Jump to content
exile360

**Trojan.Downloader.ED**

Recommended Posts

Sorry to spam, but I can't find an edit button on my OP.

I just wanted to mention I have a system restore point from 2 days ago that I can do but I don't know if that's a good idea or not, thoughts?

Share this post


Link to post

Sorry to spam, but I can't find an edit button on my OP.

I just wanted to mention I have a system restore point from 2 days ago that I can do but I don't know if that's a good idea or not, thoughts?

Greetings,

Yes, if the fix tool did not resolve the problem, then using a System Restore point is likely to fix the system. Many users have posted as having success in doing so.

Share this post


Link to post

Greetings,

Yes, if the fix tool did not resolve the problem, then using a System Restore point is likely to fix the system. Many users have posted as having success in doing so.

Thanks, I appear to have fixed it using a system restore.

Share this post


Link to post

Thanks, I appear to have fixed it using a system restore.

Excellent, I'm glad to hear it and apologize for the trouble caused by this false positive. In case you haven't read up on it yet, we have already put extensive measures in place to ensure that nothing like this ever happens again and we're going to continue developing even more tools and procedures to safeguard against all false positives in the future.

Share this post


Link to post

Hello Everyone,

I currently support a large number of computers that have been hit with this false positive. I had a range of issues from machines that could be fixed easy to those that were in a KSOD state. Below is what we have found through our entire process. Please use this info for your own knowledge and backup your PC fully before giving these a try. Also, These instructions are written for advanced users. I have many other machines to fix and will not be able to help these out. I am placing this up here simply to help this cause, as I know having to redo a large number of machines is not a good option.

To Malwarebytes, Please dont let this happen again. I am not a programmer so I could not fix your tools, but the flaw we did find is it fails to apply security permissions on the Wiinsxs folder. It does attempt the takeowner, but that only provides the ability to adjust permissions and does not give rights to replace the files.

As I said above is our method and is working as far as we can tell. But please use at your own risk as this method was found through a desparation. Even though we have found it to work in jsut about all scenarios across a large number of computers it is still risky.

For Windows 7 users that can boot into Safe Mode:

1. Boot into Safe Mode with Networking

2. Give Ownership to Everyone on the C:\Windows\winsxs folder

3. Give Full Control to Everyone on the C:\Windows\Winsxs Folder

4. Open MBAM and goto Qurantine Tab and restore all. If you can not open MBAM run the FP Fix tool provided by Malwarebytes, if you have version 1 it runs much faster.

5. Remove the permisions you added for the winsxs folder

6. Give ownership back to Trusted Installer

7. Reboot.

8. If all went well it should be fixed after reboot.

Windows 7 KSOD - Black Screen only Mouse Arrow on Boot.

1. find your Windows 7 Install CD (Has to be the proper CD or this will not work)

2. Boot in the DVD press the first Install now button

3. Press the repair button to open the repair console

4. take note to which drive letter the console finds Windows. In normal setups this is Generally D: but check to be sure.

5. Type the following at the command prompt I am using D: in the example substitute your drive letter: sfc /scannow /offbootdir=d:\ /offwindir=d:\windows

6. Once the scan completes boot back into Safe Mode with Networking

7. follow the steps above for bootable machines.

Windows 7 KSOD - SFC doesnt work. This is a very intrusive method and can break your PC, but we have found it does work.

1. Remove your hard drive from your PC

2. Connect the Hard Drive to another working Windows 7 PC that has the same version(Pro, Ultimate, etc.)

3. Navigate to the slave drive and give ownership of Windows\System32 to Everyone

4. Give full permission to Everyone on the Windows\System32 on the slave drive

5. Navigate on the Slave drive to Windows\winsxs and give ownership to everyone

6. Give full security permissions to Everyone on the Windows\winsxs folder

7. Once all permissions are modified copy the files in your c:\Windows\System32 (files only no Sub Directories very important) to the slave Windows\system32 allow the PC to overwrite all files

8. Copy the Enitre c:\Windows\winsxs folder from your PC to the Windows folder on the slave. Again allow all folders and files too overwrite.

