Jump to content
exile360

**Trojan.Downloader.ED**

Recommended Posts

whats the difference from the previous 1.01.xxxx version

?

Initially the tool was not taking into account that on x64 OSs a lot of the quarantined files were from WOWSYSx64 and similar directories, where they were symlinks / hardlinks / junctions instead of actual files, so they went back and fixed that so it would work more universally across all the recent Windows OSs. That's at least one change that I know of.

Share this post


Link to post

Can you start Windows now and start the MBAM program? It's getting late here so I'll be checking out but someone will be along in the morning to continue with assistance.

Share this post


Link to post

Without having a moan about the situation, I expect a bloody good explanation from Malwarebytes about exactly what happened and what specifically they are going to do which they were not doing before that will ensure this will never happen again. I have hundreds of customers using Makwarebytes, luckily it was only a handful affected today, but still, my reputation is at stake.

Share this post


Link to post

The latest version is 1.02.0.1000.

Do you have a link to the latest version because all I can find on website is v1.75,0.1300

Share this post


Link to post

Do you have a link to the latest version because all I can find on website is v1.75,0.1300

Never mind, I found it by mistake when I had a look at the .zip file above.

Share this post


Link to post

I have disabled my Malwarebytes on both PC's as well as family friends, is it now safe to turn them all back on and run/allow updates?

Share this post


Link to post

Initially the tool was not taking into account that on x64 OSs a lot of the quarantined files were from WOWSYSx64 and similar directories, where they were symlinks / hardlinks / junctions instead of actual files, so they went back and fixed that so it would work more universally across all the recent Windows OSs. That's at least one change that I know of.

i ran this updated verion and i get he follwoing response

mbam-repair-1.02.0.1000>takeown /F "c:\Windows\SysWOW64" /A ERROR: File or Directory not found.

Share this post


Link to post

This is a total disaster, I have hundreds of clients that won't boot now. It's going to take days trying to rebuild/rescue data etc. How could this happen? ALL of our executive machine's are down.

Share this post


Link to post

Well, don't know if it'll work for everyone, but a simple 'System Restore' worked for me on 5 Win7 & 2 Win8 systems....

This worked for me on most machines also. On a handful, could not see the BIOS/POST screens for safe mode or boot to CD until I removed the extra video card.

Share this post


Link to post

There are so many posts on this topic, I don't have time to read through them all. It would be helpful if Customer Support could post a Question and Answer type of sticky post. As a suggestion, it could follow the outline below:

- What was the root cause of the false positive issue?

- Was the issue caused by the application update or by a definition update, or a combination of both?

- What specific versions of application and / or definition caused the problem, eg. v1.7x.xxxx and v2013.04.xx.xx?

- Does the issue affect all OS's or just specific OS's, e.g. WinXP, WinXP Pro, Win7 Home, Win7 Pro, Win8 etc.?

- Has the issue been completely resolved, or is there just a temporary workaround been been issued?

- What specific versions of application and definition resolved the problem, eg. v1.7x.xxxx and v2013.04.xx.xx?

- If you did not have one of the application or definitions that caused the false positives, what action should the user take?

- Is it recommended to run MBAM Clean and reinstall?

There may be others but this should be a good start. This will help clear up confusion and provide some context that is hard to gather unless you have time to read the hundreds of posts on the topic.

Share this post


Link to post

The majority of the machines that I have gotten to boot have 8k quarantined files. Looks like 4k of them are pointers for 4k legit files that were quarantined. It's taking hours per machine to fix this.

Share this post


Link to post

I have a number of computers that are experiencing Black Screen and flashing Cursor (win7 Pro) following a reboot and this issue.

We are unable to get to task manager. All safe mode options get us to the same Black Screen and Cursor only.

We've tried Win7 CD to system recovery restore to a previous point and it appears that the restore points are gone or if they do exist when executing the rstrui.exe program errors out.

