Jump to content

Recommended Posts

I'm usually able to figure out and fix these things but this one has me stumped.
*some select* .exe files will not run, cannot run Malwarebytes isntaller, (computer has AVG 2013 Antivirus installed) but it will not uninstall nor can I run the avg remover .exe.

Running chameleon always seems to do a download of malwarebytes but then says "mbam-setup not found and also at the end says "failed to remove protection driver"

Running an offline boot CD of Kaspersky rescue disk scan finds no problems/issues

As instructed and starting a  new topic here if I run DDR I only get one log file and no errors while it does so.

I only get attach.txt
Which is attached.

I'm a bit embarassed having to ask for help here but this seems to be a new/fresh one that is extremely stealthy.

And I'm way more anxious to learn something here than to reformat and reinstall.

Thanks!
Steve

 

attach.txt

Link to post
Share on other sites

I will continue to try /figure it out until I get help.
Maybe I'll figure it out.
If I do get help I'll follow the instructions perfectly at that point.
This is the last thing that I tried:MBAM-Chameleon ver. 1.62.1.1000
Press any key to continue
Driver is already loaded
Enabling driver...
...Done!
Malwarebytes Anti-Malware not found
Trying to run mbam-setup, please wait...
mbam-setup not found
Trying to download it from the web, please wait...
Downloaded 10285040 bytes...
...Done!
Trying to run mbam-setup, please wait...
Failed to run mbam-setup
Trying to update Malwarebytes Anti-Malware, please wait...
...Done!
Killing known malicious processes, please wait...
Failed to run mbam-killer.exe
Trying to run Malwarebytes Anti-Malware, please wait...
Failed to run Malwarebytes Anti-Malware
Removing protection driver...
Failed to remove protection driver
Press any key to continue


 

Link to post
Share on other sites

From reading the forum it looks like one of the first questions you are going to ask is to run RKILL.
I'm unable to get rkill ro run in safe mode safe mode command line or normal mode.
It simply does "nothing" and exits with no error.
Some exe files like notepad iexpore, even GMER work just fine.
GMER of cours3e does not find any obvious RK activitiy  :-)
 

[Windows]
              10 File(s)     42,605,490 bytes
              17 Dir(s)  920,802,078,720 bytes free

C:\>rkill

C:\>
C:\>rkill /?

C:\>



 

Link to post
Share on other sites

Bummer, no fast help here.*I realize I'm supposed to wait 48 hours* before bumping the thread (sorry)
But I'm just trying to figure this out and sorta keeping notes here as I go.
And I'm running out of time before I have to give up & reinstall.
Spent the entire day yesterday trying to figure it out.
Also booted in a WinPE environment and ran up to date versions of malwarebytes, Sophos antivirus and Superantispyware.
All three of which run just fine and fine absolutely nothing.
 

Although the machine when booted normally or in safe mode simply WILL_NOT_RUN certain select .exe and .com files.

This is a difficult/curious one.
The exe's that will not run seem to be "targeted"

It will not run Malwarebytes install AVG install MS Security essentials install or MOST security type utilities I've tried.

AVG or AVG installer will not run
AVG remover will not run.
TDSKILLER will not run

However it does run a number of other files and installers just fine.
Firefox runs
GMER runs (no RK found)
Combofix runs (no problems found)
SFC /Scannow runs and does not find any issues.

Does not seem to be a virus or malware (unless ir's completely new & unknown).

Or could be the after effects of  malware or effe'd up AVG.

But I really don't get the selective not running things with no error or indication of a problem.

The software simply does nothing/exits.   never shows up in the task manager when ran.




 

Link to post
Share on other sites

Figured it out myself.
Ran HItman Pro 3 (did not purchase it)
It immediately reported I had a boot sector virus Rootkit.Boot.Cidex.B
Shame (and surprising) that nothing else in 2 days of trying could NOT find or detect this!
This includes up to date MawlareBytes running under WinPE Sophos, SuperSpyware
And my favorite GOTO, the Kaspersky Rescue disk (fully up to date).
HItman Pro offered the option to purchase it and then it would replace the boot sector.
Rather than do that (I didn't trust it would really fix the problem or if it did I just expected more problems afterward)..
I simply booted wit hthe Windows 7 DVD ran recovery command prompt and did the usual bootrec.exe /FIXMBR
and bootrec.exe /FIXBOOT
This use to b something I ALWAYS did first on XP but simply just hadn't gotten around to learning the "new way" that you have to do it in Win7.
Now you have to actually run bootrec.exe and no longer have the standalone fixmbr and fixboot.
Heaven forbid they go and NOT change the way to do the simplest tasks at the command line; assholes.
Anyhow that it, case closed. Simple stuff.
Multiple modern up to date malware utilities fail.
Nobody's perfect.
I'm sure HItman Pro will fail in other regards.
-Steve



 

Link to post
Share on other sites

  • 2 weeks later...

I'm sure we're good.
Sorry I did not have more time to wait and ended up fixing it myself.
I was a bit amazed at how many utilities could not detect that item and the payware item that I have never used before did.
I'd be interested in learning more about what that was and how it got past so many antivirus/malware detectors but not hitman pro.
If there are any thoughts there please share.
Meaning was it just something that new to the world? and is hitman pro one of the best out there or were they just high on the luck curve that day and figured it out before anyone else did?
I'm sure they're not always (or even usually) first.


Thanks.
Steve

 

Link to post
Share on other sites

  • Root Admin

Hi Steve,

 

Sorry but with nearly 5 million variant infections out weekly no one has time to investigate.  There is no return on time invested.  Scan, and Removal is about all we can offer.

 

Okay then if you're all set I'll go ahead then and close your topic now.

 

Thank you again.

 

Take care

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.