MBAM Freezing Up When Trying To Clear Malware

[MalkieSkye]

I seem to be having an issue with MBAM freezing up and not responding after I try cleaning the infections after the scan. Once I click the "" button to clean the malware, MBAM freezes up completely and I have to manually shut it down. It just started this last night. I'm attaching a file that I saved from my scan last night. I have ran the  Farbar Recovery Scan Tool tool and will be adding the txts that were asked for, for this thread.

Addition.txt

FRST.txt

[MalkieSkye]

I managed to get one of them removed but I can't get the other one removed. The program continues freezing up every time I try to remove the other one. Can anyone help me?

[Valinorum]

Hi, how long MBAM stays frozen? Can you let it be like that for about 20-30 minutes? Sometimes a program may freeze while cleaning a persistant type of malware. Can you post the MBAM log for my perusal?

[MalkieSkye]

Yes. It freezes up until I manually force it to shut down. Let me re-scan with MBAM and I'll let it stay frozen for 20 mins or so just to make certain it doesn't unfreeze by it's self. If it doesn't or does, I'll post the log afterward. Thanks for being willing to help me,

[MalkieSkye]

Okay it took close to 20 mins but I managed to get the last one removed. So i was wondering if you still wanted me to post the log?

[Valinorum]

of course.

[MalkieSkye]

Here's the log for that.

mbam-log-2014-06-22 (19-21-53).txt

[Valinorum]

Can you re-run FRST and post the logs?

[MalkieSkye]

Sure. 

[Valinorum]

Jolly good. I await the log.

[MalkieSkye]

Here ya go.

FRST.txt

[Valinorum]

Hi,

• Step #1 Uninstall Programs

  I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.

  • Yahoo! Toolbar

---

• Step #2 Fix with FRST

  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.

  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --

    StartHKU\S-1-5-21-4076320632-1514355571-2672622853-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Bethany\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=63e8dce2ab3d47d0946425a4e38d8379-ede0c0263d841963a8e5ec09d94ce51f5e8fdd8c /CMPID=0214cC:\Users\Bethany\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /SearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKLM - {4B51C980-C6B0-11E1-9136-AED16088709B} URL = http://www.safesearch.net/search?q={searchTerms}&utm_medium=ie&utm_campaign=135077787814&utm_source=sm&utm_content=1&utm_term=1D662B7C41694931SearchScopes: HKLM - {66F00777-E2CA-4B62-B7A4-84C1ECB19796} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {4B51C980-C6B0-11E1-9136-AED16088709B} URL = SearchScopes: HKCU - {66F00777-E2CA-4B62-B7A4-84C1ECB19796} URL = SearchScopes: HKCU - {AB803740-4F48-471B-B18F-189876C45BD5} URL = FF DefaultSearchEngine: SafeSearchFF SearchEngineOrder.1: SafeSearchFF SelectedSearchEngine: SafeSearchCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONReboot:End

  • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
    • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.

---

• Step #3 Fix with AdwCleaner
  • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Download Link #1
    • Download Link #2
  • Right-click on AdwCleaner.exe and choose Run as administrator;
  • Click on Scan and let the program run unhindered;
  • When done, click on Clean and allow the system to reboot after it is done;
  • A log will be opened automatically after the restart;
  • Copy and Paste the contents of this log in your reply.

---

• Step #4 Fix with Junkware Removal Tool

  Download Junkware Removal Tool by thisisu to your Desktop from the link below.

  Download Link 1

  Download Link 2

  • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
  • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
  • Please be patient as the tool cleans your system;
  • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
  • Copy and Paste the contents of the log in your next reply.

---

• Required Log(s):
  • FRST Log(s) --
    • FRST Fix Log
  • AdwCleaner Log
  • Junkware Removal Tool Log

Regards,

Valinorum

[MalkieSkye]

I have tried to uninstall Yahoo toolbar several times. After clicking it in the Add/Remove programs and saying yes to uninstalling it, it just sits there - never actually removing it or doing anything at all. This is what it looks like in my Add/Remove program section.

[Valinorum]

Proceed with the latter steps.

