Jump to content

***False positive Trojan.Downloader.ED***


Recommended Posts

  • Staff

When I originally used the fixit, it made my Norton go off. Do I need to cut Norton off before doing this again? Should I be doing it in safe mode. So far the fix has not worked on my windows 7

Yes, if Norton blocked it, then you'll need to temporarily disable Norton prior to running the tool. Safe Mode should not be needed if you can boot into normal mode, but it should work either way whether in Safe Mode or normal mode.
Link to post
Share on other sites

  • Replies 361
  • Created
  • Last Reply

Top Posters In This Topic

I guess I am not sure what to expect. If I disable Norton and run the fix it..what is going to do. Will it bring back my missing DLL files and registry issues that are quarantined or do I have to do something more. I just want to make sure I am not missing anything.

Link to post
Share on other sites

  • Staff

I guess I am not sure what to expect. If I disable Norton and run the fix it..what is going to do. Will it bring back my missing DLL files and registry issues that are quarantined or do I have to do something more. I just want to make sure I am not missing anything.

Yes, it should restore all of the quarantined items and your system should be running normally again.
Link to post
Share on other sites

We have had a couple of computers reporting “There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again” when we run the SFC /SCANNOW like that. One option that could be tried from a forum below is this:

sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

drive letters might be something to look at. The web page showed a couple of examples as well.

http://www.winhelpon...indows-7-vista/

getting windows resource protection could not start the repair service...

I've now spent the entire day trying the different suggestions. At this point I guess I am looking at a reinstall of the o/s.

Link to post
Share on other sites

Yes, it should restore all of the quarantined items and your system should be running normally again.

I will try that. I am a little nervous about turing Norton off as it popped up that there was a ransom virus attached and was being fixed. Ive already been down that road.

Link to post
Share on other sites

If you download the latest version of the fix (1.08) it will only restore items detected by this false positive.

I will give it a try again without Norton being on. Technically, once I do that, then everything should be back to normal..meaning all dll's and registry fixes will return to normal? Correct?

Link to post
Share on other sites

I managed to get into Windows after running sfc \scannow and I run the FP fix tool but I login and get the following message "mpnotify.exe - system error. This program cannot start because COMCTL32.dll is missing from your computer. Try reinstalling the program to fix this program.

Link to post
Share on other sites

  • Staff

I'm in windows and can see the quarantined files In Malwarebytes but it wont allow me to restore the files.

Check a few of the files' original locations to see if the files have already been restored. It's possible that some of the files in quarantine are duplicate copies which will result in them staying listed in quarantine even after being restored.
Link to post
Share on other sites

Greetings,

I'm sorry that you've had this problem. Please do the following and it should correct any remaining issues you're having:

Use the Malwarebytes Anti-Malware False Positive Fix Tool:

  • Make certain you are logged in as an administrator
  • Download the Malwarebytes Anti-Malware FP Fix Tool from here and save it to a convenient location such as your desktop
  • Extract all of the files to a folder and run RunThis.bat NOTE: Windows Vista, Windows 7 and Windows 8 users must right-click on the file and choose Run as Administrator and click Yes or Continue to any User Account Control prompts
  • Restart your system and verify that it is now working properly

It would be helpful if version 1.08 were updated with a minor enhancement. The file list used to release files from Quarntine can contain hundreds of duplicates, causing for a much longer run-time to go through the process. It would be helpful if that text file of quarantined files was whittled down to unique values.

Link to post
Share on other sites

Hi to all, and thanks to MB staff for advice so far. My Win7 x64 system will boot, but will no longer display a login screen - just black. I can see the quarantine folder from another machine on the net, there are 11000+ files in there from 23:45 last night onwards, each time the machine boots, it seems more gets put in there. However I'm going to have to boot up at least once more to copy the fixtool over. I regret that I never enabled RDP, but it's too late now...

Having done that I'm going to try to boot to safe mode command prompt: if I get a prompt, can I run fixtool in this mode?

Assuming that's successful, will it also apply whatever fix is necessary to stop MBAM from systematically quarantining all my binaries?

If that doesn't work can I pull the disk, and run fixtool against it if I connect it via USB to another machine? Or does fixtool rely on being run on the running instance of the affected operating system?

Thanks for any advice you can offer,

Cpl

Link to post
Share on other sites

The fix tool can run in Safe Mode.

It will update the database so that Malwarebytes Anti-Malware will no longer quarantine anything due to the false positive.

The tool needs to be run from within the affected installation, it will not work run offline.

Thank you. I can get no prompt on my system in any mode but I can browse the drives via UNC. I've also used services.msc to disable the mbam service so things now won't get any worse. I'm thinking of somehow getting fixtool to work on boot, as a service? Is that viable, or is it actually interactive?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.