Jump to content

Unable to Install since catched a Virus 2 Weeks ago.


Phant0m

Recommended Posts

Hello guys,

I've had 2 weeks ago a Virus on my Computer which blocked many of the Virus Programs and blocked my Desktop aswell. So i wasnt able to delete it since i recovered back to an older time which was created automatically from my Computer thank god. Now my Problem is i cant run Malwarebytes. Im Installing it with missing files about 5-6 config files . So i have to Install the Programm while skipping these files. When i start the program it says that i need to update it and when i do it i get the message that this is the latest version . Well fine when i start the programm click on quick scan after 2 seconds i got an error message and need to shutdown the program. I tried many ways like uninstall with mbam cleaner reinstall nothing helped at all.

Help plz .

 

Greetings from Germany

 

PS: my english sux :o

Missing Files: config.conf,build.conf,custom.conf,news.conf, Html.Conf, Database.conf,manifest.conf,messaging.conf,local.conf,

hijackthis.log

attach.txt

dds.txt

post-156516-0-56546600-1392322938_thumb.

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Don´t care about your english - I´m from Germany as well! ;)
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

Link to post
Share on other sites

Scan file(s) via VirusTotal

Please check the file in the code box via Virustotal

  • Click browse
  • copy the following into the search box
    C:\Users\X\AppData\Local\Temp\BackupSetup.exe
  • and click open.
  • click Send File.

please be patinet until the file is uploade completely. If you get the message

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
click on Reanalyse. Wait until Current status: Finished appears. Now, copy the link from within your browser´s adress bar and poste it here.
Link to post
Share on other sites

Please remove Malwarebytes Antimalware and reinstall it using the following tutorial:

MBAM Clean Removal Process
 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.
Link to post
Share on other sites

Did you follow the Clean Removal guide?

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"




Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Link to post
Share on other sites

Yes I did it. Im getting no errors. Cant understand it why my system blocks malware.

 

C:\Windows\system32>sfc /scannow

Systemsuche wird gestartet. Dieser Vorgang kann einige Zeit dauern.

Überprüfungsphase der Systemsuche wird gestartet.
Überprüfung 100 % abgeschlossen.

Der Windows-Ressourcenschutz hat keine Integritätsverletzungen gefunden.

 

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\AdwCleaner\Quarantine\C\Users\X\AppData\Local\genienext\nengine.dll.vir    Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir    a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir    a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir    Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir    a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\X\AppData\Local\Temp\OCS\ocs_v71a.exe.vir    a variant of Win32/DownloadSponsor.A potentially unwanted application
C:\Users\X\AppData\Local\genienext\nengine.dll    Win32/NextLive.A potentially unwanted application
C:\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe    a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe    a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll    Win32/NextLive.A potentially unwanted application
C:\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe    a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\X\AppData\Roaming\newnext.me\nengine.dll    Win32/NextLive.A potentially unwanted application
 

Link to post
Share on other sites

Let´s get the crowbar:

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

 

:rolleyes:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.