[MalkieSkye]

I'm confused. On step 2 - Do I run FRST and click Scan and then re-run it again and click Fix? And what exactly am I doing with the txt that I copied and pasted that stuff into?

[Valinorum]

Re-read my instruction. You save the text as FixList.txt and put it in the same folder as FRST.exe. Then you run FRST.exe and click on Fix. It will then run the fixes I administered from that text file you have saved earlier.

[MalkieSkye]

Here are the logs.

Fixlog.txt

AdwCleanerS0.txt

JRT.txt

[Valinorum]

How is your system running?

[MalkieSkye]

I just tried re-scanning my comp with MBAM and it kept throwing me an error and not working. So I closed it out, uninstalled and re-installed. As I was re-installing it, it kept giving me several errors and then once it was finished installing, it gave me another error about not working and closing down. I'm including the errors here. So this issue is something completely new. Never had it happen before.

[Valinorum]

Can you follow this thread and re-install MBAM?

[MalkieSkye]

I'll try. I've re-installed several times but I'll read that and do it again. I'll let you know the moment I do.

[MalkieSkye]

Okay thankfully that fixed the issues I was having. I also did a scan after I got it installed and it doesn't show any malware so that's great. So I am thinking this issue has been resolved? (finally lol)

[Valinorum]

Okay thankfully that fixed the issues I was having.

Works like a charm, right?

Let's do one last scan just to be sure.

• Step #5 ESET Online Scanner

  Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.

  • Download esetsmartinstaller_enu.exe by clicking here.
  • Right-click on the program and choose Run as administrator.
  • Accept their terms and condition and proceed.
  • Install Add-On/Active X if prompted.
  • From the Computer Scan Setting check the following box --
    • Enable detection for potentially unwanted programs
  • Click on Advanced Setting --
    • Uncheck the box beside Remove Found Threats;
    • Check the box beside Scan archives
    • Check the box beside Scan for potentially unsafe applications
    • Check the box beside Enable Anti-Stealth Technology
  • Click on Start and wait for the virus signature database to update.
  • The online scan will begin automatically and can take several hours.
    • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
  • After the Scan finishes --
    • If no threats were found:
      • Put a checkmark in Uninstall application on close.
      • Close the program and report that nothing was found
    • If threats were found:
      • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
      • Copy and Paste contents of the log file in your next reply.
  Note: Enable your security programs afterwards.

---

• Required Log(s):
  • ESET Scan Log

Regards,

Valinorum

[MalkieSkye]

Here's the log for the scan. It found 4 infected files. I haven't done anything and the program is still open after the scan finished. You didn't specify what I should do besides posting the log here.

 

 

 

ESETSmartInstaller@High as downloader log:

Can not read file from internet.ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=2a7dddffd0ac354882d793b63220ed7a

# engine=16892

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-02-01 09:48:34

# local_time=2014-02-01 03:48:34 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 31281354 227855642 0 0

# scanned=286973

# found=13

# cleaned=0

# scan_time=13239

sh=DB4B67CD0978E05C6190A3370ADF9A2003E36753 ft=1 fh=082f1f6aee5cf08a vn="Win32/Toolbar.SearchSuite application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll.vir"

sh=6505B4017A742332E933253F0F9EAB39CE266172 ft=1 fh=0216c665d26d87a6 vn="Win32/Toolbar.SearchSuite application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll.vir"

sh=A3026BF11E5DC3C126CD054DF0DBBC5A3C945D45 ft=1 fh=57ef4e77c6f4524f vn="Win32/Toolbar.SearchSuite application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe.vir"

sh=80D690D6A5D57A883AAEE464BF35A9F5B8832737 ft=1 fh=3daa122aea2194bb vn="Win32/Toolbar.SearchSuite application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll.vir"

sh=51A425FAAA32618B3BEF813AE5AC0A6B10F00664 ft=1 fh=07dd38563461eeb1 vn="Win32/Toolbar.SearchSuite application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll.vir"

sh=B81BAAC9D35824000ADB556418067A9220C40F01 ft=1 fh=23a12d968d390125 vn="probably a variant of Win32/Toolbar.Visicom.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe.vir"

