Jump to content
exile360

***False positive Trojan.Downloader.ED***

Recommended Posts

When I originally used the fixit, it made my Norton go off. Do I need to cut Norton off before doing this again? Should I be doing it in safe mode. So far the fix has not worked on my windows 7

Yes, if Norton blocked it, then you'll need to temporarily disable Norton prior to running the tool. Safe Mode should not be needed if you can boot into normal mode, but it should work either way whether in Safe Mode or normal mode.

Share this post


Link to post
Share on other sites

I guess I am not sure what to expect. If I disable Norton and run the fix it..what is going to do. Will it bring back my missing DLL files and registry issues that are quarantined or do I have to do something more. I just want to make sure I am not missing anything.

Share this post


Link to post
Share on other sites

I guess I am not sure what to expect. If I disable Norton and run the fix it..what is going to do. Will it bring back my missing DLL files and registry issues that are quarantined or do I have to do something more. I just want to make sure I am not missing anything.

Yes, it should restore all of the quarantined items and your system should be running normally again.

Share this post


Link to post
Share on other sites

We have had a couple of computers reporting “There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again” when we run the SFC /SCANNOW like that. One option that could be tried from a forum below is this:

sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

drive letters might be something to look at. The web page showed a couple of examples as well.

http://www.winhelpon...indows-7-vista/

getting windows resource protection could not start the repair service...

I've now spent the entire day trying the different suggestions. At this point I guess I am looking at a reinstall of the o/s.

Share this post


Link to post
Share on other sites

Yes, it should restore all of the quarantined items and your system should be running normally again.

I will try that. I am a little nervous about turing Norton off as it popped up that there was a ransom virus attached and was being fixed. Ive already been down that road.

Share this post


Link to post
Share on other sites

Will this fix take care of the recently quarantined items or will it release everything thats ever been quarantined?

Share this post


Link to post
Share on other sites

Will this fix take care of the recently quarantined items or will it release everything thats ever been quarantined?

If you download the latest version of the fix (1.08) it will only restore items detected by this false positive.

Share this post


Link to post
Share on other sites

If you download the latest version of the fix (1.08) it will only restore items detected by this false positive.

I will give it a try again without Norton being on. Technically, once I do that, then everything should be back to normal..meaning all dll's and registry fixes will return to normal? Correct?

Share this post


Link to post
Share on other sites

The false positive repair tool will not put back this missing file

C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll

So I always get error ATL90.dll is missing from HP Solution Center

I am trying to help a customer on remote support.

Share this post


Link to post
Share on other sites

I managed to get into Windows after running sfc \scannow and I run the FP fix tool but I login and get the following message "mpnotify.exe - system error. This program cannot start because COMCTL32.dll is missing from your computer. Try reinstalling the program to fix this program.

Share this post


Link to post
Share on other sites

I will give it a try again without Norton being on. Technically, once I do that, then everything should be back to normal..meaning all dll's and registry fixes will return to normal? Correct?

Yes, it should.

Share this post


Link to post
Share on other sites

I'm in windows and can see the quarantined files In Malwarebytes but it wont allow me to restore the files.

Check a few of the files' original locations to see if the files have already been restored. It's possible that some of the files in quarantine are duplicate copies which will result in them staying listed in quarantine even after being restored.

Share this post


Link to post
Share on other sites

Still missing that COMCLT32.dll, msvcm90.dll. There were about 10 dialogs saying programs wont start without them. Shall I reboot, make a note of the programs and see if they run.

Share this post


Link to post
Share on other sites

Still missing that COMCLT32.dll, msvcm90.dll. There were about 10 dialogs saying programs wont start without them. Shall I reboot, make a note of the programs and see if they run.

Yes, please do. Also, try installing this file from Microsoft as it should replace those files.

Share this post


Link to post
Share on other sites

Greetings,

I'm sorry that you've had this problem. Please do the following and it should correct any remaining issues you're having:

Use the Malwarebytes Anti-Malware False Positive Fix Tool:

  • Make certain you are logged in as an administrator
  • Download the Malwarebytes Anti-Malware FP Fix Tool from here and save it to a convenient location such as your desktop
  • Extract all of the files to a folder and run RunThis.bat NOTE: Windows Vista, Windows 7 and Windows 8 users must right-click on the file and choose Run as Administrator and click Yes or Continue to any User Account Control prompts
  • Restart your system and verify that it is now working properly

It would be helpful if version 1.08 were updated with a minor enhancement. The file list used to release files from Quarntine can contain hundreds of duplicates, causing for a much longer run-time to go through the process. It would be helpful if that text file of quarantined files was whittled down to unique values.

Share this post


Link to post
Share on other sites

Try installing that file and it says I'm missing COMCTL32.dll

Please try the fixes for this issue listed here. Please let me know how it goes.

Thanks

Share this post


Link to post
Share on other sites

Hi to all, and thanks to MB staff for advice so far. My Win7 x64 system will boot, but will no longer display a login screen - just black. I can see the quarantine folder from another machine on the net, there are 11000+ files in there from 23:45 last night onwards, each time the machine boots, it seems more gets put in there. However I'm going to have to boot up at least once more to copy the fixtool over. I regret that I never enabled RDP, but it's too late now...

Having done that I'm going to try to boot to safe mode command prompt: if I get a prompt, can I run fixtool in this mode?

Assuming that's successful, will it also apply whatever fix is necessary to stop MBAM from systematically quarantining all my binaries?

If that doesn't work can I pull the disk, and run fixtool against it if I connect it via USB to another machine? Or does fixtool rely on being run on the running instance of the affected operating system?

Thanks for any advice you can offer,

Cpl

Share this post


Link to post
Share on other sites

The fix tool can run in Safe Mode.

It will update the database so that Malwarebytes Anti-Malware will no longer quarantine anything due to the false positive.

The tool needs to be run from within the affected installation, it will not work run offline.

Share this post


Link to post
Share on other sites

The fix tool can run in Safe Mode.

It will update the database so that Malwarebytes Anti-Malware will no longer quarantine anything due to the false positive.

The tool needs to be run from within the affected installation, it will not work run offline.

Thank you. I can get no prompt on my system in any mode but I can browse the drives via UNC. I've also used services.msc to disable the mbam service so things now won't get any worse. I'm thinking of somehow getting fixtool to work on boot, as a service? Is that viable, or is it actually interactive?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.