Jump to content

Rootkits and Restart Without Explorer.exe

AndrewGeo
 Share

Recommended Posts

AndrewGeo

AndrewGeo

Posted
Posted

Hello!
This Is My First Post About Having Problems With MBAM. :(
Well, I Turned On My PC.... First Message Was From ESET Saying That I Have To Renew My License Because It Will End Within 12 Days... Ok.... So Far I Think It Is Good... I Closed The Message From The OK Button..
Then MBAM Started As Usual As A Task.. After A Few Seconds A Message Came Up Saying That Driver RootkitDDA Could Not Be Loaded and That It Is A Common Phenomenon (or something) Caused By Rootkits.
I Selected To Restart... Before Windows Shutting Down Screen Another Message Came Up Saying
SDKCreate Failed With Code 20025
Then It Restarted...
When It Logged To My Windows User Account There Was Just A Black Screen And MBAM Scanning.. I Accidentally Hit The Minimize Button And I Couldn't See Scanning Process.. I Was Unable To Bring It Up Because There Was No Taskbar...
I Tried To Start explorer.exe From TaskManager (Ctrl+Shift+Esc) But It Wouldn't I turned It Off From The Power Button..
Turned It On Again But Now The Driver That Couldn't Be Loaded Was Anti-Rootkit (Same Error Code: 20025) It Was Asking Me To Continue Scanning Without This Driver But I Clicked The Close Button.
After A Minute or so, A Message Came Up Saying That There Is A New Update For MBAM and I don't Think That There Is A New Update Because Yesterday I Was Running The Latest Version (Both GUI and Database)
Any Help Would Be Appreciated
My System Is:
Dell Optiplex GX620 SFF
Pentium D 820 @ 2.79Ghz (Not Overclocked)
1GB RAM
VGA 250MB (224 When I Had XP Installed)
DirectX11 (DirectX 9 When XP Was Installed)
Windows 7 Ultimate 32 Bit Activated
Antivirus Software: NOD32 & Malwarebytes AntiMalware
Other Software: Visual Studio, CCleaner, CS 1.6 NON-VALVE,VLC, μΤοrrent, Guitar Pro 5, Paint.NET, Firefox

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Then MBAM Started As Usual As A Task.. After A Few Seconds A Message Came Up Saying That Driver RootkitDDA Could Not Be Loaded and That It Is A Common Phenomenon (or something) Caused By Rootkits.

 

Having ARK enabled on an encrypted drive can be one cause of the error that you report. 

Is your hard drive encrypted with a program OTHER THAN TrueCrypt?

If so, ARK (antirootkit) is not supported on encrypted drives, other than TrueCrypt.

So, you'll need to disable that Advanced setting.

(Regular scans should be fine).

Also, please make sure your system date and time are correct.

 

If that and restarting the computer once or twice do not resolve the issue, please follow these steps:

Thank You,

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Is TrueCrypt A Default Program For Encryption

Already Installed By Windows?

Because I Haven't Downloaded An Encryption Program

 

Yes, TrueCrypt is a 3rd-party encryption program.

The one that comes pre-installed with some of the higher-end Windows SKUs is BitLocker.

 

TrueCrypt *is* supported.

BitLocker, SecureDoc and others are not.

 

ALSO: Do you have MBAM 2 "Self-Protection" module enabled?  It can also create some issues.  You might want to disable it for now.

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

OK I Will Run A Hyper Scan As Well.

I Really Appreciate Your Help!

 

There is no need to run a Hyper scan -- it is NOT the recommended scan type. If it detects anything, it will need to be followed by a Threat scan.

 

If you think you might be infected, please update your definitions and run a THREAT scan, then follow the steps here: Available Assistance for Possibly Infected Computers.

(We cannot work on possible malware problems in this area of the forum.)

 

Also, please try to slow down.

I cannot keep up with your many, rapid replies.

Our posts are crossing in cyberspace.

 

Please post back after you have completed the suggested troubleshooting steps.

 

Thanks,

Link to post
Share on other sites
AndrewGeo

AndrewGeo

Posted
  • Author
Posted

Scanning With MBAM Is A Time Waste Now :( .
10 Minutes Preparing To Scan... (Previous Times 10 Minutes Were Enough To Find And Quarantine Malware)
I Performed a Scan With NOD32.. Nothing Found
I'll Proceed Uninstalling And Reinstalling MBAM As You Replied Me
Hope It Works
Once Again Thank You

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Scanning With MBAM Is A Time Waste Now :( .

10 Minutes Preparing To Scan... (Previous Times 10 Minutes Were Enough To Find And Quarantine Malware)

That is NOT normal.

 

I Performed a Scan With NOD32.. Nothing Found

I'll Proceed Uninstalling And Reinstalling MBAM As You Replied Me

Hope It Works

Once Again Thank You

Yes, please follow the instructions for a CLEAN reinstall: MBAM Clean Removal Process 2x

When you do, you might want to set mutual exclusions between MBAM and your AV.

Instructions for files to exclude in your AV are below.