We've tried Win7 CD Repair Computer options - Command prompt and Sfc / Scannow. We are constanly getting message that there is a "System Repair Pending" and the System needs to restart and cannot get the SFC to run.

Tried Fixmbr and Fixboot

Looking for asssitance / direction to get off the Black Screen with out doing a complete reinstall.

Share this post


Link to post

I have a number of computers that are experiencing Black Screen and flashing Cursor (win7 Pro) following a reboot and this issue.

We are unable to get to task manager. All safe mode options get us to the same Black Screen and Cursor only.

We've tried Win7 CD to system recovery restore to a previous point and it appears that the restore points are gone or if they do exist when executing the rstrui.exe program errors out.

We've tried Win7 CD Repair Computer options - Command prompt and Sfc / Scannow. We are constanly getting message that there is a "System Repair Pending" and the System needs to restart and cannot get the SFC to run.

Tried Fixmbr and Fixboot

Looking for asssitance / direction to get off the Black Screen with out doing a complete reinstall.

Greetings,

You should be able to do a repair install as described here and that should get your systems back up and running again without losing any of your data.

Share this post


Link to post

I can boot into safe mode but after putting in my password to log in it says logging in then quickly goes to saving settings then back to the log On To Windows screen. It's in some kind of a loop that brings you back to log in.

Please help.

Thanks,

Paul

Share this post


Link to post

I can boot into safe mode but after putting in my password to log in it says logging in then quickly goes to saving settings then back to the log On To Windows screen. It's in some kind of a loop that brings you back to log in.

Please help.

Thanks,

Paul

Greetings,

I'm sorry to hear you're still having problems due to this false positive. Please contact Support here and they will guide you directly on how to get your system working normally again. You will likely need your Windows CD/DVD if you have it handy as they will need to assist you with using it to repair the system (your data will not be lost in the process, so don't worry about that).

Share this post


Link to post

Hi Folks,

Well I have run your .bat in safe mode per instructions irregardless of being able to logon nominally. I started out with 65 files in quarantine, after hitting restore several times, it went down to 61. Now after the .bat run it has gone down to 59 files. I don't have time to read 4 pages of comments to find out what to do with the rest of the files in quarantine. I want them gone, but safely, what do I do now? I have not pressed delete, waiting for further instruction on this as per my Email yesterday, which has not come beyond the initial acknowledgement.

Thank You and Best Regards, :D

Crysta

Share this post


Link to post

Hi Folks,

Well I have run your .bat in safe mode per instructions irregardless of being able to logon nominally. I started out with 65 files in quarantine, after hitting restore several times, it went down to 61. Now after the .bat run it has gone down to 59 files. I don't have time to read 4 pages of comments to find out what to do with the rest of the files in quarantine. I want them gone, but safely, what do I do now? I have not pressed delete, waiting for further instruction on this as per my Email yesterday, which has not come beyond the initial acknowledgement.

Thank You and Best Regards, :D

Crysta

Greetings Crysta :)

I would recommend checking on a few of the files listed in quarantine to verify that they are now located where they should be on your system (the path to the file will be listed in quarantine). In all likelihood the remaining entries in quarantine are simply duplicate copies, and since the originals have already been recovered and restored, the copies just sit there in quarantine.

Once you've confirmed that the files do indeed exist where they should, you may either delete all the files from quarantine or leave them there if you wish, however once you've confirmed that all files listed are back where they should be, it's perfectly safe to delete them all.

Share this post


Link to post

I cannot get my win8 64bit pc into safe mode however I can get to the command prompt. Can I run the repair file from the command prompt?

Share this post


Link to post

I cannot get my win8 64bit pc into safe mode however I can get to the command prompt. Can I run the repair file from the command prompt?

Yes, you should be able to, though you'll need to run the command prompt as administrator so that the fix has the required privilege level.

Share this post


Link to post

Greetings Crysta :)

I would recommend checking on a few of the files listed in quarantine to verify that they are now located where they should be on your system (the path to the file will be listed in quarantine). In all likelihood the remaining entries in quarantine are simply duplicate copies, and since the originals have already been recovered and restored, the copies just sit there in quarantine.

