Jump to content
exile360

***False positive Trojan.Downloader.ED***

Recommended Posts

Thank you. I can get no prompt on my system in any mode but I can browse the drives via UNC. I've also used services.msc to disable the mbam service so things now won't get any worse. I'm thinking of somehow getting fixtool to work on boot, as a service? Is that viable, or is it actually interactive?

I don't think you'll be able to get it to run as a service, it's just a batch file which executes a set of commands and executables so you'll probably need to run it interactively, or at least run the batch from a command prompt if you can get one up.

Share this post


Link to post
Share on other sites

I have it running via PsExec right now, thanks to KapCreations for planting that seed in my mind. The files.txt is 5889 lines, although there are clearly a lot of duplicates in there...

Finger crossed...

Share this post


Link to post
Share on other sites

I can get to the login screen in safe mode but when I put in my password it quickly goes from logging in to saving settings and kicks me right back to the login screen. It just loops back everytime I try to log in.

Any suggestions?

Thanks

Share this post


Link to post
Share on other sites

I had a windows 7 pc with this same problem, was unbootable even in safe mode. It would boot up to a black screen with a fully functioning mouse but no log in. But a system restore got me up and running and I was able to restore items in quarantine.

Share this post


Link to post
Share on other sites

Well I am in the process of rebuilding my system which is about two days work. System Restore got much of the system working but Windows Update and SFC both failed, so clearly the system was totalled. Windows 7 disk image restore also failed.

Share this post


Link to post
Share on other sites

This may help some people: The RED LINED SENTENCE may help if normal methods don't.. Win7 and Win8 should have similar procedures..

How to Force a System Restore if Windows Vista Won't Run

By Woody Leonhard from Windows Vista Timesaving Techniques For Dummies

So something has gone terribly wrong with your system, and you want to get Windows back to the way it was a day ago (or, if you installed Uncle Billy Joe Bob’s Blaster Beta, maybe just a few seconds ago). If you've managed to fry the system so badly that Windows won't even start, you can use your function keys to force Windows Vista to run a system restore.

  1. Reboot your computer.
    Every PC goes through its self-test a little differently, but typically you see a counter as the PC tests its memory, followed by notices about keyboard and mouse drivers, and finally a notice about your hard drives (assuming that these don’t flash by so fast that you see only a blur).
  2. Immediately after you see the message that your hard drive is alive, press F8 and hold it down. 118921.image0.jpg
    Vista may show you the Windows Error Recovery screen or it may show you a similar screen, with more options, called Advanced Boot Options.
  3. Use the down arrow to highlight Last Known Good Configuration (Advanced).
    The Last Known Good Configuration choice simply runs Windows System Restore using the last restore point and then boots normally.
  4. Press Enter.
    The computer should complete the restore and restart.

If you can’t get Windows to start, and the Last Known Good Configuration doesn’t work — or if you can’t even get to the Windows Error Recovery screen — it’s time to haul out the big guns. Follow the instructions on the screen shown in the Windows Error Recover Screen: Grab your Vista installation CD, restart your computer, choose your language, click Next, and then click the Repair Your Computer link. But try using the Last Known Good Configuration first, okay?

Some computer manufacturers build a recovery system into the computer. If this is the case on your computer, you won't need the Vista Installation CDs. When you click Repair Your Computer, the computer will simply access the recovery files and begin a recovery wizard.

BEWARE: Windows automatically makes a restore point when you restore — so if you run through these steps twice in a row (without setting a new restore point), the second time you use Last Known Good Configuration, you get your original (presumably bad!) restore point.

Steve

Share this post


Link to post
Share on other sites

It restores all files except for anything in the winsxs folder. Those files cannot be re-copied back in.

So, what do I do in this case when I have dll's missing out of this folder and I'm getting all sorts of system errors because of it? I can see the files needed sitting in quarantine. It's Windows 8 64bit. Man, is this frustrating! I've gone my whole life without a crash due to malware/virus only to have an anti-malware program take down 4 systems in one night. I think from now on I'm going to be putting Malwarebytes on my official "do not install" list along side anything Norton and other crap anti-virus software.

Share this post


Link to post
Share on other sites

Can you please update the tool so that it traverses the log more efficiently? We need the tool to skip the duplicates in the files.txt generated by the .bat file. This will allow us to resolve incidents much faster.

Share this post


Link to post
Share on other sites

So, what do I do in this case when I have dll's missing out of this folder and I'm getting all sorts of system errors because of it? I can see the files needed sitting in quarantine. It's Windows 8 64bit. Man, is this frustrating! I've gone my whole life without a crash due to malware/virus only to have an anti-malware program take down 4 systems in one night. I think from now on I'm going to be putting Malwarebytes on my official "do not install" list along side anything Norton and other crap anti-virus software.

Once you have run the 1.08 tool, you will get an output of each file that needs to be restored, and the location needed.

At our company, all of our PCs are on the same image, so I am copying/pasting the file from a known good computer to the affected computer.

For the WinSXS folder, you will have to add your user with full control to the affected folder. I do an advanced security permission, add in the user, set to full, copy the file over, and then remove the permission.

Share this post


Link to post
Share on other sites

I had a windows 7 pc with this same problem, was unbootable even in safe mode. It would boot up to a black screen with a fully functioning mouse but no log in. But a system restore got me up and running and I was able to restore items in quarantine.

My Win 7 System Restore left NOTHING in Quarantine to Restore - BUT the Main point is That Win 7 System Restore (to April 10 for me) WORKS.

I had No Working Browsers, could Not Open WORD doc to even See my MBAM ID/Key, and Best Buy (my Plan B) wanted $200 Min.

Thanks exile360 for Correcting an Earlier Post that System Restore Might make things Worse!

Maybe it could, but for several of us it did not - and with Fx 20 and IE10 Not working I was in deep Do-Do with No Great Expertise at this stuff.

Share this post


Link to post
Share on other sites

You guys messed up big time.

I am a pro user, and I am expecting complete compensation for this failure on your part. At least half of my machines are now paperweight (unsurprisingly, the fix it tool that you released didn't help most of my machines).

I will not be using this piece of crap software anymore.

Edited by exile360
removed inappropriate language

Share this post


Link to post
Share on other sites

I can honestly say that email support should at least give you more than one step at a time to try. Waiting for a reply because Step #1 didn't work then leaves me having to reply to my support email and wait another 2 hours or so. At the very least, which could save your support team some valuable time, have them state in their support emails: If this step doesn't work, then proceed to this step. If Step #1, which for me was StartUp Repair, does find something, these are your next steps.

Share this post


Link to post
Share on other sites

I can honestly say that email support should at least give you more than one step at a time to try. Waiting for a reply because Step #1 didn't work then leaves me having to reply to my support email and wait another 2 hours or so. At the very least, which could save your support team some valuable time, have them state in their support emails: If this step doesn't work, then proceed to this step. If Step #1, which for me was StartUp Repair, does find something, these are your next steps.

Thank you for the feedback. I'll provide it directly to our Support team and suggest that they offer multiple potential fixes. I know that some users feel a bit overwhelmed if provided with many steps or procedures to try, but in this case, and given the current workload being faced by Support, providing more than one potential solution/fix might be the best approach here to get as many users' systems fixed as quickly as possible.

Share this post


Link to post
Share on other sites

It would also be helpful to print to screen the pass # and count # out of count total #. At least helpful for those fixing PCs with 1000+ entries.

Share this post


Link to post
Share on other sites

Thank you for the feedback. I'll provide it directly to our Support team and suggest that they offer multiple potential fixes. I know that some users feel a bit overwhelmed if provided with many steps or procedures to try, but in this case, and given the current workload being faced by Support, providing more than one potential solution/fix might be the best approach here to get as many users' systems fixed as quickly as possible.

I know they are overwhelmed, but speeding up the process for some of us will get us out of the support system faster. Like you stated, some prefer one step and a time, but one email at a time is not the way to go in most cases. Thanks exile360 for your reply to my post and all the help you are providing to members here.

Share this post


Link to post
Share on other sites

Once you have run the 1.08 tool, you will get an output of each file that needs to be restored, and the location needed.

At our company, all of our PCs are on the same image, so I am copying/pasting the file from a known good computer to the affected computer.

For the WinSXS folder, you will have to add your user with full control to the affected folder. I do an advanced security permission, add in the user, set to full, copy the file over, and then remove the permission.

I just ran V1.08 (as admin) on a Win8 system and I got no such output. Where does it go?

Share this post


Link to post
Share on other sites

I got home and ran the fixit and it did nothing. Not one thing changed so Im at a lose as to what to do next.

Share this post


Link to post
Share on other sites

Win 7 System Restore fixed the problem for me -- and only after that restore was I able to get to the internet to find out that it was Malwarebytes that had caused my PC to go crazy. Appreciate the apology but you really need to institute MUCH BETTER quality control -- and no lone rangers...

Share this post


Link to post
Share on other sites

Windows 7 64bit Home Premium

No restore points!

Initially could boot into safe mode - managed to copy a few data files onto usb.

Managed to copy fix files onto desktop via usb and command line safe mode.

Tried to 'repair' the system, but it says everything is OK!

Will not now boot into normal or safe mode.

What can I do?

Please help.

Jim

Share this post


Link to post
Share on other sites

I just ran V1.08 (as admin) on a Win8 system and I got no such output. Where does it go?

launch cmd.exe as administrator

within the cmd window, browse to the location of the unzipped 1.08 download

type RunThis.bat

Once complete, there will be a new file in the directory called errors.txt (if you have any files that cannot be restored)

Share this post


Link to post
Share on other sites

Can you make a bootable tool that can run the fix?

Ya, that would be handy. I'm currently fighting with a Win7 x64 that can't do anything other than run a Command Prompt when I go into System Recovery Options, either using a Win7 DVD, or the restore partition/utility. I even tried running the 'Tool' from a command prompt...

Share this post


Link to post
Share on other sites

That's strange I was just thinking the same thing. A bootable tool or a WinPE based fix would be great. I am dealing with a Dell XPS 410 that I believe had its sata driver ripped out and all I am getting is a 0x0000007b error at bootup. Not booting equals no fix.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.