sh=5618448E0195BA9251A1A0A5132CE2612037D630 ft=1 fh=ccf0f11a65c989b1 vn="a variant of Win32/Toolbar.Visicom.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll.vir"

sh=9069C1AE362702A5CFD0947D07C49791244CF7E1 ft=1 fh=b2a7890de2375dad vn="a variant of Win32/Toolbar.Visicom.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll.vir"

sh=5BB28109064402B95F78289D5CDB15C4D1182AC7 ft=1 fh=f51d66ef874cf02a vn="a variant of Win32/OpenInstall application" ac=I fn="C:\Users\Bethany\Desktop\Tracy Stuff\bs\AVGSecureSearchInstaller.exe"

sh=58C506D93FA108D2279F0801E3F1CD5C7AB36981 ft=1 fh=3c9d3175fad0644b vn="multiple threats" ac=I fn="C:\Users\Bethany\Desktop\Tracy Stuff\bs\YTDSetup.exe"

sh=8B45D98B3D2AD42ACD832B4C4EC83D9E51CECDBE ft=1 fh=c47817d02d04bbc3 vn="a variant of Win32/Toolbar.Widgi.B application" ac=I fn="C:\Users\Bethany\Desktop\Tracy Stuff\Vid Stuff\RPG.exe"

sh=21ECE50E242CD2014C3A73262BFAD894267BE7E3 ft=1 fh=745906623ff06dd1 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Users\Bethany\Desktop\Tracy Stuff\Vid Stuff\S.exe"

sh=CDDE2675F0E1F0AFE0F5C6828BA346AFCADB3D9E ft=1 fh=c964ac69eed87789 vn="a variant of Win32/Adware.Trymedia.A application" ac=I fn="C:\Users\Bethany\Downloads\GameSetup-dm.exe"

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7587

# api_version=3.0.2

# EOSSerial=2a7dddffd0ac354882d793b63220ed7a

# engine=18932

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-06-28 11:17:31

# local_time=2014-06-28 06:17:31 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode_1='AVG AntiVirus Free Edition 2014'

# compatibility_mode=1051 16777213 100 100 0 90184635 0 0

# compatibility_mode_1=''

# compatibility_mode=5892 16776574 100 100 44030691 240604979 0 0

# scanned=299512

# found=4

# cleaned=0

# scan_time=11030

sh=5BB28109064402B95F78289D5CDB15C4D1182AC7 ft=1 fh=f51d66ef874cf02a vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Bethany\Desktop\Tracy Stuff\bs\AVGSecureSearchInstaller.exe"

sh=8B45D98B3D2AD42ACD832B4C4EC83D9E51CECDBE ft=1 fh=c47817d02d04bbc3 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Bethany\Desktop\Tracy Stuff\Vid Stuff\RPG.exe"

sh=21ECE50E242CD2014C3A73262BFAD894267BE7E3 ft=1 fh=745906623ff06dd1 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\Bethany\Desktop\Tracy Stuff\Vid Stuff\S.exe"

sh=CDDE2675F0E1F0AFE0F5C6828BA346AFCADB3D9E ft=1 fh=c964ac69eed87789 vn="a variant of Win32/Adware.Trymedia.A potentially unwanted application" ac=I fn="C:\Users\Bethany\Downloads\GameSetup-dm.exe"

 

[Valinorum]

Most of them were already quarantined by our previous tools. YOu can close the scanner and proceed with the following fix.

• Step #6 Fix with FRST

  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.

  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --

    StartC:\Users\Bethany\Desktop\Tracy Stuff\bs\AVGSecureSearchInstaller.exeC:\Users\Bethany\Desktop\Tracy Stuff\bs\YTDSetup.exeC:\Users\Bethany\Desktop\Tracy Stuff\Vid Stuff\RPG.exeC:\Users\Bethany\Desktop\Tracy Stuff\Vid Stuff\S.exeC:\Users\Bethany\Downloads\GameSetup-dm.exeEnd

  • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
    • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.

---

• Required Log(s):
  • FRST Fix Log

Regards,

Valinorum