9. Once all copying is done boot you should now be able to boot to safe mode and apply the fix from section on above for Bootable Windows 7

10. Once the fix is done be sure to put the security permissions back as they were before starting.

We unfortunatly have not had any major issues with Windows XP, but we did see that some system32 files were quarantined. Even with the quarantine all of ours were bootable and able to be recovered by just restoring the quarantine.

Share this post


Link to post

Sorry if this has been dealt with already or not but here goes.

I suffered with this error on my laptop and managed to move all of my remaining data onto a seperate hard drive and I reinstalled windows 7 Home Premium. I've still got missing files despite reinstalling from the recovery portion of the hard drive.

My question is will this fix still work on my laptop despite me reinstalling windows?

Thanks.

Share this post


Link to post

Hello Daz,

I'm sorry but no it will not. At this point if you've done a recovery reinstall then depending on what type it would have put the computer back to the way it was when you first got it.

What issues or errors are you currently having or seeing?

I would recommend running this scanner and posting back the logs so that we can get a better idea of what's running on your system.

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


    When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Share this post


Link to post

I had to leave my computer running overnight on 15 April (16th April Australian time) and when I tried to restart it the next morning, nada. Couldn't even boot in safe mode from bios. I didn't have any clues as to what had happened or what caused it but it now seems that it was caused by Malwarebytes.

As I had heaps of stuff on the drive I couldn't afford to lose I was forced to take my hard drive to a data recoverey firm and that little exercise cost me a cool $680. My fault for not doing a backup, I know, but that doesn't excuse Malwarebytes either.

Share this post


Link to post

It was a false positive that got out and was pulled quickly but yes unfortunately it did affect a lot of systems in that short period of time. We spent a lot of time and manpower fixing everyone's computers as quickly as we could. We had some Analysts that had very little sleep the first few days working on this to ensure that we were able to get users back up and running.

I can empathize with you on the issue but would also point out that whomever you took the drive to was rather unscrupulous as well to charge you that much. There was nothing wrong with your data and it was not deleted. Simply slaving the drive to another working computer anyone could have copied the files over to another drive. There was no "data recovery" required, it was due to files from the Operating System that were accidentally flagged and removed.

Share this post


Link to post

It was a false positive that got out and was pulled quickly but yes unfortunately it did affect a lot of systems in that short period of time. We spent a lot of time and manpower fixing everyone's computers as quickly as we could. We had some Analysts that had very little sleep the first few days working on this to ensure that we were able to get users back up and running.

I can empathize with you on the issue but would also point out that whomever you took the drive to was rather unscrupulous as well to charge you that much. There was nothing wrong with your data and it was not deleted. Simply slaving the drive to another working computer anyone could have copied the files over to another drive. There was no "data recovery" required, it was due to files from the Operating System that were accidentally flagged and removed.

Thanks Ron,

The problem was that I didn't know what had caused my computer to fail in the first place. It was only after doing a web search on a newly installed Windows system during the past week did I discover the Malwarebytes April 15 blunder on this forum. It wasn't as though I got a phone call from Malwarebytes to let me know that if my computer wouldn't boot then the problem was probably caused by Malwarebytes itself. As far as I was concerned it was a hardware problem, not software.

For those who are not computer hardware oriented the shock of a failure to boot creates an assumption that the hard drive has failed and in the absence of any information telling them the likely cause major panic ensues. In such cases the only possibility of saving the data is to get a professional to do it. And they charge like wounded bulls.

Ross Herbert

Share this post


Link to post
that whomever you took the drive to was rather unscrupulous as well to charge you that much. There was nothing wrong with your data and it was not deleted. Simply slaving the drive to another working computer anyone could have copied the files over to another drive. There was no "data recovery" required, it was due to files from the Operating System that were accidentally flagged and removed.

I would agree. I would never let those clowns get within 100 miles of my computer again. I would probably call them and get them to make that right with the cost and prove exactly what the did to warrant that kind of cost. I would make them squirm.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.