Once you've confirmed that the files do indeed exist where they should, you may either delete all the files from quarantine or leave them there if you wish, however once you've confirmed that all files listed are back where they should be, it's perfectly safe to delete them all.

Is there a way you guys could automate this with an updated utility rather than manually checking each file? (Or, even better, come up with a way for me to do this through the MEE console??) I have a ton of clients with a ton of quarantined files. Did a system restore on every machine, and not sure whether or not I can delete said files in quarantine without checking each file on each machine, though the workstations appear to be functioning now.

Share this post


Link to post

Is there a way you guys could automate this with an updated utility rather than manually checking each file? (Or, even better, come up with a way for me to do this through the MEE console??) I have a ton of clients with a ton of quarantined files. Did a system restore on every machine, and not sure whether or not I can delete said files in quarantine without checking each file on each machine, though the workstations appear to be functioning now.

If you run the fix tool, it creates a file in its directory called "errors.txt" which will list any files which were quarantined which failed to be restored. I'd recommend using that in order to verify (this was added in a recent update to the fix tool, version 1.08).

Share this post


Link to post
Greetings Crysta

I would recommend checking on a few of the files listed in quarantine to verify that they are now located where they should be on your system (the path to the file will be listed in quarantine). In all likelihood the remaining entries in quarantine are simply duplicate copies, and since the originals have already been recovered and restored, the copies just sit there in quarantine.

Once you've confirmed that the files do indeed exist where they should, you may either delete all the files from quarantine or leave them there if you wish, however once you've confirmed that all files listed are back where they should be, it's perfectly safe to delete them all.

...................

If you run the fix tool, it creates a file in its directory called "errors.txt" which will list any files which were quarantined which failed to be restored. I'd recommend using that in order to verify (this was added in a recent update to the fix tool, version 1.08).

My errors.txt was empty ..... nothing saying "SUCCESSFUL" or anything else???? I checked a very few files yesterday which were all on my C disk. I did the same today with the same result but I don't have the time to do more and am frustrated! Everything seems OK but that could be famous last words......... :(

I will do a run of Reimage's Product, Reimage PC Repair, when I have a couple hours, which I usually do about every 3-4 months. This product works very well and one can get a one shot subscription if they want further reassurance. I would recommend though that people backup their crucial Data and Documents before running PC Repair just in case.......

I sure hope this snafu never happens again!!! I have a recommendation:

Could you put a switch in all levels of Detection so that I, the owner of this PC, can turn off the Automatic removal of Positive OR False Positive Infestation Detection. This is my PC, and I prefer to be in total control!!!

I personally HAVE NOT lost faith in Malwarebytes Software or your Team, mistakes and run away software can happen. I just want you to know that!!! :D

Best Regards,

Crysta

Share this post


Link to post

My errors.txt was empty ..... nothing saying "SUCCESSFUL" or anything else???? I checked a very few files yesterday which were all on my C disk. I did the same today with the same result but I don't have the time to do more and am frustrated! Everything seems OK but that could be famous last words......... :(

If errors.txt was blank, then that's a good thing. It means that all quarantined files were restored successfully :).

Share this post


Link to post

Greetings,

You should be able to do a repair install as described here and that should get your systems back up and running again without losing any of your data.

Unfortunately the Win7 CD I have (original to each computer are OEM) and will not allow upgrade repair.

Link above indicates to run from CD after you log in... Again unfortunately I cannot log in. Al I get is Black screen with movable cursor. I do not wish to reload from scratch as these computer have programs which will take hours to reload. We have backups (files only) no image.

Share this post


Link to post

How long does it take to run this fixit tool (the 08 one) its been running for 3 hours on one computer?

Also after restoring the files with this tool, does it remove them from the quarantine list from MBAM? There is like 1954 files listed there?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.