannot be re-copied back in.

this is the folder in which I need them copied back in for my Win8 install.........lovely.

Share this post


Link to post
Share on other sites

Actually, IIRC, I think a lot of those files in that folder are actually hardlinks / symlinks to other existing locations.

kap, or jr - can either of you post the complete path for one of those files so I can verify it on my system?

Share this post


Link to post
Share on other sites

Cannot fix my laptop for some reason. Will not boot into safe mode with networking, and I get an error message saying that something is wrong with cryptul.dll. Please help

Share this post


Link to post
Share on other sites

Well I got hit and my win7 desktop is hosed. I could not start Malwarebytes UI from the tray so I restarted the system. System Restore fixed some things. But after that Windows Update failed, SFC failed, system was pathetically slow. So I am in the process of restoring my system from a disk image. Very bad indeed!

Share this post


Link to post
Share on other sites

We have tested the revised tool which handled WinSXS restores. We would like the log file to confirm success/failure of restoration of files.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.