Jump to content

MBAM - off a thumbdrive?


Recommended Posts

Hi. I have a desktop AMD64 and Win XP Pro SP2 which the grandkids got into and I got a whole bunch of really nice crudware. I've been able to remove or resolve most of it using Autoruns if I'm quick enough - see below. Windows Explorer has been grabbed by something. The desktop comes up, icons are all there, 15 seconds later, icons disappear but then reappear for another 15 seconds and then we go round and round. I know something's got a hold of explorer.exe because I can see it launch and close in Task Manager. Task Mgr does not show any out-of-sorts process running so this has got to be a rootkit. In fact, I can boot with the option for minimum services using msconfig. I have the same symptoms in safe mode too... once Explorer.exe dies system comes back and tells me "I'm in safe mode....etc. etc...."

I have a copy of MBAM shorcutted on the desktop and off the Start menu but it fails to run with error: MBAM has encountered and error and needs to close..." (not the exact wording but it appears to be a general fault genuine error box). So I'm thinking if I could get MBAM to run off a thumbdrive, I might be able to clear this off.

Is it possible to install MBAM (say, on another computer) to a thumbdrive and then bring it over to the sick system and scan/clean this up? Are there instructions which I can't seem to find? I know how I can get the latest pattern/signature file and manually apply the updates.

Thanks for some nice software and a really nice forum!

Hoib

Link to post
Share on other sites

Hoib,

I believe you can run the installer off a flash drive since you can run Taskmanager and TM is not affected by the cyclic re-start of Explorer.

In TMs Applications tab click New Task, browse to the installer on the thumb drive and then run it.

To run MBAM after the install do the same thing with TM but browse to the program file in C:\Program Files\Malware... I don't have a machine here with MBAM installed for the exact path, sorry.

I hope this helps.

Link to post
Share on other sites

Hoib,

I believe you can run the installer off a flash drive since you can run Taskmanager and TM is not affected by the cyclic re-start of Explorer.

In TMs Applications tab click New Task, browse to the installer on the thumb drive and then run it.

To run MBAM after the install do the same thing with TM but browse to the program file in C:\Program Files\Malware... I don't have a machine here with MBAM installed for the exact path, sorry.

I hope this helps.

OK, I'll give this a shot. What a nasty little POS this malware is. Not seen this before - but...

I'll try to post back results for the next poor soul who lets his grandkids run amok...

H

Link to post
Share on other sites

  • Root Admin

Hello and Welcome to Malwarebytes.org

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
Link to post
Share on other sites

OK, here's what worked. I loaded on the installer for MBAM on the thumbdrive. But at the same time I also grabbed a copy of MS's Malicious Software Removal Tool (MSRT). My thought was run MSRT first because MS usually puts out it's tools to do very basic things and it didn't require any installation. Worth a shot? You bet because it found three trojans and stopped them. After a single reboot, no more explorer cycling. Then I was able to uninstall the corrupted MBAM and load on a fresh newer version install of MBAM, did an update, and scanned and cleaned. I repeated MBAM 3 times until MBAM reported all clear.

System runs well now. I've ensured that real-time protection is on which was probably my problem in the first place. At least now I know how to install MBAM to a thumb drive so the experience will help in the future.

Thanks to all.

H

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.