If you need help setting the exclusions for ESET in MBAM, please let us know.

 

Thanks,

------------------------

Please exclude the following files from your Antivirus Software for your version of Windows:

For 32-bit versions of Windows XP, Windows Vista, Windows 7 & Windows 8:

  • C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbamdor.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbampt.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

     

For 64-bit versions of Windows Vista or Windows 7 & 8:

  • C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
  • C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamdor.exe
  • C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
  • C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
  • C:\Program Files (x86)\Malwarebytes Anti-Malware \mbamscheduler.exe

Note: If you are using a software firewall besides the built in Windows Firewall, you'll need to exclude MBAM.EXE and MBAMSERVICE.EXE from it as well.

Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site:

data-cdn.mbamupdates.com

The FAQ contains examples of setting file exclusions for some known AV products

 

Link to post
Share on other sites
AndrewGeo

AndrewGeo

Posted
  • Author
Posted

I Forgot To Uninstall It Yesterday
I Turned On My PC Today It Said The Same That Rootkit Driver Is Missing Or Something And I Selected To Scan Without It
It Now Scanned As Fast As It Was Installed Today.
It Scanned 243224 Files In 18:18 Minutes (With Firefox Running As Well) And Found No Threats
One More Question.... It Pops Up A Message Saying That There Is A New Update Available..
I'm Running MBAM Version 2.0.1.1004 and Database Version 2014.06.01.04
Is There Actually A Newer Version Or MBAM Is Playing Tricks?

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hi:
 
Thanks for the log -- yes, there have been some minor translations issues (if you wish, please report those separately in a new topic here).
 
Thanks for the MBAM scan log - it is clean, but it still shows that you are running an older version of MBAM 2.

 

You wrote:
 

The Topic Where I Should Post My Logs Is Locked So I'll Upload It Here As An Attachmentattachicon.gifMBAM Scan Results Log.txt

 
I think there might be some confusion?
The links I provided earlier are "stickies" (aka "pinned topics") that contain instructions (so users cannot post in them). ;)
They also contain the links for the forum area in which to start a new malware-related post.
 
So, let's recap, so that we can better help you: :)
 
If you think your computer might be infected with a rootkit or other malware, I suggest that you please read the instructions in this pinned topic: Available Assistance For Possibly Infected Computers.

Then, please start a NEW topic in the malware removal section of the forum >>HERE<<, including the requested FRST scan logs.
 
OR
 
If you do NOT think the computer is infected, but you are still experiencing performance problems with MBAM 2.0:

  1. Please uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2x
  2. If that does not correct the issue, then please read the following and post back here the requested diagnostic logs - Diagnostic Logs

 

Thanks,

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

AndrewGeo

As already stated earlier by Daledoc1, you need to install the latest version you have Version: 2.00.1.1004 which has many bugs in it, a lot of bugs in that version were corrected with Version 2.0.2.1012

You need the latest version installed to see if it will correct your issues. Follow the steps below.

Thank You,

Firefox

Link to post
Share on other sites
AndrewGeo

AndrewGeo

Posted
  • Author
Posted

Oh, Well Thanks
It's Clear Now, Just a Bug.
I Shouldn't Be Afraid
MBAM Still Is The Best Anti-Malware Software :D
And Malwarebytes' Staff Are The Best Guys In The World!
Daledoc1 You Really Helped Me Out, Not Only Today
Firefox, I Appreciate Your Help Your Advice On Other Topics Are Great As Well
:D Thank You :D
 

Link to post
Share on other sites
AndrewGeo

AndrewGeo

Posted
  • Author
Posted

Haha Well Then
Dim Daledoc1,Firefox As Person
If Not Daledoc1 = Malwarebytes.Staff Then
msgbox("Its Users Are Awesome Too!")
End If
If Not Firefox = Malwarebytes.Staff Then
msgbox("Its Users Are Awesome Too!")
End If

It Should Be Something Like This In VB
Once Again Thanks!!!!!!!!!!!!! :D :D :D

Link to post
Share on other sites
AndrewGeo

AndrewGeo

Posted
  • Author
Posted

I Like My Skills Too! Haha!
I'm Working On A Project Now (PCGAV PC Guard Antivirus (I Know Its Name Sound Pretty Bad))
An Antivirus But Though I Know How To Scan Using MD5 (Even If I Didn't Know How There Are Lots Of Videos Online)
I've Thought Of A Piece Of Code That Is Fast And Effective As Well But Not So Effective As MD5.
I Tested Version 2 On An Infected PC, It Found 2 PUPs And Deleted Them Successfully
Then Scanned With MBAM and Found 3 More (Trojans, Spyware)
I've Just Built Version 2.5 With A Built-in Database Update.
If You'd Like To Test It Out I'll PM You An Attachment. :)
Its Database Is Still Poor Since I Started Developing It 3-4 Months Ago.
To Test It Out, Place A TXT File Named PCGAV Test Malware In C:\PCGAV Test Malware.txt
Then Perform A C:\ Drive Full Scan.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept