Jump to content

**Trojan.Downloader.ED**

exile360

By exile360
in Malwarebytes News

Recommended Posts

rgabbard

rgabbard

Posted
Posted

FYI - I was unable to run the system restore. One macking did not show any restore points and the other had a couple which errored out when executing the System Restore - on the rstrui.exe program with a memory area problem.

Yeah, that's why I'm saying you need to run it from a windows disk. I had a couple error out, but after running it a second time it still errored out, but managed to get fixed.

Link to post
  • Replies 134
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

emethola

emethola

Posted
Posted

My company is still completely down. I have over 100 computers that won’t login both in regular or safe mode. The RunThis.bat file is useless to me if I can’t login to my computers. What is Malwarebytes doing to resolve this issue? I'm on the enterprise version and mostly running win7 computers.

I need help BADLY!!!

Our only backup plan to YOUR programming error is to reimage computers - this is very unacceptable.

Link to post
rgabbard

rgabbard

Posted
Posted

My company is still completely down. I have over 100 computers that won’t login both in regular or safe mode. The RunThis.bat file is useless to me if I can’t login to my computers. What is Malwarebytes doing to resolve this issue? I'm on the enterprise version and mostly running win7 computers.

I need help BADLY!!!

Our only backup plan to YOUR programming error is to reimage computers - this is very unacceptable.

If you've got a windows disks and your computers have restore points, you should be able to run system restore from a windows disk. That's what I've had to do and I'm also on the enterprise version. Only issue I've got now is I've got has 2 computers with domain trust issues, but that's a much easier fix.

Link to post
TCCK

TCCK

Posted
Posted

Okay running the tool or System Restore I have fixe over 155 pcs now. BUT on 3 critical pcs after running the tool it will boot to normal mode BUT I get tons of errors looking for COMCTL32.dll and I do not have time to start hunting all over to figure this out. Is there an easy fix for it? I still have well over 100 more PC';s to fix.

These pc's for some reason all had System Restore protection turned off and have NO RESTORE POINTS. I need this resolved ASAP!!!

604-657-6947

Link to post
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Okay running the tool or System Restore I have fixe over 155 pcs now. BUT on 3 critical pcs after running the tool it will boot to normal mode BUT I get tons of errors looking for COMCTL32.dll and I do not have time to start hunting all over to figure this out. Is there an easy fix for it? I still have well over 100 more PC';s to fix.

These pc's for some reason all had System Restore protection turned off and have NO RESTORE POINTS. I need this resolved ASAP!!!

604-657-6947

You should be able to copy across from one computer to another that file if needed. Most domain networked computers in a business typically are running the same file versions so using one from another computer normally works just fine. Please try that and if you need further assistance with that let us know.

Link to post
SCTechGuy1974

SCTechGuy1974

Posted
Posted

I've run into this problem with a friend's PC and my dad's PC. So far, I've been able to relieve my friend's PC of this problem but my dad's PC isn't booting up in either normal mode or safe mode. And to make matters worse, it would appear that System Restore was turned off due to an unrelated problem from late last year. So no System Restore points whatsoever. Any help this will be greatly appreciated.

Link to post
rob999

rob999

Posted
Posted

Windows 7/64 HP - infected with Trojan.Downloader.ED 3 weeks ago. Only just found the fix.

Because I had tried other solutions eg Combofix (which just made things worse), chkdsk (which found index problems), this may have compounded the situation. Further before finding this article, I had run last good config, and system repair, so at least I could get back to the Windows user sign-on screen.

Although I could action the bat file in normal mode it wouldn't run, so I rebooted into safe mode and tried again. The command screen appeared and started to restore files from the quarantine folder. However it has been running now over 4 hours and appear to be looping, with the same files being restored.

I am leaving it and waiting for some advice here before I possibly make things worse.

Link to post
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hi rob999

Well the issue is not from 3 weeks ago but anyways... yes the restore process can take many hours and its not really duplicates it is restoring files to the WinSX folder which can have thousands of folders and files it needs to work on. Please go ahead and let it run over night if it needs to and then when done reboot the computer and list down what issue you still have and we'll try get them cleaned up for you.

Thanks

Link to post
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

@Sportsmore

Hello, well first off you need to try to relax and do things in turn. If your frustrated and rushing then you're probably going to have an even harder time fixing the cmputer.

You data is safe at this point (just don't do anything drastic on your own) and we simply need to correct any current issues.

Please start off by letting us know the following.

1. What OS are you running? Windows 7 Home or PRO? Basic or Premium?

2. 32-Bit or 64-Bit?

3. What specific errors are you getting?

4. Can you login in Normal Mode?

5. Can you login in Safe Mode?

6. Do you know what video card you have?

Please try to remain calm and patient this is not a 5 minute drive through fix and depending may take a while but we'll do our best to get you up and running properly once again.

Thanks

Link to post
tnijem

tnijem

Posted
Posted

I am a small IT services provider and I have put my faith in MBAM for several years. About 20 of my customer's computers were affected by this false positive problem. We have fixed the ones we can using your tool and or system restore. We still have 6 PC's that have some combination of DLL problems. As others have stated, we see the following DLL errors when different applications try to launch. comctl32.dll "missing" (The files is in place in c:\windows\system32 and gdiplus.dll "missing".

We can boot these machines to the desktop and launch many applications(IE, explorer.exe etc). Other apps crash(win word.exe, excel.exe).

i have tried registering the dll's manually and it fails.

I think we will have to completely re-install the OS and apps/data on these machines.

I feel partially responsible for this problem because I suggested and install your product so I am doing these fixes at my cost and I am losing money on other legitimate projects because we don't have time to work on other customer's problems right now. We are a small 3-man shop.

If you guys can figure this DLL problem out you would be heroes! I am willing to help in any way possible. Phone calls, remote screen share etc.

I know you are swamped and I know this was a mistake and I know you want to make it right.

Please help!

Thanks!

Link to post
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hi tnijem

We need specifics for each computer as each one is different. As an IT Service provider I assume you have access to multiple other machines where you can obtain all DLL files needed from another working machine and set, reset file permissions etc.

Please provide specific details on a computer that you're currently working on and we'll do our best to get it fixed up for you.

Please start off by letting us know the following.

1. What OS are you running? XP, Vista, Windows 7, Windows 8

2. 32-Bit or 64-Bit?

3. What specific errors are you getting?

4. Can you login in Normal Mode?

5. Can you login in Safe Mode?

6. Do you know what video card you have?

Thanks

Link to post
carman2010

carman2010

Posted
Posted

1. What OS are you running? Windows 7 Home

3. What specific errors are you getting? Black screen with the error LogonUI.exe The cryptui.dll is missing you need to reinstall.

4. Can you login in Normal Mode? No

5. Can you login in Safe Mode? No

6. Do you know what video card you have? No

What I have tried so far:

I tried he Win 7 CD repair but no issues were found

I ran the cfs/scannow but no issues found.

No restore point available.

I tried reinstalling regsvr32 credui.dll I do get successful but still did work.

Link to post
tnijem

tnijem

Posted
Posted
Hi tnijem We need specifics for each computer as each one is different. As an IT Service provider I assume you have access to multiple other machines where you can obtain all DLL files needed from another working machine and set, reset file permissions etc. Please provide specific details on a computer that you're currently working on and we'll do our best to get it fixed up for you. Please start off by letting us know the following. 1. What OS are you running? XP, Vista, Windows 7, Windows 8 2. 32-Bit or 64-Bit? 3. What specific errors are you getting? 4. Can you login in Normal Mode? 5. Can you login in Safe Mode? 6. Do you know what video card you have? Thanks

We have 2 machines now that will not boot to Safe Mode or Normal mode

Both are Win7 Pro 64 Bit

On-board Intel Graphics cards

The error is "cryptui.dll is missing"

Thanks for any help. Hoping to avoid having to reload the OS from scratch and re-install all apps

Link to post
tnijem

tnijem

Posted
Posted
We have 2 machines now that will not boot to Safe Mode or Normal mode Both are Win7 Pro 64 Bit On-board Intel Graphics cards The error is "cryptui.dll is missing" Thanks for any help. Hoping to avoid having to reload the OS from scratch and re-install all apps

More specifically the error is with LoginUI.exe "the system cannot start because cryptui.dll is missing...."

Link to post
Sportsmore

Sportsmore

Posted
Posted

Once again, "Lmanager.exe - system error. The program can't start because gdiplus.dll is missing from your computer, Try reinstalling to the program to fix this problem. Windows 7 Home Premium, 64 bit operating system. Laptop will start in normal and safe mode. - The reason why I got annoyed, I sent mail to tech support and they are no help

Link to post
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

@Sportsmore

Please cease with all the threats as that is not helping anyone. We're trying to assist you along with many others.

Here are some of your posts for reference:

#279

#285

#120

In post #285 you asked

I have another windows 7 computer, it shows three different types of this file, with different file sizes. Which one should I copy?

exile360 answered you in post #288

The one which shares the same location. C:\Windows\System32.

For the file gdiplus.dll and the other 2 files listed below.

Please take a USB stick and put it into your other working computer. Then do the following.

Click on START and type in CMD.EXE and when it shows on the menu right click over it and choose "Run as administrator"

Then type the following exactly (this assumes your USB stick is the D: drive if it is the E:, or F:, or some other drive then please substitute that drive letter in place of this one. Press the Enter key after each line.

COPY %WINDIR%\SYSTEM32\gdi32.dll D:\
COPY %WINDIR%\SYSTEM32\cryptui.dll D:\
COPY %WINDIR%\SYSTEM32\crypt32.dll  D:\

It should say the following: 1 file(s) copied.

For each line you run

Then wait a moment and then take the USB stick out and put it into the affected computer and do the following.

Click on START and type in CMD.EXE and when it shows on the menu right click over it and choose "Run as administrator"

Then type the following exactly (this assumes your USB stick is the D: drive if it is the E:, or F:, or some other drive then please substitute that drive letter in place of this one.

COPY D:\gdi32.dll     %WINDIR%\SYSTEM32
COPY D:\cryptui.dll   %WINDIR%\SYSTEM32
COPY D:\crypt32.dll   %WINDIR%\SYSTEM32

If alerted by the User Account Control tell it yes it's okay to copy the file.

Then reboot the computer and let me know what other errors you have.

If the Lmanager.exe continues to give an error then see if reinstalling it helps correct that error.

The file Lmanager.exe appears to come from Acer Inc. So I'm assuming you have an Acer laptop?

You can go to Acer and fill in the required information and possibly donwload it from there.

Please see if the following post helps to correct that error

If not then you might possibly be able to donwload and install this one here: Acer LaunchManager - Softpedia

Link to post
sephf

sephf

Posted
Posted

So I went to visit my Father who lives 2 hours away from me last night and he was complaining about some annoying virus he had, naturally I downloaded Malwarebytes for him and left it running on a "full scan". I didn't have time to wait for the scan to complete so I ended up driving home half way through the scan.

I got a call later that night from my Father who is experiecing the black screen on boot issue.

Today I made the two hour drive BACK to my Dads house to troubleshoot this issue after googling it from home last night.

I've downloaded and ran the fix .bat file as administrator and restarted... the issue is persisting.

Very frustrated as I have plans today being saturday and I have to take at least 4 hours out of my day just in travel to trouble shoot this...

either way, I ran the "m-bam checklog" as requested, I pasted the information into a pastebin so I dont spam the thread. Could really use a hand here, I dont want to leave my father with a broken laptop.

anyways heres your info :

  • OS installed (i.e. XP, Vista, 7, 8 etc.) : Windows 7 Home Premium (64 bit)
  • Whether you have restarted your computer yet or not : Yes, multiple times including after I ran the repair tool.
  • Whether or not the system is bootable if you have attempted a restart of your system yet : Only bootable in safemode
  • Whether or not you have your Windows installation media (CD, DVD, recovery discs etc.) : No, my Dad did not recieve a windows disc, I believe it might be built into the laptop on a different drive.

Heres the mbam checklog :

http://pastebin.com/DwTKhFKf

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.